This article discusses General Dimensions in Kentik.
Note: As of May 1st, 2025, the Query SQL Method has been deprecated and is no longer supported.
About General Dimensions
General dimensions in Kentik are non-flow device metrics (e.g., SNMP or Streaming Telemetry) and aren't specific to a particular device model. The available general dimensions in the Query sidebar in Data Explorer (see Dimension Panes) vary depending on the device category, Router or Host (see Supported Device Types), and the specific device type.
If a dimension isn’t found here:
Traffic routing dimensions: see Routing Dimensions.
Non-flow device metrics: see Device Metrics Dimensions.
Device-specific dimensions: see Device-specific Metrics.
Notes:
Dimensions in this article are available for filtering and group-by, except when noted.
The value type indicates the data type (text, integer) of the dimension value.
The column type indicates whether the dimension is stored in KDE (native) or derived from other KDE-stored information (virtual) at query-time (see KDE Query Efficiency).
The KDE names represent the corresponding KDE columns.
Native columns are stored in the backend, while virtual columns are derived at query-time. Filtering with native columns is generally faster.
Network and Traffic Topology
This category of dimensions is used to filter or group-by on information related to devices including interface names and descriptions, port IDs, etc.
Note: The following dimensions are represented differently in the group-by Dimension Selectors (Group By Dimensions and Matrix By Dimensions dialogs) than in filtering (see Dimension Selector Dialog):
Device Name is represented as the Device dimension.
Interface Name and Description are represented by the Interface dimension.
Traffic Orig/Term is represented as two separate dimensions, Traffic Origination and Traffic Termination.
Ultimate Exit Interface Name and Description are represented by the Ultimate Exit Interface dimension.
Device Info Dimensions
Dimensions related to devices (see About Devices):
Dimension name (portal) | Description | Type: | Direction KDE name(s) |
---|---|---|---|
Device ID | Kentik-assigned unique numerical ID of the device (see Device General Settings). | string | Non-directional: |
Device Name | User-defined name for the device (see Device General Settings). | string | Non-directional: |
Device Type | Type of device: router, host, etc. (see Supported Device Types).
| string | Non-directional: |
Device Sample Rate | The ratio of total flows per sampled flow (see Device Flow Settings). | string Virtual | Non-directional: |
Site | Name of the site to which the device has been assigned (see About Sites). If the device hasn't been assigned to a site, returns an empty string.
| string | Non-directional: |
Site Market | Name of the site market to which the device has been assigned (see About Site Markets). If the device hasn't been assigned to a site market, returns an empty string. | string | Non-directional: |
Device Labels | A label assigned to a collection of devices (see About Labels). | string | Non-directional: |
Interface Info Dimensions
Dimensions related to interfaces (see About Interfaces):
Dimension name (portal) | Description | Type: | Direction KDE name(s) |
---|---|---|---|
Interface ID | ID of the receiving/sending host or router interface (see Interface Field Definitions). | int | Src/Dst: |
Interface Name | The Name (e.g. “GigabitEthernet0/1”) of the device interface (physical or logical) through which flow ingressed/egressed (see Interface Field Definitions). | string | Src/Dst: |
Interface Description | The Description (e.g. “Connected to upstream ISP”) of the device interface (physical or logical) through which flow ingressed/egressed (see Interface Field Definitions). | string | Src/Dst: |
Interface Capacity | The speed of the device interface through which flow ingressed/egressed (see Interface Field Definitions). | bigint | Src/Dst: |
Interface Classification Dimensions
Dimensions related to interface classification (see Interface Classification):
Dimension name (portal) | Description | Type: | Direction KDE name(s) |
---|---|---|---|
Connectivity Type | The connectivity type, such as transit, IX peering, etc., of the source/destination interface of this flow (see Connectivity Type Attribute). | string | Src/Dst: i_src_connect_type_name, |
Network Boundary | The network boundary value (internal or external) of the source/destination interface of this flow (see Network Boundary Attribute). | string | Src/Dst: |
Provider | A string representing the provider via which source/destination traffic over a given interface reaches the Internet (see About Provider Classification). | string | Src/Dst: |
Network Classification Dimensions
Dimensions related to network classification (see Network Classification):
Dimension name (portal) | Description | Type: | Direction KDE name(s) |
---|---|---|---|
Traffic Orig/Term | Indicates the location (inside or outside) of the source/destination of the flow | string | Src/Dst: |
Host Direction | If flow record is from host, indicates whether the direction of traffic is into or out of that host. | string | Non-directional: |
Traffic Profile | The origination and termination of the flow. | string | Non-directional: |
Simple Traffic Profile | Alternate dimension for origination and termination of the flow. | string | Non-directional: |
Note: For more details, see Network Classification Dimensions.
