Once again our developers have been keeping busy, kicking off the new year with exciting new features and updates to Kentik Detect®. A lot of development cycles recently have been going towards Dashboard enhancements that make it even faster for users — both technical and non-technical — to find the information they need. But we’ve also made a number of significant enhancements to Data Explorer, as well as to features such as Custom Dimensions and Mitigation. Let’s dig in…
Dashboard Navigation reduces the time spent drilling down to root causes by enabling users to navigate from a given dashboard panel directly to another dashboard that’s related to the same use case. Kentik will be rolling out a library of these ready-made dashboard workflows, but power users can go ahead and create workflows today to match their needs. Note that the general creation and editing of Dashboards is covered in the Dashboards article of our Knowledge Base, and that an upcoming post on our blog will provide more information on how to use these new dashboard features.
Creating a nested dashboard begins with the settings for the dashboard panel from which you will be navigating. In the following example, we’ll update an existing dashboard with existing panels. However, the process to create a new dashboard or panel would be very similar.
Once you’ve saved dashboard navigation edits for a panel, and taken the dashboard out of Edit Mode, only panels that use nesting will show the blue Navigate To button. The tooltip for each shown button will name that panel’s nested (destination) dashboard. Click the button to go to that dashboard. Breadcrumbs at the top of every nested dashboard make it easy to keep track of where you are in a nested dashboard workflow.
If you’re a regular reader of these updates, you’ll recall that we introduced Guided Mode Dashboards back in our November Product update. We’ve recently added the ability to filter a panel on this type of dashboard using our BGP Ultimate Exit dimensions for Site and Device.
To use this new feature, you’ll need a Guided Mode dashboard on which Dimension family to filter by (in the Guided Mode settings) is set to either Site or Devices. If you already have one, go to the Dashboards page, click the options menu at the upper right of the dashboard’s tile, and choose edit to open the Edit Dashboard dialog. Otherwise, make a new dashboard by clicking the Add Dashboard button, then in the resulting Edit Dashboard dialog, choose Device or Site from the Dimension family to filter by selector. For this example, we’ll use Site.
Once you have a dashboard whose Guided Mode dimension is Site, you can create a panel on the dashboard and filter it with a BGP Ultimate Exit dimension. (For information on creating a panel, see the Adding Dashboard Panels topic in our KB.) Open the panel’s Edit Panel dialog (Editing Dashboard Panels) and go to the Guided Mode tab (lower section of dialog). For behavior, choose Add filter group. From the Add a new filter group with dimension selector, choose Destination BGP Ultimate Exit Site. Once you’ve set a filter for the panel using an Ultimate Exit dimension, the panel will show only traffic from the Destination BGP Ultimate Exit Site chosen with the Guided Mode selector at the top of the dashboard.
While this example made use of Sites, a very similar workflow is available for Devices.
In last month’s update, we announced our new Alerting Scoreboard, which makes it easier to see at a glance the things that most need your attention. Now we’ve added the ability to include one or more scoreboards as panels on a dashboard. This type of panel is especially useful for Dashboards designed to get insight into attacks or changes in the network environment.
To add a scoreboard from an existing Dashboard, first click Edit Mode, then click the Alert Policy Scoreboard button in the panel at top (under “Select visualization type…”). In the resulting Add Dashboard Panel dialog you’ll see the controls for configuring the scoreboard grid: Dimension (X axis), Policy (Y axis), etc. Make your grid settings, set your thresholds for inclusion of various levels of alarms, and give the panel a title before saving with the Add Dashboard Panel button.
Filter-based dimensions allow Data Explorer to represent — as plots on graphs and rows in tables — a number of time-series that are each user-defined with filters. For example, you might want to compare HTTP, HTTPs, DNS (TCP), and DNS (UDP) traffic. If you queried for total traffic with those filter parameters, you’d return their total cumulative traffic plotted as one line with a corresponding single row in the table. But with filter-based dimensions, you can see each as a Series broken out into its own plot and row. Note that a query can’t mix these Series with regular (“preset”) group-by dimensions, and you can only have one filter-based dimension at a time. So any dimensions that you already have in the group-by selector will be overwritten when you save a filter-based dimension.
To use filter-based dimensions, click in the Group By Dimensions field in the Query pane of the sidebar, then click on the Filter-Based tab in the resulting dialog. Use the switch at top to enable filter-based dimensions, after which you’ll see a form similar to the below. Using our example, you’d define a series for HTTP, then add series for HTTPs, DNS (TCP), and DNS (UDP).
When you save the settings any dimensions that were specified in the dimension selector of the Query pane will be overwritten with the new filter-based dimension. Run the query in Explorer and you’ll get results that look something like the below, with each series plotted in the graph and represented as a row in the table.
