Time-Based Analysis

In this lesson, you will learn:

• About what is Suzieq time-based analysis?
• About Suzieq timezones.
• About the Suzieq time and date format.
• How to see the current state of the network.
• How to see the state of the network in the past.
• How to view changes in the network between 2 points in time.
• How to view all changes that have occurred in the network.

You can find the scripts and code for this lesson within the Suzieq repo under the directory: 002_suzieq_explore/003_time.

What is Time-Based Analysis

In our previous lessons we saw that Suzieq applies timestamps to the data that it stores within the database. It is these timestamps that open the doors to (in my opinion) one of the most powerful features of Suzieq, which is time-based analysis.

Suzieq allows us to analyze our network from a time-based perspective in 2 different ways - Snapshots or Changes.

• Snapshots allow us to see the network at a given point in time - in other words, view a snapshot of the network as it once was.
• Changes allow us to view all the changes in the network between 2 points in time.

Why would we need time-based analysis? Well, some of the use cases are:

• Validating what has changed in the network when troubleshooting issues.
• Validating the state of the network after a maintenance to what was running before maintenance.

Suzieq Timezones

By default Suzieq, stores data within its DB against the UTC time zone.

However, for convenience, when analyzing the network we will typically want to work with our data using our local time zone. To do so, we need to set the time zone for our containers.

The steps for how to do this were previously covered in the Suzieq installation lesson where we set our time zone via an environment variable within our docker-compose.yml file. In addition to this, please also ensure you have your time correctly set. You can validate this by running:

❯ docker-compose exec suzieq_poller date
Mon Aug  9 11:52:03 BST 2021