Ultimate Exit Dimensions
Dimensions related to Ultimate Exit (see Using Ultimate Exit):
Dimension name (portal) | Description | Type: | Direction KDE name(s) |
---|---|---|---|
Ultimate Exit Interface ID | Number of ports through which the flow leaves (see Network Classification Dimensions). | bigint | Non-directional: |
Ultimate Exit Interface Name | The SNMP description (portal name) of the interface through which the flow leaves (see Network Classification Dimensions). | string | Non-directional: |
Ultimate Exit Interface Description | The SNMP alias (portal description) of the interface through which the flow leaves (see Network Classification Dimensions). | string | Non-directional: |
Ultimate Exit Connectivity Type | The connectivity type value of the interface through which traffic left the network for another AS (see Network Classification Dimensions). | string | Non-directional: |
Ultimate Exit Network Boundary | The network boundary value of the interface through which traffic left the network for another AS (see Network Classification Dimensions). | string | Non-directional: |
Ultimate Exit Provider | A string representing the ultimate exit provider (see Why Ultimate Exit). | string | Non-directional: |
Ultimate Exit Site | The name of the site through which the flow leaves (see Why Ultimate Exit). | string | Non-directional: |
Ultimate Exit Site Market | The name of the site market through which the flow leaves (see Why Ultimate Exit). | string | Non-directional: |
Ultimate Exit Device ID | The numerical ID of the device through which the flow leaves (see Why Ultimate Exit). | string | Non-directional: |
Ultimate Exit Device | The name of the device through which the flow leaves (see Why Ultimate Exit). | string | Non-directional: |
LAN Dimensions
Dimensions related to LAN properties:
Dimension name (portal) | Description | Type: | Direction KDE name(s) |
---|---|---|---|
VLAN | ID of receiving/sending VLAN. | int | Src/Dst: |
MAC Address | Ethernet (L2) address of source/destination. | string | Src/Dst: |
Cloud Dimensions
These dimensions are used to filter or group-by on fields in VPC flow logs from cloud providers.
General Cloud Dimensions
The following dimensions are applicable to all cloud providers for which flow log ingest is supported by Kentik (e.g. AWS, GCP, or Azure).
Dimension name (portal) | Description | Type: | Direction KDE name(s) |
---|---|---|---|
Cloud Provider | The cloud provider (e.g. AWS, GCP, or Azure) from which Kentik retrieved the flow log containing the data in this flow record. | string | Non-directional: |
AWS Dimensions
The dimensions below represent data in flow logs from resources in Amazon Web Services (see Kentik for AWS).
Note: AWS documentation for many of these fields may be found in the Amazon VPC User Guide topic Available fields.
Directional AWS Dimensions
Dimension name (portal) | Description | Type: | Direction KDE name(s) |
---|---|---|---|
Account | Source/destination AWS account. | int | Src/Dst: |
Instance Name | Source/destination AWS instance name. | string | Src/Dst: |
Instance | Source/destination AWS instance | string | Src/Dst: |
Region | Source/destination AWS Region. | string | Src/Dst: |
Zone | Source/destination AWS Availability Zone. | string | Src/Dst: |
Instance Type | Source/destination AWS Instance Type. | string | Src/Dst: kt_aws_src_vm_type, kt_aws_dst_vm_type |
Image ID | Source/destination AWS Image ID. | string | Src/Dst: |
Security Group | Source/destination security group. | string | Src/Dst: |
Auto Scaling Group | Source/destination auto scaling group. | string | Src/Dst: |
Public DNS Name | Source/destination public DNS name. | string | Src/Dst: |
Private DNS Name | Source/destination private DNS name. | string | Src/Dst: |
VPC ID | Source/destination VPC ID. | string | Src/Dst: |
Subnet ID | Source/destination subnet ID. | string | Src/Dst: |
Instance Tags | Tags applied to VMs by users. | string | Src/Dst: |
Packet Address | The packet-level (original) source/destination IP address of the traffic. See pkt-srcaddr/pkt-dstaddr in AWS documentation. | bytes/IP Address | Src/Dst: |
Gateway ID | The ID of the gateway through which the flow entered your AWS resources. | string | Dst only: |
Gateway Type | The type of the gateway through which the flow entered your AWS resources | string | Dst only: |
Forwarding State | The route state of the destination prefix:
| string | Dst only: |
