NetFlow was mentioned so I'll give a vendor plug. Plixer has this NetFlow product that is pretty good, Scrutinizer. I think it is less than $1K to buy but they have a full functioning demo that still works with some features missing when it expires. Their support is good, you'll be happy to pay for it if is working for you. Issue with NetFlow is that it isn't supported on low / mid range switches - I don't have any switches that support it - I think it is best on routers though there is some NetFlow support in ASAs now too. NetFlow deployed at your edge router will give you a picture of what is coming in / out.

Cacti or some other tool which which does SNMP can poll all of your switches and your routers for proc utilization - also monitor uplink ports for traffic. Plixer Denika is workable though the interface isn't too pretty and the steps for adding devices need to be reworked. SolarWinds has SNMP & NetFlow too.

Centralized syslog is important too and then some log analysis. I have tried to use Splunk for log analysis but I have yet to master it - I also found it to be a bit of a performance hog. Syslog is free if you are a Linux shop, Kiwi Syslog is cheap and usable or free with some features missing.

Getting something like Nagios set up for basic monitoring and then watching performance specs of key machines can be integrated next.

I think that the answer to the original post is that you need a good monitoring infrastructure first and then using it to get the answers you're looking for will be a little more obvious.