Basic Concepts and Export
#########################

Here is a brief introduction to some fundamental concepts of the API.

Driver
------

A timeseries *driver* implements a well defined interface to provide support for a
specific database. Currently ntopng provides the RRD and InfluxDB drivers to communicate
with the respective datatabases.

Schema
------

A schema can be seen as a table of a database. It specifies the data format and types.
A schema is identified by it's name and contains the following informations:

  - Step: the expected interval, in seconds, between raw data points.

  - Tags: a tag is a label which can be used to filter data. Example of tags are
    the interface name, host name and nDPI protocol name.

  - Metrics: a metric is a particual value which is being measured. Example of metrics are
    the host bytes sent traffic, interface number of flows and ASN round trip time.
    All metrics must be consistent with the specified type (see below).

  - Type: the type for all the metrics of the schema. Currently "counter" or "gauge".

  - Options: some driver specific options.

All the ntopng defined schemas can be found in `scripts/lua/modules/timeseries/schemas`.
Schemas are split into 3 files, one for each periodic script, to avoid wasting time loading
unnecessary schemas. Nevertheless, by including the `ts_utils` module, all the available
schemas are loaded automatically.

Exporting Data
--------------

Thanks to the formalization of the data into schemas, ntopng itself can now
be used as a timeseries exporter. The script `scripts/lua/get_ts.lua` is the
endpoint which provides such data.

Let's see how to read a particuar host nDPI traffic by using the provided API.

The "host:ndpi" schema is defined in `ts_5min.lua` as follows:

.. code-block:: c

  schema = ts_utils.newSchema("host:ndpi", {step=300})
  schema:addTag("ifid")
  schema:addTag("host")
  schema:addTag("protocol")
  schema:addMetric("bytes_sent")
  schema:addMetric("bytes_rcvd")

In order to extract last hour host `192.168.1.10` information about the
Facebook protocol, the following API can be used.

To extract data from a Lua script located within the ntopng directory structure:

.. code-block:: lua

  local res = ts_utils.query("host:ndpi", {
    ifid = "1",
    host = "192.168.1.10",
    protocol = "Facebook"
  }, os.time()-3600, os.time())

  --tprint(res)

To extract data from an external program:

.. code-block:: bash

  # Extract host traffic in the specified time frame
  curl --cookie "user=admin; password=admin" "http://127.0.0.1:3000/lua/get_ts.lua?ts_schema=host:traffic&ts_query=ifid:1,host:192.168.1.10&epoch_begin=1532180495&epoch_end=1532176895"

  # Extract last hour top host protocols
  curl --cookie "user=admin; password=admin" "http://127.0.0.1:3000/lua/get_ts.lua?ts_schema=top:host:ndpi&ts_query=ifid:1,host:192.168.43.18"

  # Extract last hour AS 62041 RTT
  curl --cookie "user=admin; password=admin" "http://127.0.0.1:3000/lua/get_ts.lua?ts_query=ifid:1,asn:62041&ts_schema=asn:rtt"

JSON data will be returned. Check out the `ts_utils` module documentation below to
learn more about the query response format.