Interface ID | The ID (inferred from IP address) of the first (for source) or last (for destination) Elastic Network Interface on which the flow was recorded. | string | Src only: |
Interface Type | The type of the network interface that recorded the flow: | int | Src/Dst: |
AWS Service | The name of the subset of IP address ranges for the pkt-srcaddr field, if the source IP address is for an AWS service. For possible values see pkt-src-aws-service in AWS documentation. | int | Src/Dst: |
ENI Description | The description field of the Elastic Network Interface that recorded the flow. | string | Src/Dst: |
ENI Entity Name | The name of the entity based on the Elastic Network Interface that recorded the flow. | string | Src/Dst: |
AWS TGW AZ ID | The ID of the transit gateway availability zone. | string | Src/Dst: |
AWS TGW ENI | The Elastic Network Interface of the transit gateway. | string Virtual | Src/Dst: |
AWS TGW Subnet ID | The subnet ID of the transit gateway. | string Virtual | Src/Dst: |
AWS TGW VPC ID | The VPC ID of the transit gateway. | string Virtual | Src/Dst: |
AWS TGW VPC Account ID | The VPC account ID of the transit gateway. | bigint Virtual | Src/Dst: |
Non-directional AWS Dimensions
Dimension name (portal) | Description | Type: | KDE name(s) |
---|---|---|---|
Firewall Action | The action associated with the traffic:
| string | kt_aws_action |
Logging Status | The logging status of the flow log:
| string | kt_aws_status |
Start Time | The time, in Unix seconds, when the first packet of the flow was received within the aggregation interval. This might be up to 60 seconds after the packet was transmitted or received on the network interface. | bigint | ktsubtype__aws_subnet__INT00 |
End Time | The time, in Unix seconds, when the last packet of the flow was received within the aggregation interval. This might be up to 60 seconds after the packet was transmitted or received on the network interface. | bigint | ktsubtype__aws_subnet__INT01 |
Observing Interface ID | The ID of the network interface that recorded the flow. | string | ktsubtype__aws_subnet__STR03 |
Flow Log Account ID | The AWS account ID of the owner of the source network interface that recorded the flow.
| string | ktsubtype__aws_subnet__INT64_00 |
Flow Direction | The direction of the flow with respect to the interface where traffic is captured:
| string | ktsubtype__aws_subnet__INT06 |
Traffic Path | The path that egress traffic (see Flow Direction) takes to the destination:
| int | ktsubtype__aws_subnet__INT07 |
Cloud Ultimate Exit | The last gateway the flow will traverse on its way to the destination IP address. | string | ktsubtype__aws_subnet__STR25 |
Cloud Ultimate Exit Type | The type of the last gateway the flow will traverse on its way to the destination IP address:
| string | ktsubtype__aws_subnet__STR26 |
Observing VPC ID | The ID of the observing VPC. | string | ktsubtype__aws_subnet__STR10 |
Observing VPC Subnet ID | The ID of the observing VPC subnet. | string | ktsubtype__aws_subnet__STR11 |
Observing Instance ID | The ID of the observing instance. | string | ktsubtype__aws_subnet__STR12 |
Observing Region | The ID of the observing region. | string | ktsubtype__aws_subnet__STR14 |
Observing Availability Zone ID | The ID of the observing availability zone. | string | ktsubtype__aws_subnet__STR15 |
Observing Sublocation ID | The ID of the observing subscription. | string | ktsubtype__aws_subnet__STR16 |
AWS Resource Type | The type of AWS resource being observed such as EC2, RDS, etc. | string | ktsubtype__aws_subnet__STR27 |
AWS TGW Attachment ID | The ID of the transit gateway attachment. | string | ktsubtype__aws_subnet__STR28 |
AWS TGW ID | The ID of the transit gateway. | string | ktsubtype__aws_subnet__STR33 |
AWS TGW Pair Attachment ID | The ID of the paired transit gateway attachment. | string | ktsubtype__aws_subnet__STR34 |
AWS Packets Lost - Blackhole | The number of packets lost due to blackhole routing. | int | ktsubtype__aws_subnet__INT64_01 |
AWS Packets Lost - MTU Exceeded | The number of packets lost because the packet size exceeded the MTU. | int | ktsubtype__aws_subnet__INT64_02 |
AWS Packets Lost - No Route | The number of packets lost due to the absence of a valid route. | int | ktsubtype__aws_subnet__INT64_03 |
AWS Packets Lost - TTL Expired | The number of packets lost because the TTL expired. | int | ktsubtype__aws_subnet__INT64_04 |
Azure Dimensions
These dimensions represent data in flow logs from resources in Microsoft Azure (see Kentik for Azure).
