Kentik - Network Flow Analytics

Product Updates

December 2018

2018 was a year of enormous progress for Kentik Detect. We added or extended a huge range of product capabilities while also making it easier than ever for users to discover and use all of the features we’ve built to make their workdays easier and more productive. As the year drew to a close we kept pushing right to the end, refining and improving existing functionality while also throwing in a few holiday treats, described below, to further enhance the user experience. Happy New Year!

Increased Alert Policy Scaling

Alerting is one of the core features of Kentik Detect, and we’ve now made it even more useful to customers who operate very large scale networks:

  • The maximum number of active policies per company has been increased from 60 to 100.
  • The maximum number of keys evaluated per policy has been increased from 300 to 1,000.

The increase in these limits reflects additional work we’ve done to better define what our alerting processes can handle and to optimize the system accordingly. This will allow customers to track and detect even more potentially anomalous network behavior. Stay tuned for additional scaling improvements in this area moving forward.

Raw Flow Drill-down

Raw flow refers to actual data fields (normalized from NetFlow, sFlow, etc.) that Kentik Detect stores for each ingested flow record. We’ve long had a Raw Flow viewer in the portal at Analytics » Raw Flow, allowing you to see flow data for specified devices over a specified time range. Now you can go directly from a query in Data Explorer to a view of that query in the Raw Flow viewer.

Start by clicking the Options menu icon (hamburger) at the upper right of the chart display area in Data Explorer. At the bottom of the resulting drop-down menu you’ll now find Explore Raw Flows (see screenshot at right). Choosing this item will take you to a Raw Flow viewer that has the sidebar controls set to display flow records for the traffic that you were viewing in Data Explorer.

Filter Configuration

Kentik Detect lets you apply dimension-based filtering in many locations throughout the portal, including Library dashboards, Data Explorer, alert policies, the analytics pages, and even the user admin page (where you can filter the traffic that’s visible to Member users). Filtering is applied with the Filtering Options dialog, which we’ve now redesigned in several different ways.

First, we’ve restructured the dialog so that there are no longer separate working areas for ad hoc filters (defined in the dialog itself) and saved filters (Kentik presets or previously saved “company” filters). Instead, as demonstrated by the initial dialog state shown in the screenshot below, there is a single Filter Groups pane where you configure filter groups containing both types of filters.

Consolidating these working areas allows us to make a more fundamental improvement, which is to change the logic used in compound filters (filters built from multiple filter groups). It used to be that all filter groups with saved filters were first ANDed together and then ANDed with the combination of all filter groups with ad hoc filters. But now you can mix and match saved and ad hoc filters in the same filter group, either at a single level or nested, and groups can be either ANDed or ORed together.

In the filter group below, for example, you can see four distinct filters: two single-condition filters at top (source country and destination URL), then a saved filter (MYNETWORK_IN), and then a nested group that excludes traffic from two source cities.

To implement these new capabilities we’ve made some changes to filtering controls, notably the addition of the Add Saved Filter button to each filter group. As shown below, we’ve also made it easy to check the individual components of a saved filter. Just click the expand icon (right-facing triangle) to the left of a filter’s name to reveal a list of its parts.

Another improvement is that you can now convert a saved filter to an ad hoc filter, allowing you to build new filters from saved filters rather than starting from scratch. To do so, click the saved filter’s Customize button, which you can see at the top right in the screenshot above.

The enhanced flexibility that we’ve built into our new filtering UI now enables you to zero in on the precise result you need. For a complete explanation of the new filtering controls, see the Filter Groups Interface article in our Knowledge Base, or ask the Kentik Customer Success team at support@kentik.com.

Export enhancements

Last but not least, we also revamped the export of chart and table information from Data Explorer. The labeling in the Export submenu (from the drop-down Options menu at the top right of the chart display area) is now more intuitive, offering the following export options:

  • Chart + Legend: Export, as a single PDF, both the visualization and the results table.
  • Chart Image: Export, as either bitmap (PNG) or vector (SVG), just the visualization.
  • Data: Export, as CSV, the data for either the visualization or the results table.

If Data Explorer is currently displaying the results of a compound (multi-axis) query, then in addition to the options listed above the Export submenu will include a Series Data option (as shown below) from which you can choose to export either the visualization (as PNG) or the results table (as CSV) associated with each individual axis of the query results.

We use cookies to deliver our services.
By using our website, you agree to the use of cookies as described in our Privacy Policy.