Another new feature in the Data Explorer is the ability to customize the metrics that are shown in the table as well as those shown on the +Y and -Y axis. By default, the Data Explorer will show a single metric with table columns for the Average, 95th Percentile, Max, and Last Datapoint calculations for that metric. Querying with multi-metric enables you to look at things like ingress and egress on the same graph or, as we’ll see in the following example, Bits/s compared to Packets/s.
To enable the new multi-metric feature, click on the Customize Metrics button in the query section of the sidebar, which opens the Metrics dialog. The dialog (shown below) has the following sections that are important to note:
A query run with the settings shown above would gives us a graph (shown below) with the three metrics chosen from the Bits/s category on the +Y (top) axis and the three metrics chosen from the Packets/s category on the -Y (bottom) axis. In the table (only the heading of which are shown in the image) we have columns for all six of the metrics. The bits/s tab is sorted by our primary metric (Average bits/s) while our packets/s tab will show the same data sorted by our secondary metric (Average packets/s).
Data Explorer’s new Gauge visualization (shown at right) displays the current value of the primary metric, which is set with the Metrics setting in sidebar’s Query pane. In the Gauge this number is set against a background that changes color depending on the metric’s current value in relation to user-defined “brackets” (ranges). Assigning colors to different value ranges allows a gauge to show at a glance whether the metric’s current value is fine or problematic.
Before configuring a gauge in Data Explorer, set your dimensions, filters, time, and devices as you would for a query of any other view type. Then choose Gauge from the View Type selector at the upper right of the display area. A new Bracketing pane will appear in the Sidebar; click it to open the Bracketing Options dialog.
In the dialog (shown below), you first specify the basis on which the brackets are defined (Bracketing Type), such as static ranges, percentages, or percentiles. Then you specify the current value that will be displayed and that will be evaluated to determine which bracket it’s in (and thus what the background color will be). The Bracketing Value switch determines whether “current” means the most recent datapoint of the primary metric or the primary metric’s value over query time-range (e.g. average Mbps for the last hour). Lastly you define the ranges. By default there are two, but you can have up to five ranges with different colors (e.g. orange for a range that’s slightly above normal and red for a critical peak). For more in-depth information on Bracketing, head on over to our Bracketing Pane Settings article in the KB.
Once you run the query you can add it to a dashboard as a panel. This is a really powerful tool, as you can see below where there’s a set of such Guage panels, each showing a different metric. With the dashboard set to Live Update you get really easy-to-grasp indicators that update as network traffic changes. Keep an eye on our Product Update, Knowledge Base, and blog sites for more upcoming features and enhancements around Dashboards and Bracketing.
Another new View Type feature we first announced last month was Geo HeatMaps. Initially available for queries whose group-by dimension was source or destination country or site, HeatMaps have now been extended to cover regions and cities as well. As with countries, the mapping depends on the traffic attributable to the sites within a given region or city, which means that you must first use the Admin » Sites page to enter addresses for each of your sites (see instructions for Editing a Site in our KB).
A region HeatMap shows the total network traffic, inbound plus outbound, by each region (e.g. a state in the United States) based on the addresses specified specified for sites. In Data Explorer, choose the group-by dimensions Destination Region and Destination Country, and chose Geo HeatMap from the View Type selector at upper right of the display area. When you run the query, the resulting visualization should look similar to the below. For even more information, hover over a bubble (colored circle) on the map to open a pop-up, which states the location’s latitude, longitude, and total traffic.
The city heatmap is very similar to the region heatmap, but it’s more granular because it drills down to individual cities. To get a visualization similar to the one below, add Destination City to the group-by dimensions we already had (Region and Country).
Like the other visualizations in Data Explorer, heatmaps can be turned into panels on a Dashboard so users can easily monitor traffic on a geographical basis.
Custom Dimensions (covered in this KB article) is one of the more powerful features of Kentik Detect because it enables you to add custom columns to the traffic flow records in your Kentik database, and to populate those custom fields based on a match for a given value in the ingested flow fields. You can use those columns for any number of purposes, including overlaying business information on top of network information so you can run powerful analytics based on the two sets of data.
We recently added the ability to create ranges when defining populators that match on Port and ASN. To define a port range for a populator, first go to Admin » Custom Dimensions and click on a listed dimension to open the Edit Dimension dialog. Choose the Populators tab, then click the Add Populator button, which opens the Add Populator dialog. On the IP Matching tab, define a range in the Port field as shown below. When you add the populator a match will result from any number in the range, not just a single value.
In our November Product Update we mentioned that we have added the ability to start a manual mitigation as opposed to triggering one off an alert. We’ve now implemented this capability as an API and added it to the extensive list of REST APIs we’ve made available to programmatically manage Kentik Detect.Our KB article contains more information and be sure to check out our API tester, which will help guide you on using this new method.