Directional Azure Dimensions
Dimension name (portal) | Description | Type: | Direction KDE name(s) |
---|---|---|---|
Instance Name | The name of the Azure instance (VM) that generated the flow log. | string | Src/Dst: |
Instance | The raw ID of the log-generating instance, which is useful for programmatic management of compute resources. | string | Src/Dst: |
Region | The geographical region of the Azure instance, which corresponds to a specific set of Azure data centers in which the instance may run. | string | Src/Dst: |
Zone | The High Availability Zone where the instance is currently deployed, which corresponds to a specific data center within a region. | int | Src/Dst: |
Instance Type | The kind of instance-generated flow logs, which may be Azure-provided or custom-built. These values do not follow a standard naming nomenclature. | string | Src/Dst: |
Public DNS Name | The publicly resolvable DNS name for an instance. | string | Src/Dst: |
VNet ID | An identifier for the virtual network object in which an instance resides. A virtual network is a collection of subnets within a given region. | string | Src/Dst: |
Subnet Name | The name of a subnet resource assigned to a virtual network. | string | Src/Dst: |
Resource Group | A set of related technical resources (disk, storage, VMs, APIs, services, etc.) that can be accessed as a group for bulk operations. | string | Src/Dst: |
Public IP Address | The public IP address assigned to an Azure instance. Public IP addresses are not assigned by default. | string | Src/Dst: |
Subscription | A top-level administrative object representing a set of resources that will be billed together in a monthly cycle. All Azure resources are tied to a subscription, which may contain multiple resource groups. | string | Src/Dst: |
Security Rule | The name of the security rule by which this flow was allowed or denied as it passed through a security group (see below) on its way to or from an Azure instance. | string | Src/Dst: |
Firewall Action | The actions (allow or deny) taken on this flow by the security rules by which it was evaluated on the way to or from an Azure instance. | string | Src/Dst: |
Security Group | A collection of enforced security policies (each a collection of rules) at the edge of a virtual network and/or applied to a network interface attached to an instance. Traffic to an instance from the internet must pass through at least one security group at the edge of the virtual network and may also pass through an additional security group attached to the interface of an instance. | string | Src/Dst: |
Interface Name | The name of the network interface. | string | Src/Dst: |
Gateway Name | The name of the gateway. | string | Src/Dst: |
Gateway Type | The type of gateway such as VPN, ExpressRoute, Application Gateway, etc. | string | Src/Dst: |
FQDN | The fully qualified domain name. | string | Dst: |
Load Balancer | The Azure load balancer resource that distributes traffic. | string | Src/Dst: |
Non-directional Azure Dimensions
Dimension name (portal) | Description | Type: | KDE name(s) |
---|---|---|---|
Observing MAC Address | The MAC address of the observing device. | string Virtual | ktsubtype__azure_subnet__STR08 |
Ingress Virtual Hub | The name of the Azure Virtual Hub where the traffic enters. | string | ktsubtype__azure_subnet__STR13 |
Egress Virtual Hub | The name of the Azure Virtual Hub where the traffic exits. | string Virtual | ktsubtype__azure_subnet__STR14 |
ExpressRoute Circuit Name | The name of the Azure ExpressRoute circuit. | string | ktsubtype__azure_subnet__STR15 |
ExpressRoute Peering Type | The name of peering type of the Azure ExpressRoute. | string | ktsubtype__azure_subnet__STR16 |
Firewall Policy | The policy that governs that handling of traffic. | string | ktsubtype__azure_subnet__STR20 |
Firewall Rule | The rule within the policy that allows or denies traffic. | string | ktsubtype__azure_subnet__STR21 |
Application Protocol | The application layer protocol used in the communication process. | string | ktsubtype__azure_subnet__STR22 |
Logging Resource Category | The classification of the logging resource. | string | ktsubtype__azure_subnet__STR17 |
Logging Resource Name | The name of the logging resource. | string | ktsubtype__azure_subnet__STR18 |
GCP Dimensions
These dimensions represent data from resources in Google Cloud Platform (see Kentik for GCP).
