November/December 2020

It’s nearing the end of the year, but we haven’t slowed down. We have released a significant new product called Kentik Firehose, aimed at closed-loop network monitoring. With Kentik Firehose, organizations can now send streaming network analytics to application monitoring tools (e.g., New Relic), data sinks (e.g., Splunk, InfluxDB, Elasticsearch, AWS S3, etc.) or publishing platforms (e.g., Kafka, AWS Kinesis, Google Pub/Sub, etc.). Use Firehose to enhance business and DevOps intelligence with a comprehensive understanding of network dynamics and context.

Kentik Firehose

The Kentik Network Observability Platform provides the most comprehensive data across all public, private, and hybrid networking environments, including flow records, streaming telemetry, SNMP data, device configurations, and synthetic performance metrics. With Kentik Firehose, you can now send all this data from Kentik into your application monitoring tools (e.g., New Relic, Splunk, InfluxDB, Elasticsearch, AWS S3, etc.), and publishing platforms (e.g., Kafka, AWS Kinesis, Google Pub/Sub, etc.).

Firehose closes the network observability gap and lets you uncover insights, and effectively troubleshoot your apps with full context and data about your networks included in the tools you use.

Examples of exportable data include:

• Flow data from NetFlow, sFlow, IPFIX
• VPC flow logs from all major public clouds
• Streaming telemetry from all major vendors (Juniper, Cisco, Arista)
• SNMP device metrics (CPU, memory, network interface)
• Synthetic measurements
• Internet, ISPs, CDNs
• Correlated and context enriched data from the customer’s application, infrastructure, geo-location, business environment, and other customer-defined dimensions

Data formats include:

• Output formats: JSON, NetFlow, AVRO, InfluxDB line protocol, Prometheus endpoint
• Compression algorithm: none, gzip, snappy, null, deflate
• Data sinks: .Net, Kafka, Kentik, stdout, file, New Relic, HTTP, Splunk, and more coming
• Rollups groups: type, metric, dimension 1, dimension 2, …, dimension n.
• Filters: string, src_addr, ==, 12.0.1.2

Customers are using Kentik Firehose to:

• Troubleshoot performance in complex application environments. Network data from Kentik allows teams to understand application performance in context.
• Combine network and infrastructure data all in one place for analysis and storage. IT teams use Firehose to send data to other systems like data lakes, with formats like JSON and AVRO. This data enables more cost-effective storage and the ability to perform complex analysis, with the data all in a single place.
• Enhance cross-domain analytics to detect threats. Security and risk management teams can correlate Kentik’s Firehose data to rapidly detect, analyze, investigate, and actively respond to threats. Using data like geolocation and network flow allows for a better understanding and easier identification of threats.

For further information see the Kentik Firehose Solution Overview.

Getting Started with Firehose

Kentik Firehose is available as part of the Kentik Premium Edition and available for purchase for Kentik Pro Edition customers.

Customers will be able to configure Firehose data export via the portal settings and the Kentik KTranslate agent is available on the Docker hub for anyone who wants to try it. Instructions on how to set up and use Firehose is available in the Kentik Knowledge Base.

Not a Kentik user yet? No problem, join our 30-day free guided trial and our team will get you ready to go.

Hybrid Maps Support for Path Visualization

Hybrid Maps now supports path visualization in all of our layouts. With Hybrid Maps, NetOps teams gain an immediate and single, unified view to understand topology state, traffic flows, network performance and device health status within and between multi-cloud, on-prem and internet infrastructures.

To see the new path visualization, apply a sidebar filter to express the traffic you want to see visualized in the maps.

Kentik Synthetic Monitoring

Driven by strong interest since its launch a couple of months ago, our Synthetics Monitoring product added a slew of new features that are sure to delight. Here is a summary of the significant additions and changes.

Web - HTTP Server Test

The new HTTP Server Test allows you to quickly set up an HTTP GET style test to a web server and optionally run ping tests towards the resolved IP address. Depending on whether you are a network engineer mainly interested in whether a server is reachable or an application engineer interested in the specifics of what is causing an application to be unresponsive, we’ve got you covered with custom HTTP error codes. Any error codes you specify will be treated as a “pass” if returned by the web server.

Test results for the HTTP Server Test show the status code and the average time to last byte metrics, and the response size so you can spot anomalies in the amount of data returned from the requests.

DNS - Server Monitor Test

The new DNS Server Monitor Test allows you to test the performance of one or more DNS servers associated with a hostname.

Test results show you the resolution time and any returned results (NS, MX, A, AAAA records…).

Traceroute-based Network Path View

The traceroute-based network path view is a beautiful traffic visualization as it flows from your test points (agents) to specific endpoints (IP hosts, web servers, DNS servers or even other agents). It shows a hop by hop view and makes it very easy to quickly dig down to the root of the problem that is causing performance problems in your network and impacting your end-users’ experience with your applications.

• View hop-by-hop path from source to destination, with nodes color-coded to reflect the Autonomous System (AS) of which they are part.
• Highlight links that exceed a certain latency and nodes that exceed a certain loss to narrow down the problem and then filter down to specific agents to reduce the amount of traces and easily find the problem’s source.
• Use the traceroute explorer to quickly identify changes in AS_Path and the number of hops that may be impacting performance.
• Collapse nodes down to Autonomous Systems (ASNs) to quickly know which specific network the problem may be.
• Click on any node to view detailed information including, AS name and number, geo-location, ingress and egress interface type, utilization and capacity.

Alert Incident Log

Alerts can be configured per test while creating tests and will show up in the new Incident Log on the Performance Dashboard.

• Select a time range and then hover over a specific time slice to see a summary count and any alerts opened during the selected time slice
• Quickly zoom in on active alerts and follow the links to the specific test
• For cleared alerts, the start and end times are displayed

Alerts are triggered based on preset or user-defined test health criteria (for warning, critical states) and based on user-defined alert policies that can be configured per test.

Alert Notifications (Email, Slack and more)

Get notified as soon as an alert is fired via email, Slack or your notification system of choice through a custom webhook.

Configurable Test Health Thresholds

Different applications have different requirements for performance. Some may be more tolerant towards jitter while others may not. Configurable threshold for packet loss, jitter, latency, and time to last byte allows you to control what is considered a healthy or an unhealthy test result.

PDF Exports

Easily export data from the Performance Dashboard, the Test Control Center and the Agent Management page. Exporting as a PDF runs in the background and notifies you through a banner.

Autonomous Testing Enhancements

Autonomous tests are a Kentik-unique concept that free you from the burden of identifying specific destination IP addresses and setting up tests one by one by leveraging real flow data to find, automatically set up and periodically refresh network tests.

You start by picking a specific type of entity (ASN, CDN, country, region or city) that you would like to test performance towards. Kentik shows you a list of entities of a specific type, ordered by the amount of traffic you have going towards it.

Selecting an entity (like an ASN or CDN) starts to run a query automatically for the top sites with traffic towards that entity. Testable sites without agents have a recommendation to “Add Agent.”

Get a quick description of the test by clicking the help link.

Dynamic Flow (Real Traffic) Charts in Test Details

The static sparklines representing the correlated flow traffic in the synthetics test details pages are now dynamic and interactive to allow for a more straightforward correlation of spikes to real traffic. Inbound and outbound traffic now span the entire horizontal space and are arranged one above the other to improve usability.