Wireshark switch port / LAG

I am investigating some potential network issues (user base is blaming network so I'm attempting to prove it is not) and as a result have setup some basic bandwidth monitoring on a number of edge ports going to users PC's who appear to be frequently affected. I have also setup the same bandwidth monitoring on the LAG group and on the separate members of the LAG ports.

I have noticed that daily we experience a very odd heartbeat every 30 secs or so (obvious in the diagram attached) which I have no idea where it roots from. It's only present in one of the LAG members however. I've only just started placing times of the pattern appearing but it's very obvious when it is, as you'll see.

My question is how, without any formal monitoring SW in place at present, can I tell what the traffic is and where it's coming from? I've been told I can use wireshark but how to I go about setting that up to reflect what's going through a certain LAG or port?

Somebody mentioned connecting a laptop to the core and setup port mirroring. Our core is a Cisco 3750 stack and the edge is Cisco Small Business 500G stack.

Thanks,

Skijuice
Traffic-Stats.jpg