skip to Main Content

Kentik FAQ

Kentik Detect is a big data-based service for high performance network visibility, DDoS detection, and infrastructure optimization. Deployed as SaaS or on premises, Kentik Detect scales to any volume of traffic, catches issues in moments, and informs your response with data-driven insights.

Kentik was founded by network, data, and systems technologists and executives who have built and operated some of the world’s largest and most complex infrastructure. Kentik Detect represents the unified, efficient visibility and alerting service that they’ve always wanted but couldn’t find. Kentik Detect addresses immediate and pressing network visibility and control issues, deploys in minutes, and is quick to deliver value.

Kentik Detect benefits everyone whose technical and/or managerial responsibilities involve network infrastructure, including:

  • Anyone who works in or around network operations, such as network managers, network engineers, and network operators.
  • Anyone responsible for planning and optimizing networks, including network architects, network engineers, network systems analysts, and peering coordinators.
  • Anyone responsible for assuring network resilience against DDoS, such as network security operators, network security managers, and reliability engineers.

Kentik Detect unifies several types of network data into a single, continuous-ingest datastore that’s queryable within moments of data receipt. The following data types are currently supported:

  • All common flow data formats, including NetFlow v5 and v9, sFlow, JFlow, cflowd, RFlow, and IPFIX.
  • SNMP data: interface names, descriptions, and octets.
  • BGP routing data.

We are adding other types over time, such as enriched metadata or security data streams, based on demand from customers.

An unlimited number of devices can be configured to send data to Kentik Detect.

Kentik Detect supports several different ways to send your network data:

  • Send flow, and optionally SNMP and/or BGP directly from network devices to Kentik’s servers.Send data to a local instance of
  • Kentik Agent software, which will encrypt and proxy the
  • data to Kentik’s servers via HTTPS.Use the Kentik agent to generate flow data from packets.

Kentik Detect currently handles millions of flows per second (tens of billions per day) across our many customers, supporting networks whose aggregate capacity exceeds 30 Terabits. Flow from individual organizations is supported at the following rates:

  • Unlimited aggregate flows per second per customer.
  • 4,000 flows per second per flow source (greater as needed, with configuration assistance).

No. The Kentik Detect portal enables many views of your data using simple on-page controls specifying time range and filters. For more specific queries, whether in the portal, the API, or a SQL client, you’ll use the syntax of industry standard PostgreSQL.

With Kentik Detect you do not need to guess in advance which aspects of flow you will later want to examine in detail. By default, Kentik Detect retains all ingested network data at full resolution, along with reports and summaries for at least 90 days. For information about optional longer-term retention, please contact

Effective network visibility requires data ingest at massive volume, near-instant availability of new data, and low-latency ad hoc queries. Off-the-shelf big data platforms can’t meet those requirements. Kentik developed the Kentik Data Engine (KDE), a custom, distributed column-store database. KDE, which powers Kentik Detect, was designed from the ground up to be massively-scalable, multi-tenant, and open, allowing easy integration.

Yes! You can save any query as a report and use it yourself, share with a co-worker, or add it to a custom dashboard.

Kentik takes data security extremely seriously. Kentik Detect has been built around the following general security guidelines:

  • All data sent to us can be encrypted in transit.
  • All access to our system is protected.
  • No customer has access to the data of another customer.

The above precautions allow Kentik to store data unencrypted (except by customer request) on our internal datastore, thereby enabling exceptional performance for ingestion and querying. For additional details about Kentik’s approach to data security, see our Knowledge Base article.

Kentik Detect supports multiple integration options:

  • Kentik’s full-featured REST API exposes both querying and system configuration (devices, users, alerts, and tags).
  • The Kentik Data Engine (KDE) datastore can be queried directly from any client that supports PostgreSQL. With a scriptable client, querying and configuration may be fully automated.
  • Configuration and management of users, devices, tags, and other portal elements can be performed via API as well

Yes, Kentik Detect’s built-in anomaly detection offers the industry’s most comprehensive and sophisticated baselining capability, offering 30% more accurate detection of DDoS attacks when compared to traditional approaches.  Kentik Detect also offers integrated support and automated triggering of mitigation via RTBH and leading DDoS mitigation solutions such as Radware DefensePro and A10 Thunder TPS.

Kentik Detect does not mitigate attacks directly, but Kentik Detect’s alerting system supports multiple notification modes that make it easy to integrate with a variety of mitigation options. Syslog and push to external URL can both be used to automatically trigger ACL generation on routers, to inject BGP black hole routes, or to activate a hardware mitigation device or cloud-based DDoS mitigation service. Kentik is currently working with multiple providers of mitigation services to develop fully automated detect-and-mitigate functionality.

Yes, Kentik Detect generates alert notifications not only via email, but also via syslog and/or JSON post to external URL, which means that you can easily integrate notifications into your existing monitoring system(s), such as Graphite, OpenTSDB, Nagios, and Zenoss.

Kentik Detect’s portal lets admin users create custom dashboards that graph traffic by any of over 20 metrics (geo, ASNs, IPs, ports, interfaces, etc.) and allow you to apply unlimited filters based on more than 20 different parameters. Saved dashboards can function as dynamically updated reports that are accessible by all of an organization’s authorized users. Snapshots can also be saved from the Data Explorer as image files (PDF, JPG, PNG, or SVG) to share directly with any individual. Expanded reporting options are on our product development roadmap.

Kentik Detect supports unlimited registered users per customer, so you can authorize any number of team members to access your network data via the system. Why do we do this? Because we want you to be able to share the value of Kentik Detect as you see fit throughout your organization, without barriers.

For very large or sensitive deployments, Kentik Detect can be provisioned on a private cluster within a customer data center. For further information about on premises deployment, please contact

The annual subscription fee for Kentik Detect is based on the features selected by the customer, the number of monitored devices (routers and hosts), and the volume of data ingested from those devices by Kentik Detect. The efficiency of our SaaS model allows us to deliver exceptional performance at a fraction of the cost of alternative approaches, including traditional appliance-based systems and custom tools that are built and/or maintained in house. For pricing information that’s specific to your system, please contact

No – the KDE uses Postgres as a “data API” but stores data on its own clustered backend, with built-in query caching, rate-limiting, auto-thinning, policy-based expiration, and compression.

Back To Top