Back-in-Time functionality
The Allegro Network Multimeter allows for accessing older data to debug network issues that happen sporadically or are already over.
On the top bar you see either a green LIVE box or a red back-in-time box indicate whether live data is shown are (fixed) data from the past.
|
In the latter mode, the start and end time is shown as well.
You can click into any history graph shown in the web interface to go back to the corresponding time under the mouse pointer.
The time window is also halved on every click to be able to zoom into specific network events.
A lot of data is available for any specific time frame, such as the amount of traffic processed for an IP address.
But not every single data set is available in the back-in-time view due to memory constraints to store all data.
Also, the resolution of data decreases with new data arriving.
For instance, data for the last minute is always available in one second resolution, while older data might be only available in two second resolution or larger.
Network problems within smaller time spans can still be debugged since absolute counters will still show any network traffic happened between time intervals.
The time constraints applied depend on the context of the data. For instance, IP lists are filtered so that only IPs that had activity before and after the time window.
IPs that are not active during the time window are not shown.
The back-in-time mode can be exited by clicking on the red back-in-time box on the top of the web interface. The Allegro Network Multimeter will switch back to the live view.
Note that even in back-in-time mode, the device still measures every packet going through it so you will not miss any data.
Difference Live and Back-In-Time Mode
One notable difference between Live and Back-In-Time mode is the presentation of numerical counters. Counters in live mode are always from start of measurement (or last reset), while counters in back-in-time mode a relative counters within the active time interval.
That means that regardless of the zoom level, in live mode the counters are always the shown since start of the measurement, not start of the zoom level interval.
| LIVE | Back-In-Time | |
|---|---|---|
| Traffic counter | Total counter from start or last reset
Example: "packets" are packets since start |
Relative counters during time interval
Example: "packets" are number of packets in interval |
| Graph data | Traffic data within time interval | Traffic data within time interval |
| Capturing | Data source is live traffic (no need for ring buffer).
Exception: Manual time range override in capture dialog |
Date source is ring buffer |
Use cases:
- Task: Check the traffic within the last hour of the IP addresses with the most traffic overall. Solution: Choose "1 hour live" display and sort the IP table for bytes. The first IP is the IP with the most bytes overall. The graph contains the activity within the last one hour. Use case: you want to check if multiple backup servers which usually have a lot of traffic had activity within the last hour. Sort for bytes is an easy way to identify those and with live view you can still see the activity within that interval.
- Task: Which IP had the most traffic within the last hour? Solution: Choose "Last hour" display and sort the IP table for bytes. The first IP is the IP with the most bytes within the last one hour.
Data not available in back-in-time mode
Some data is not available for a specific time period in the back-in-time mode, but only as a total value since the start of the measurement.
The web interface highlights all data that is not available with a Gray background.
This allows to still read the data while still knowing which data is from the time window and which data comes from the latest measurements.
Example:
The global TCP handshake in the TCP module reflects the total average in live mode, while it shows the average during the selected time period in back-in-time mode. But the server classification into high/normal/low is only available as a total value for the whole runtime and is there shown in gray.