Metric Descriptors#
Before submitting any metrics a descriptor for the metric recording must be defined and created. This should be done in cooperation with Mnemonic to ensure that the data the metric records matches the actual need to avoid excess, and to ensure the correct access to create a new descriptor. These Metric Descriptors are objects containing meta information about a type of metric, and describes how to interpret the data stored in the records. It should also be noted that the access functions that a user requires to read/submit metrics for this descriptor is also defined in the descriptor itself.
Below are descriptions of some of the more complex data fields.
shortName
Required. Is used as an identifier, an alternative to the numerical identifier, in Argus and so much be unique to the domain. Access functions
read-
,write-
andadmin-
. Required. Functions defining a user’s access. If you find that you can read the metrics, but not submit new ones, then you likely do not have the correct function assigned to your user.They are defined and created in Argus, and assigned to a user by an administrator.
These functions are case sensitive.
- Time frame size
Required. The expected time frames for the metric, and is used by ElasticSearch to place the metric in the correct bucket.
This is used in conjunction with the
TimeFrameSizeUnit
field, which can bemilliseconds
,seconds
,minutes
,hours
,days
.- Deduplication function
This is used by ElasticSearch to minimize storage space for when a duplicated record is submitted.
first
takes the first record and ignores any other submitted duplicates.last
overwrites the existing record.none
simply submits the record without checking for duplicates. This is the default value.
These functions are case sensitive.
keys
Required. A list of keys and their associated value type. Key types can be an ip, integer or string
Any submitted metric record for this descriptor must contain these keys, and they are case sensitive. Empty values are not allowed, although an empty string is still permissible for string types.
Key names must be unique per descriptor, even if their types are different.
Note
Should the key list be expanded after creation, any request that are missing keys will have a default value assigned for the missing keys. If the request has more keys, then there must be a match for every key in the descriptor, and any excess is discarded. This is to allow scripts to continue their use until they have been updated. The default values are 0 for integers and 0.0.0.0 for IP keys.
values
Required. A list of value names and their associated default aggregation function. As keys are always a numerical value, you do not need to define a type. The possible function are
sum
,avg
,min
,max
and ‘wavg’. These functions are case sensitive.The default aggregation function is used by ElasticSearch during aggregation calls that does not explicitly defined how the value should be handled. If not defined in the descriptor, then it defaults to the
sum
function.Aggregations using ‘wavg’, or weighted average, also requires a weight, which should be the name of another value in the metric decriptor. This is given by the field ‘valueAsWeight’, and is required when using ‘wavg’.
Any submitted metric record for this descriptor must contain these values.
Value names must be unique per descriptor.
Note
Should the value list be expanded after creation, any usage that are missing values will have a 0 assigned for the missing value. This is to allow scripts to continue their use until they have been updated. If the request has more values, then there must be a match for every one in the descriptor, and any excess is discarded.
The keys
and values
properties are used by to create columns for the
metric and used alongside the timestamp can be used to generate a table
with the metric’s data. To submit data/metric record to a descriptor
requires that the given key and value names matches. An example of a
metric record using the example keys and values is shown below:
timestamp |
ipAddress |
vlan |
packages |
frames |
---|---|---|---|---|
01-01-2018 07:01 |
10.10.0.1 |
101 |
10 |
50 |
01-01-2018 08:01 |
10.10.0.1 |
105 |
15 |
40 |
01-01-2018 08:01 |
10.10.0.1 |
101 |
0 |
30 |
Add new descriptor#
To add a new descriptor to the database, the descriptor endpoint can be
used with a POST
operation, along with the descriptor information in a
json format. If successful, the response will have an ID generated for
that descriptor. The example below shows the minimum information to
create a descriptor.
The defaultAggregationFunction
property is used during an aggregation
search, see bottom, unless a function is specified during the search.
The different functions are sum, avg, min and max and decides how the
value is aggregated.
curl -X POST -H "Argus-API-Key: my/api/key" -H "Content-Type: application/json" https://api.mnemonic.no/metrics/v1/descriptor -d '{
"shortName": "testCustomerMetric2",
"description": "New test Metric",
"readFunction": "viewMetric",
"writeFunction": "submitMetric",
"adminFunction": "adminMetric",
"keys": [
{
"name": "ipAddress",
"type": "ip"
},
{
"name": "vlan",
"type": "integer"
}
],
"values": [
{
"name": "packages",
"defaultAggregationFunction": "avg"
},
{
"name": "frames"
}
],
"timeFrameSize": 10
"timeFrameSizeUnit": "minutes"
}'
Tip
| You can check the Swagger API documentation for a more detailed description of the endpoint and the values that can be used in the Json object.
Get descriptor using descriptor ID#
An existing descriptor can be retrieved using its ID, or short name, and the descriptor endpoint
curl -X GET -H "Argus-API-Key: my/api/key" https://api.mnemonic.no/metrics/v1/descriptor/{descriptor ID or short name}
Tip
| You can check the Swagger API documentation for a more detailed description of the endpoint and the values that can be used in the Json object.
Search for descriptors#
Searches for existing descriptors can either be done simply by using a
GET
operation on the /descriptor endpoint, using any or all the
parameters given: argus domain, customer, keywords (set), limit, and
offset.
Alternatively a POST operation to the search endpoint can be done and using a json object to communicate the search criterias. This json can take the same values as the GET operation, with an example of some of them below.
curl -X POST -H "Argus-API-Key: my/api/key" -H "Content-Type: application/json" https://api.mnemonic.no/metrics/v1/descriptor/search -d '{
"keywords": ["test"]
"keywordMatchStrategy": "any",
"keywordFieldStrategy": [
"shortName"
],
}'
Tip
| You can check the Swagger API documentation for a more detailed description of the endpoint and the values that can be used in the Json object.
Update descriptor#
The descriptor can be updated using a PUT
request to the specific
descriptor endpoint, along with the domain as a parameter and a json
object. Most attributes of the descriptor can be changed such as adding
or removing keys or values. The exceptions are its ID, customer and
domain.
When a descriptor is changed, metrics that has already been submitted will not be invalidated and can still be retrieved through the API. Any new metrics will need to conform to the changes in the descriptor.
curl -X PUT -H "Argus-API-Key: my/api/key" -H "Content-Type: application/json" https://api.mnemonic.no/metrics/v1/descriptor/{descriptor ID or short name} -d '{
"timeFrameSize": 2000,
"addKeys": [{
"name": "ipAddressV2",
"type": "ip"
}]
}'
curl -X PUT -H "Argus-API-Key: my/api/key" -H "Content-Type: application/json" https://api.mnemonic.no/metrics/v1/descriptor/{descriptor ID or short name} -d '{
"description": "New description for the metric.",
"removeKeys": [ "ipAddressV2" ]
}'
Tip
| You can check the Swagger API documentation for a more detailed description of the endpoint and the values that can be used in the Json object.
Delete descriptor#
A descriptor can be deleted by using a DELETE
operation on the specific
descriptor endpoint.
Any metrics that has been submitted under the descriptor will not be deleted from ElasticSearch, but will no longer be possible to retrieve using the API. To completely remove the metrics, it is necessary to do so through ES directly.
curl -X DELETE -H "Argus-API-Key: my/api/key" https://api.mnemonic.no/metrics/v1/descriptor/{descriptor ID or short name}