How to debug (identify source/dest, etc...) traffic spikes shown on the performance graph?
The performance charts, especially for router WAN uplink(s) are great for identifying high-level events - but I'm getting stuck "drilling down" into useful/actionable details...
...e.g. I see a large spike of downloaded data (>2Gigs) between 3:25am and 3:50am, which is rather unexpected. How can I find out what client(s) contributed to the spike? No other datapoints seem to be time-based to correlate... and going into Users under Application analytics and sorting by Upload for the day doesn't show anything close to this spike (most displays seem to be day-based time window rather than hour or minute as well):
I can look at the other router ports, find which one had a matching traffic pattern (assuming it was visible/single-source), and then trace down to that device... but it feels like this should be easier to correlate among devices... In this case, I can see it is coming from the port going to one switch... so I then swap over to that switch, and I can see it is going to one EAP:
On that EAP I can see the spike as well, but where do I go from there, it gets me no closer to client (which clients were associtated to that AP at that time, what was the various client traffic rates at that time, etc...):