I collect sflow with goflow2 and use ClickHouse to store this data.
And now, I’m trying to do some basics graph.
For example, I want to draw graph bits/s per SrcIp.
I try to use this query, but with real flow of 200 Mbps, I got graph that shows me ~2 Gbps.
SELECT toUInt64(toStartOfMinute($dateTimeCol))*1000 as t, sum(Bytes*SamplingRate) as sumbytes FROM $table WHERE $timeFilter and IPv4NumToString(reinterpretAsUInt32(substring(reverse(SrcAddr), 13,4))) like '22.214.171.124' GROUP BY t ORDER BY t
I need something like irate in Prometheus, but in Prometheus we got counters and its easy to calculate what I need.