Directional GCP Dimensions
Dimension name (portal) | Description | Type: | Direction |
---|---|---|---|
Project ID | The Google Compute Engine (GCE) Project ID. | string | Src/Dst: |
VM Name | The GCE VM name. | string | Src/Dst: |
Region | The GCE region. | string | Src/Dst: |
Zone | The GCE zone. | string | Src/Dst: |
Subnet Name | The GCE subnet name. | string | Src/Dst: |
VM Type | The GCE VM type. | string | Src/Dst: |
Image ID | The GCE image ID. | string | Src/Dst: |
Instance Group ID or Name | The GCE instance group ID or name. | string | Src/Dst: |
VPC Name | The name of the VPC. | string | Src/Dst: |
GKE Pod Name | The name of the individual pod in GKE (Google Kubernetes Engine). | string | Src/Dst: |
GKE Pod Namespace | The namespace that the pod is a part of in GKE. | string | Src/Dst: |
GKE Cluster Name | The name of the GKE cluster. | string | Src/Dst: |
GKE Cluster Location | The location of the GKE cluster. | string | Src/Dst: |
GKE Service Name | The name of the GKE service. | string | Src/Dst: |
GKE Service Namespace | The namespace that the GKE is a part of. | string | Src/Dst: |
Entity Gateway Name | The name of the gateway entity. | string | Src/Dst: |
Entity Gateway Type | The type of gateway. | string | Src/Dst: |
Non-directional GCP Dimensions
Dimension name (portal) | Description | Type: | KDE name(s) |
---|---|---|---|
Reporter | Indicates where the flow was collected/reported:
| string | kt_gce_reporter |
Dedicated Interconnect Name | The name of the GCP Dedicated Interconnect. | string | ktsubtype__gcp_subnet__STR25 |
Dedicated Interconnect Type | The type of interconnection established. | string | ktsubtype__gcp_subnet__STR26 |
Non-directional Google Cloud Run (GCR) Dimensions
Dimension name (portal) | Description | Type: | KDE name(s) |
---|---|---|---|
Project ID | The GCP Cloud Run project ID. | string | ktsubtype__gcp_subnet__STR04 |
Resource Type | The GCP Cloud Run resource type. | string | ktsubtype__gcp_subnet__STR00 |
Service Name | The GCP Cloud Run service name. | string Virtual | ktsubtype__gcp_subnet__STR01 |
Location | The region where the GCP Cloud Run service is deployed. | string | ktsubtype__gcp_subnet__STR02 |
Service Revision Name | The name of the GCP Cloud Run service revision. | string | ktsubtype__gcp_subnet__STR03 |
HTTP Status Code | The HTTP response status code indicating the result of the request processed by the GCP Cloud Run service. | int | ktsubtype__gcp_subnet__INT00 |
OCI Dimensions
These dimensions represent data from resources in Oracle Cloud Infrastructure (see Kentik for OCI).
Notes:
All KDE columns for OCI dimensions are UDR (see Universal Data Records).
Additional details about OCI flow logs may be found in the OCI documentation topic Details for VCN Flow Logs.
Directional OCI Dimensions
Dimension name (portal) | Description | Type: | KDE name(s) |
---|---|---|---|
Subnet Name | The name of the subnet. | string | Src/Dst: |
VCN Name | The name of the virtual cloud network. | string | Src/Dst: |
Region | The region where the resource is located. | string | Src/Dst: |
VNIC Name | The name of the virtual network interface card. | string | Src/Dst: |
Instance Name | The name of the instance. | string | Src/Dst: |
Dynamic Routing Gateway Name | The name of the dynamic routing gateway. | string | Src/Dst: |
Local Peering Gateway Name | The name of the local peering gateway. | string | Src/Dst: |
Non-directional OCI Dimensions
Dimension name (portal) | Description | Type: | KDE name(s) |
---|---|---|---|
Action | Indicates whether the record’s traffic was accepted or rejected by the security lists. | string | ktsubtype__oci_subnet__STR00 |
Status | The status of the data capture window for the flow log. | string | ktsubtype__oci_subnet__STR01 |
Tenant OCID | The Oracle Cloud ID of the tenant. | string | ktsubtype__oci_subnet__STR02 |
VNIC OCID | The Oracle Cloud ID of the virtual network interface card. | string | ktsubtype__oci_subnet__STR03 |
VNIC Compartment OCID | The Oracle Cloud ID of the compartment to which the VNIC belongs. | string | ktsubtype__oci_subnet__STR04 |
VNIC Subnet OCID | The Oracle Cloud ID of the subnet to which the VNIC belongs. | string | ktsubtype__oci_subnet__STR05 |
Internet Gateway | The OCI Internet Gateway that provides a path for the network traffic between the VCN and the internet. | string | ktsubtype__oci_subnet__STR20 |
NAT Gateway | The OCI Network Address Translation gateway that enables instances to initiate connections to the internet. | string | ktsubtype__oci_subnet__STR21 |
Service Gateway | The OCI Service Gateway that provides a path for the network traffic between the VCN and the other OCI resources. | string | ktsubtype__oci_subnet__STR22 |
IPsec Connection Name | The name of the IPsec VPN connection. | string | ktsubtype__oci_subnet__STR23 |
Virtual Circuit Name | The name of the OCI Virtual Circuit. | string | ktsubtype__oci_subnet__STR24 |
Geolocation Dimensions
These dimensions are used to filter or group-by on flow properties related to physical location.
