Awesome article! This is the exact kind of use case we've been helping enterprises with at Graphistry, especially for SIEMs and operations data. Worth adding two aspects we've been finding important in our journey here:<p>* We found the need to play nice with Neo4j as well other more common systems here like Kafka/HDFS/Spark, Titan, and Splunk<p>* It helps to be able to work with big event graphs, where we'll often want to do something like filter for the day's 1M+ priority 10 alerts and see how they connect. The result is we spend a lot of time on our GPU frontend+backend so you can spot patterns in all of the days big events, and exploratory tooling so you can drill down rather than write queries.<p>If relevant, happy to share an API key (info@graphistry.com) or get on Skype!
Tracking flow information about networks and apps on Linux is something I have been thinking about. I'm wondering how other people are doing it.<p>For networking in general, I suppose you could sample /proc/PID/fd and /proc/PID/net/tcp regular intervals, though it would technically miss some connections.<p>For apps — specifically, microservices — I'm thinking that every app could be modified to emit pairs [from, to] to statsd, which can then be used to transfer the data to a central collector. The downside is that every RPC request has to do this, in all the languages your microservices are written in.