About Kentik

This article provides a basic introduction to Kentik, with answers to the following questions:

Kentik achieves unrivaled network observability by integrating flow-based analytics, NMS, and synthetic testing.
 

What is Kentik?

Kentik is an open, scalable platform for collecting, analyzing, and visualizing data about the health and performance of your organization's networks. It supports both on-prem infrastructure (e.g., data centers) and cloud resources, correlating real and synthetic traffic data for both real-time and historical insights.

Kentik's purpose-built data platform sets up in minutes, offering tools to identify and explain unusual activity, with real-time alerts for performance issues and attacks. The web-based Kentik portal enables advanced traffic analytics, synthetic testing, and network protection with alerts and mitigations. The Kentik platform also integrates with your other tools and systems via Kentik REST APIs.

 

What traffic data is collected?

Kentik collects two main types of traffic data:

  • Kentik supports flow data export from a huge variety of devices.Flow data: Includes packets traversing physical devices (routers, switches, hosts) or virtual devices (e.g., VPNs in cloud resources, see Supported Device Types). Flow data is collected using protocols like protocols sFlow, IPFIX, or NetFlow (see About Flow) and varies by setting:
    - Data Center: Flow data is cached and sent to Kentik at a specified interval if enabled on a physical device.
    - Cloud Provider: Flow logs are published to a cloud bucket for Kentik to access.
  • Metrics: Collected via Kentik’s Network Monitoring System (NMS) from entities supporting SNMP and/or Streaming Telemetry, Kentik normalizes data for consistent dashboards, queries, and alerts regardless of the source. Our NMS supports traditional device monitoring, graphing interface statistics, sending alerts, and creating dashboards, but also leverages other types of data to provide deeper analytics.

Kentik enriches traffic data with additional information and stores them in time series flow records, including:

  • SNMP (non-NMS): For interface names/descriptions and flow level validation (see SNMP OID Polling).
  • GeoIP: For determining the country, region, and city of flow sources and destinations.
  • BGP: For extracting source/destination AS Path and community information (see BGP Overview), enabling features such as Discover Peers.
  • Host traffic data: Correlated with flow data to provide host information, including URLs, DNS queries, and performance metrics like retransmits and fragments (see Host Traffic Dimensions and Host Traffic Metrics).
  • Classification data: Provides business intelligence on the role of interfaces for traffic ingress and egress (see Interface Classification).
  • Threat feeds: Daily data from Spamhaus, correlated with flow data to identify hosts and IPs flagged as security threats.

For a more details on the data stored in KDE, refer to the Dimension Categories and Dimensions Reference.

 

What synthetic testing is supported?

Kentik's Synthetics workflows are easy to set up and cost effective to run. Enable testing by deploying Kentik's ksynth software agent (see About Synthetics Agents) in the following two contexts:

  • Public Agents: Part of the Kentik Global Agent Network, located in major Internet hubs and cloud regions (AWS, GCP, Azure, OCI), accessible to all Kentik customers.
  • Private Agents: Deployed in your physical infrastructure or cloud resources, accessible only to your organization.

Ping and traceroute tests performed continuously with public and/or private agents generate key metrics (latency, jitter, and loss) that are evaluated for network health and performance.

Kentik also intelligently guides synthetic testing based on actual traffic patterns, optimizing resources for maximum impact. For more details, see the Synthetics Overview.

The Synthetics Dashboard is the landing page for Synthetics.
 

How is flow data collected?

Kentik can collect flow data from the following sources:

  • Direct: Flow data is sent directly from routers or switches to Kentik servers (see About Devices).
  • Host agent: Data is collected from hosts using Kentik’s software host agent (see About the Universal Agent), which aids in performance issue debugging by analyzing TCP retransmits per flow.
  • Proxy agent: Flow data is collected via a locally hosted instance of kproxy, Kentik's NetFlow Proxy Agent, which can handle both flow and SNMP data.
  • Cloud providers: Supported cloud resources (e.g., AWS, Azure, GCP, OCI) generate flow logs that are published to cloud buckets, accessible to Kentik via API (see Cloud Overview).
 

How do I access my data?

You can access your data in Kentik through the following methods:

  • Portal: Use the Kentik portal’s UI, including Data Explorer, Dashboards, and the Query Editor, to view your data.
  • APIs: Access your data programmatically via Kentik APIs (see About Kentik APIs).
  • Firehose: Utilize Firehose, supported by the ktranslate agent, to integrate enriched flow records into other (non-Kentik) analytics systems or data lakes (see Using Kentik Firehose).
 

Anything else I should know?

To get started with Kentik:

  • Explore the Knowledge Base, starting with the Portal Overview for key features of Kentik's v4 portal.
  • Use the KB Tips from the question mark icon in the KB's main navbar for guidance.
  • Navigate the KB via the main menu (hamburger icon) or the sidebar’s Contents tab.
  • Use Search Tips in the sidebar's Search tab to refine your searches.
  • Access the How-To’s library from the Contents tab for step-by-step task procedures.

For questions, contact Customer Care.

© 2014- Kentik
In this article:
×