Dimension name (portal) | Description | Type: | Direction |
---|---|---|---|
Custom Geo | A collection of countries that have been assigned a common geographical label (see About Custom Geos). | string | Src/Dst: |
Country | Two-letter country code associated with the source/destination IP of the flow. | string | Src/Dst: |
Region | Full-string English name of the region (state or province, e.g. "California") associated with the source IP of the flow. | string | Src/Dst: |
City | Full-string English name of the city (e.g. "San Francisco") associated with the source IP of the flow. | string | Src/Dst: |
Site Country | A country in which your organization has sites; enables the grouping, with a single dimension, of traffic from all sites in a given country. | string | Non-directional: |
Ultimate Exit Site Country | The name of the country containing the site through which flow leaves. | string | Non-directional: |
Application Context and Security
These dimensions are used to filter or group-by based on various factors related to context — whether a flow originated or terminated with a commercial CDN, for example, or what "service" (port and protocol) it represents — as well as whether the value of certain flow fields match those of known security threats.
Dimension name (portal) | Description | Type: | Direction |
---|---|---|---|
Cloud | The name of the vendor (e.g. AWS, GCP, Azure, etc.) operating the cloud computing service in which this flow originated (src) or terminated (dst). The value is derived by checking the IP address (src or dst) in the flow against the cloud provider's list of IPs. | string | Src/Dst: |
Cloud Service | The name that a cloud computing vendor assigns to the service in which a flow originated (src) or terminated (dst). The value is derived by checking the IP address (src or dst) in the flow against the cloud provider's list of IPs. | string | Src/Dst: |
CDN | Commercial CDN (if any) with which the flow originated/terminated (see CDN Attribution Dimensions).
| string | Src/Dst: |
Service (Port + Proto) | The combination of the port and protocol of the source/destination flow.
| string | Src/Dst: |
Bot Net CC | A source/destination IP for the flow that has been identified as a botnet command and control (CC) servers (see Threat Feed Dimensions). | string | Src/Dst: |
Threat List Host | A source/destination IP for the flow that has been identified as a threat (see Threat Feed Dimensions). | string | Src/Dst: |
Application | An identifying string for the application associated with a flow, which is either derived by evaluating flow data or provided in the flow data itself (see About Applications). | string | Non-directional: |
TCP Flags | TCP flags that were set on the flow using a flow mask. | int | Non-directional: |
OTT Service | An individual OTT content service whose hostname is looked up via DNS. | string | Non-directional: |
OTT Service Type | The nature of the content provided by an OTT content service. Values include Adult, Ads, Antivirus, Audio, Cloud, Conferencing, Dating, Developer Tools, Documents, Ecommerce, File Sharing, Gaming, IoT, Mail, Maps, Media, Messaging, Network, Newsgroups, Photo Sharing, Social, Software Download, Software Updates, Storage, Video, VPN, Web. | string | Non-directional: |
OTT Service Provider | An entity that offers an OTT content service. For example, Google is the provider for Google Drive, Gmail, Google Maps, etc. | string | Non-directional: |
Application Decodes
Dimensions related to "application decodes" are discussed here.
