KDE Tables

This article covers the following topics related to the tables of the Kentik Data Engine (KDE):

Notes:
- For general information about KDE, see KDE Overview.
- As of May 1st, 2025, the Query SQL Method has been deprecated and is no longer supported.

 

About KDE Tables

KDE keeps a discrete set of databases for the flow records of each customer. These databases are made up of “main tables” for the flow records and associated data received for each device (router or host) as well as for supplemental data that is derived from the flow data. The data for all devices of a given customer are also merged into that customer's All Devices Table.

The columns in these tables form the basis for the dimensions (see Dimensions Reference) that are used for filtering and group-by in Kentik queries. Most of these dimensions are exposed in the portal UI's dimension selectors for filtering (see Dimension Selector Dialog) and group-by (see Dimension Selectors).

 

Universal Data Records

Universal Data Records is Kentik's technique for populating the fields of KDE tables. As described in About KDE Tables, many of the columns of the main tables in which flow data is stored correspond to fields of the flow records ingested from individual devices. Rather than reserving columns for fields that are not used by a given device type (router, switch, firewall, etc.), Universal Data Records varies the mapping of fields to columns depending on the device type. This flexible schema enables Kentik to rapidly extend KDE's support for storing and querying data from new and disparate sources, which allows visibility into a much wider range of data points about customer networks and infrastructure. Among the many advantages of this approach are the ability to store vendor-specific flow fields (see Device-specific Dimensions), increased capacity for Custom Dimensions, and the ability to store data from flow records with non-standard fields.

 

Main Table Columns

Columns of the main table not exposed as filter and/or group-by dimensions in the portal UI were previously covered in this topic. These columns were available

only when querying with SQL via the Query SQL Method of the Query API, which as of May 1st, 2025, has been deprecated and is no longer supported.

 

Using Main Tables

The use of KDE Main Table columns via the Query SQL Method has been deprecated as of May 1st, 2025, and is no longer supported.

 

All Devices Table

In addition to the individual table for each device, each customer’s database includes a special table named all_devices, which is a merge into one table of the data from all of that customer’s devices. The All Devices table includes all the fields of an individual device table, but also includes the following additional fields:

Column Type Description
i_device_id text Kentik-assigned unique numerical ID of the device.
Used for all functions.
i_device_name text User-defined name for the device.
i_device_site_name text Name of the site to which the device has been assigned (see About Sites). If the device hasn't been assigned to a site, returns an empty string.
Notes:
- Supported operators for WHERE clause: case-insensitive equality, LIKE, IN, and regex matching.
- Site assignments in the table may lag Admin settings by up to 10 minutes.
i_device_type text Type of device, e.g. router or host (see Supported Device Types).
Note: Used only for selection (filtering with WHERE clause), not for display or GROUP_BY.

The additional fields of the All Devices table can be used to filter returned data by individual routers, or to further group by device using i_device_id.

Note: The All Devices fields above are exposed as filtering and group-by dimensions in the portal (see Dimensions Reference).

© 2014- Kentik
In this article:
×