Compute the sizes and other info in the query result
Currently (as in !6 (merged)) the query result contains only the „headers“ ‒ things like the endpoint IP addresses, DNS names, etc. We need to include the kind of data that changes as the flow flows, like:
- Total amount of data transferred (in each direction as well as total)
- Average and maximum speed
- number of parallel flows
If the details are not requested, we are interested in a total from the start of the query to the end. However, if details are requested, these statistics should be provided on per-time-window basis.
Implementation note
In the future, once we have other data storages in addition to the in-memory one, the slice intervals might have different lengths. To cope with that we would first construct a timeline ‒ the time of the query length covered with intervals, depending on the granularity available from each source and during each time. To do that we need to extend the traits in src/keeper/aggregable.rs
to provide the time line of each source and combine them together.
Then, once we process the separate flow slices, we always look up the correct interval in the time line and add it to that one.
When we don't want the details, we simply create a time line that isn't split into intervals (eg. its only interval is (-∞, ∞)
) and all the slices fall into this single „eternity“ interval.