About Application Decodes
Application decodes dimensions are used to filter or group-by based on host-related fields (e.g. HTTP and DNS-related fields) with which Kentik enriches flow records from our software host agent (see About the Universal Agent). Kentik originally allocated this data to a fixed set of KDE columns but later switched to the more efficient approach of storing it in UDR columns (see Universal Data Records). As a result, data from current host agent versions is queried via dimensions that are categorized as "Application Decodes" in the portal UI while data from older versions is queried via dimensions now categorized as "Legacy Application Decodes."
Application Decodes Dimensions
The dimensions in the table below correspond to application decode fields from current host agent versions, which use UDR columns in KDE (see Universal Data Records).
Notes:
These dimensions are all non-directional.
For application decodes metrics, see Application Decodes Metrics.
The dimensions below require Kentik's Universal Agent (see About the Universal Agent).
DNS Dimensions
Dimensions related to DNS properties (see Host Traffic Dimensions):
Dimension name (portal) | Description | Type: | Direction |
---|---|---|---|
DNS Query Name | Query from a DNS resolver to a DNS name server. | string | Non-directional |
DNS Query Type | The resource record type requested by the DNS query. | bigint | Non-directional |
DNS Reply Code | DNS return code (see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6). | bigint | Non-directional |
DNS Reply Data | The response from a DNS server to a DNS query. | string | Non-directional |
HTTP Dimensions
Dimensions related to HTTP properties (see Host Traffic Dimensions):
Dimension name (portal) | Description | Type: | Direction |
---|---|---|---|
HTTP URL | Filename portion of path, with query string (if any). | string | Non-directional |
HTTP Host | Domain name of the server. | string | Non-directional |
HTTP Referrer | The address from which a destination webpage is requested. | string | Non-directional |
HTTP URL | Filename portion of path, with query string (if any). | string | Non-directional |
HTTP Host | Domain name of the server. | string | Non-directional |
TLS Dimensions
Dimensions related to Transport Layer Security (see IETF RFC8446):
Dimension name (portal) | Description | Type: | Direction |
---|---|---|---|
TLS Server Name | The Server Name Indication (SNI), which is a TLS extension by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. | string | Non-directional |
TLS Server Version | The version of the TLS server (as of August 2018 the current version was 1.3). | int | Non-directional |
TLS Cipher Suite | A set of cryptographic algorithms used to create keys and encrypt information for TLS. | int | Non-directional |
DHCP Dimensions
Dimensions related to Dynamic Host Configuration Protocol (see IETF RFC2131):
Dimension name (portal) | Description | Type: | Direction |
---|---|---|---|
DHCP OP | Message op code / message type: 1 = BOOTREQUEST, 2 = BOOTREPLY. | int | Non-directional |
DHCP Message Type | The type of the DHCP message, e.g. DHCPDISCOVER, DHCPOFFER, etc. (see DHCP Message Type). | int | Non-directional |
DHCP CI Address | A client IP address (ciaddr) that has already been allocated and accepted; only filled in if client is in BOUND, RENEW or REBINDING state and can respond to ARP requests. | string | Non-directional |
DHCP YI Address | The IP address of the client (yiaddr) as allocated by the server and accepted by the client. | string | Non-directional |
DHCP SI Address | The IP address of next server to use in bootstrap (siaddr). | string | Non-directional |
DHCP Lease | In a client request (DHCPDISCOVER or DHCPREQUEST), the requested lease time for the IP address; in a server reply, the lease time offered by the server (see IP Address Lease Time). | int | Non-directional |
DHCP CH Address | The client hardware address (chaddr). | string | Non-directional |
DHCP Hostname | The name of the client (see Host Name Option). | string | Non-directional |
DHCP Domain | The domain name that client should use when resolving hostnames via the Domain Name System (see Domain Name Option). | string | Non-directional |
Radius Dimensions
Dimensions related to RADIUS (see FreeRADIUS attributes):
Dimension name (portal) | Description | Type: | Direction |
---|---|---|---|
Radius Code | The RADIUS Packet type: Access-Request, Access-Accept, Access-Reject, or Access-Challenge (see IETF RFC2865). | int | Non-directional |
Radius User Name | The name of the user to be authenticated. | string | Non-directional |
Radius Service Type | The type of service the user has requested, or the type of service to be provided. | int | Non-directional |
Radius Framed IP Address | The address to be configured for the user. | string | Non-directional |
Radius Framed IP Mask | The IP netmask to be configured for the user when the user is a router to a network. | string | Non-directional |
Radius Framed Protocol | The framing to be used for framed access. | string | Non-directional |
Radius Accounting Status | Indicates whether this Accounting-Request marks the beginning of the user service (Start) or the end (Stop). | int | Non-directional |
Radius Accounting Session ID | A unique Accounting ID that enables the matching of start and stop records in a log file. | string | Non-directional |
Legacy Application Decodes
The dimensions in the table below correspond to application decode fields from older host agents.
