Raw Flow

The Raw Flow page enables you to directly examine the flow data stored in Kentik Data Engine (KDE), the back end datastore used by Kentik Detect. The Raw Flow page is covered in the following topics:

• About Raw Flow
• Raw Flow Page
• Raw Flow Sidebar
• Raw Flow Display Area

KDE is the repository of the network traffic data that is collected, stored, and queried by Kentik Detect (see KDE Overview). The core of this data is flow data that is exported from network devices that support Netflow, sFlow, or other flow protocols (see About Flow). At time of ingest into KDE, the flow records containing this data are timestamped, augmented with a wide variety of related information, and used to populate the columns of each record in the KDE. The raw flow page makes it possible to find and examine the value stored in KDE for one or more KDE columns in an individual time-stamped flow record.

Notes:
- For an overview of the various types of data collected in KDE, see What traffic data is collected?.
- For a list, with descriptions, of the filtering and group-by dimensions based on KDE data, see Dimensions Reference.

The Raw Flow page is reached from the main navbar (Analytics » Raw Flow). It is made up of two main areas:

• Sidebar: An area at left that contains a set of individual information and control panes (see Raw Flow Sidebar).
• Display area: An area for display of the table containing raw flow (see Raw Flow Display Area).

Settings are made in the sidebar and then applied to update the results in the display area.

The sidebar on the Raw Flow page contains information and control panes that are covered in the following topics:

• Raw Flow Sidebar Overview
• Raw Flow Sidebar Panes
• Flow Fields Pane

The Raw Flow sidebar contains the following UI elements:

• Run Query button: Applies changed sidebar settings to the table in the display area (see Run Query Button). When there are no changes to apply, the button is grayed-out.
• Sidebar panes: A set of panes that are used to set values for the queries whose results are shown in the display area. The panes can be in either Edit mode or Summary mode (see Pane Display Modes).

The sidebar on the Raw Flow page contains the following panes to control the query whose results are displayed in the display area:

• Flow Fields pane: Configures the type of analysis you’d like to see in the data display area; see Flow Fields Pane.
• Time pane: Specifies the time range of the flow records to return from KDE; see Time Pane Settings.
• Filtering pane: Specifies filters that may be applied to the query; see Filtering Pane Settings.
• Devices pane: Specifies the Kentik-registered devices covered by the query; see Devices Pane Settings.

Note: For additional general information about sidebar panes see About Sidebar Panes.

The Flow Fields pane is used to determine the characteristics of the data that will be displayed in the table in the display area. The pane has the following settings:

• Flow Fields: A selector from which you can choose the dimension (see Dimensions Reference) by which the returned results will be sorted in the table. The selector is identical to the Group By Dimensions dialog covered in Query Dimension Dialogs.
• Order By: The column by which the returned results will be sorted in the table.
  Note: You must choose a column that is included in the Flow Fields selector.
• Row Count: The number of rows to return in the table.

The display area of the Raw Flows page is covered in the following topics:

• Raw Flow Display Controls
• Raw Flow Table

The following indicators are found at the top of the display area:

• Filter field: Filters the Raw Flow table to rows that contain the entered text in any column.
• Refresh button: When the Time pane is set to Lookback, update the results in the Raw Flow table.
• Export CSV: Exports the table as CSV data. When the button is first clicked, a notification will confirm that the CSV data is being prepared. When the data is ready, another notification will appear, advising you of the URL from which the data can be downloaded.

The Raw Flow table is used to examine the value stored in KDE for one or more KDE columns in an individual time-stamped flow record. The table is made up of the following:

• A column for every dimension (see Dimensions Reference) chosen with the Flow Fields selector in the Flow Fields pane.
• The number of rows specified with the Row Count selector in the Flow Fields pane.

You can click on any heading to sort the table ascending or descending based on that column. You can also filter the column with the Filter field (see Raw Flow Display Controls).