Note: The dimensions below require Kentik's software host agent (see About the Universal Agent).
Legacy DNS Dimensions
Dimensions related to DNS properties (see Host Traffic Dimensions):
Dimension name (portal) | Description | Type: | Direction |
---|---|---|---|
DNS Query | Query from a DNS resolver to a DNS name server.
| string | Src/Dst: |
DNS Query Type | The resource record type requested by the DNS query. | bigint | Src/Dst: |
DNS Return Code | DNS return code (see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6).
| bigint | Src/Dst: |
DNS Response | The response from a DNS server to a DNS query.
| string | Src/Dst: |
Legacy HTTP Dimensions
Dimensions related to HTTP properties (see Host Traffic Dimensions):
Dimension name (portal) | Description | Type: | Direction |
---|---|---|---|
HTTP URL | Filename portion of path, with query string (if any). | string | Src/Dst: |
HTTP Host Header | Domain name of the server.
| string | Src/Dst: |
HTTP Return Code | HTTP status code.
| bigint | Src/Dst: |
HTTP Referrer | The address from which a destination webpage is requested. | string | Src/Dst: |
HTTP User Agent | User agent information identifying the client that submitted a request. | string | Src/Dst: |
Container Networking Dimensions
Kentik dimensions related to container networking are covered here.
Notes:
Container networking is currently supported in Kentik via Kubernetes. Support for other forms of container networking is planned.
Use of Kubernetes with Kentik requires a special software agent; for further information contact Kentik (see Customer Care).
Kubernetes Dimensions
These dimensions represent information, gathered by Kentik at ingest, about the setup of a Kubernetes-managed container (see What is Kubernetes). These fields are stored in the KDE flow records of traffic from the container.
Note: See also PATA Dimensions.
Dimension name (portal) | Description | Type: | Direction |
---|---|---|---|
Pod Name | The name of a pod, which represents a set of running containers on your cluster. | string | Src/Dst |
Pod Namespace | The scope within which the pod name is valid and unique. | string | Src/Dst |
Workload Name | The name of a workload, which is a system of services or applications that can run to fulfill a task or carry out a business process. | string | Src/Dst |
Workload Namespace | The scope within which the workload name is valid and unique. | string | Src/Dst |
Container Name | The name of an executable image that contains software and all of its dependencies. | string | Dst only |
Service Name | The name of a network application that is running as one or more pods in your cluster. | string | Src/Dst |
Service Namespace | The namespace in which the service is running. | string | Src/Dst |
PATA Dimensions
The values for process-aware telemetry agent (PATA) dimensions originate from Kentik's kappa host agent, a host-based telemetry agent providing ultra-efficient observability across production settings including both on-premises data centers and cloud infrastructure (see Kubernetes Dimensions & Metrics).
Notes:
The descriptions in the table below apply only in the context of Kubernetes.
See also Kubernetes Dimensions.
Dimension name (portal) | Description | Type | Direction |
---|---|---|---|
Process PID | The ID of the source or destination process of the flow. | integer | Src & Dst |
Process Name | The name of the source or destination process of the flow | string | Src & Dst |
Process Cmdline | The command entered at the CLI, related to the process ID of the source or destination process of the flow. | string | Src & Dst |
Process Container ID | The string (guid format) that uniquely identifies the container. | string | Src & Dst |
Node | The source or destination Kubernetes node that originated or terminated the flow. | string | Src & Dst |
Object Name | The Kubernetes object (pod or service name) for the source or destination pod in the traffic flow. | string | Src & Dst |
Object Namespace | The Kubernetes namespace of the source or destination pod in the traffic flow. | string | Src & Dst |
Object Type | The Kubernetes object type for the traffic flow (pod or service). | string | Src & Dst |
Container Name | The container name(s) related to the source or destination process ID. | string | Src & Dst |
Workload Name | The name of the workload that a pod or service was deployed as. | string | Src & Dst |
Workload Namespace | The namespace name of a source or destination traffic flow. | string | Src & Dst |
Object Labels | The object labels associated with source or destination traffic. | string | Src & Dst |
Cluster ID | A unique identifying integer that the cluster assigns to itself. | integer | Other |
© 2014-25 Kentik