Metrics & Dimensions

Metrics and dimensions, collected or derived from network data (flow, SNMP, BGP, etc.), are stored in the Kentik Data Engine (KDE) and used in the portal and APIs for group-by and filtering in queries. Metrics and dimensions are discussed in the following topics:

 

About Metrics

A metric combines a unit (e.g., bit) with a calculation method (e.g., average per second) to form a quantifiable measurement (e.g., average bits/second). In Kentik, metrics measure flows for counts, rankings (e.g., top-X lists), and thresholds (e.g., alerting).

Notes:
- For non-flow protocol metrics, see Non-flow Metrics.
- For device-specific metrics, see Device-specific Metrics.
- Some flow record metrics in KDE can be used as dimensions (see Per-flow Metrics.
- Metrics and dimensions are also utilized in the Query API, besides query settings in the Kentik portal.

 

Metrics in the Portal

The following table shows the main places in the Kentik portal where metrics are specified and used:

Portal location Primary Metric Secondary Metric
Library » Dashboards: Add View Panel or Edit View Panel dialog Query tab » Metrics pane, either:
Metrics dropdown;
Customize Metrics button » Metrics dialog (see Metrics Pane).
Query tab » Metrics pane » Customize Metrics » Metrics dialog.
Data Explorer: Query sidebar, Metrics pane. Query sidebar » Metrics pane (see Metrics Pane), either:
Metric drop-down;
Customize Metrics button » Metrics dialog.
Query sidebar » Metrics pane » Customize Metrics » Metrics dialog.
Alerting » Policies: Add Policy or Edit Policy dialog Dataset tab » Data Funneling pane » Primary Metric drop-down. Dataset tab » Data Funneling pane » Secondary Metric field.

 

Metrics Reference

This section details metrics for Kentik queries. Metrics generally apply to traffic from all device types (routers, hosts, etc., see Supported Device Types), with some specfic to host agents like Universal agent (see About the Universal Agent).

Metric Categories

Metrics in KDE Tables fall into these categories:

Category Description Agent
Metrics from All Devices Available from routers and hosts (see Supported Device Types). None or Universal
Host Traffic Metrics Available only from hosts (see About the Universal Agent). Universal
Application Decodes Metrics From application decodes like DNS and HTTP (see About Application Decodes). Universal
SNMP Metrics From SNMP polling (see SNMP OID Polling). None or kproxy
Streaming Telemetry Metrics From Streaming Telemetry (see Streaming Telemetry Device Support). None or kproxy
Device-specific Metrics For certain device types only (physical or virtual). None or kproxy

Note: Use the Category links above for specific metrics lists.

 

About Dimensions

In Kentik, dimensions represent specific flow data (see Flow Overview), sourced directly from flow records (e.g., NetFlow, sFlow), correlated sources (e.g., GeoIP, threat feeds), or derived by Kentik. Each dimension corresponds to an actual or derived column in the KDE Tables.

 

Dimensions in the Portal

Dimensions in the Kentik portal and the Query API are used for:

  • Group-by dimensions: Chosen via Dimension Selectors in the Dimensions pane (e.g., Query sidebar in Data Explorer).
  • Filters: Selected in the Filtering Options Dialog in the Filtering pane (e.g., Query sidebar in Data Explorer).

Dimension Locations

The table below details where dimensions are specified and used in the Kentik portal:

Portal section Group-by Filters
Dashboards Add View Panel or Edit View Panel dialog » Query tab » Dimensions pane.
- See Panel Dialogs.
Query sidebar » Filtering pane » Filtering Options dialog (via Edit Filters button) » Add Ad-Hoc Filter.
- See Filter Groups Interface.
Data Explorer Query sidebar » Dimensions pane » Group-by Dimensions dialog.
- See Dimension Selectors.
Query sidebar » Filtering pane » Filtering Options dialog (via Edit Filters button) » Add Ad-Hoc Filter.
- See Filter Groups Interface.
Alerting » Policies Add Policy or Edit Policy dialog » Dataset tab » Data Funneling pane » Dimensions. Add Policy or Edit Policy dialog » Dataset tab » Data Funneling pane » Filters.
Admin » User N.A. Add User or Edit User dialog » User Specific Filters pane.
- See User Settings Dialogs.
Admin » Saved Filters N.A. Add Saved Filter or Edit Saved Filter dialog » Ad-Hoc Filter Groups pane.
- See Saved Filter Admin Dialogs.

 

Dimensions Reference

This section details the dimensions available for group-by and filtering in Kentik queries. Generally, these dimensions can be used in queries involving traffic from all device types (routers, hosts, etc., see Supported Device Types). However, some dimensions are specific to traffic from host agents like the Universal agent (see About the Universal Agent).

Dimension Categories

Dimensions, representing actual or derived columnn in KDE Tables, fall into these functional categories:

Category Description Requires host agent
Network and Traffic Topology Filter/group-by device info like interface names, descriptions, port IDs. No
IP and BGP Routing Filter/group-by IPs, protocols, TCP flags, ToS, routing info (AS, paths, names, etc.), and per-flow metrics. No
Cloud Dimensions Filter/group-by VPC flow log fields from cloud providers. No
Geolocation Dimensions Filter/group-by physical location properties (country codes, city names, etc.). No
Application Context and Security Filter/group-by context factors (e.g., CDN origin/termination, service type) and security threats. No
Application Decodes Data on DNS lookups and HTTP (domain name, referrer, status). Yes
Container Networking Dimensions Related to Kubernetes.
Note: Use of Kubernetes with Kentik requires a special software agent; contact Customer Success for further information.
 
Device Metrics Dimensions Filter/top-X evaluations based on device metrics (e.g., SNMP, Streaming Telemetry). Yes
MPLS Dimensions Related to Multiprotocol Label Switching.  
Device-specific Dimensions Filter/group-by fields in flow records from specific devices (e.g., Palo Alto Networks firewalls or Cisco ASA). No

Notes:
- Use the Category links above for specific dimensions lists.
- For more about dimensions requiring a host agent, see Host Traffic Dimensions.

 

Host Traffic Dimensions

Certain dimensions are exclusive to traffic from the Universal agent, Kentik's software host agent (see About the Universal Agent):

  • DNS Query: Translates domain names to IPv4 or IPv6 addresses.
  • DNS Query Type: Specifies the resource record type requested (see List of DNS Record Types).
  • DNS Response: Includes resource records (RRs) like:
    - A: IPv4 address for given host.
    - AAAA: IPv6 address for given host.
    - CNAME: Domain name used to resolve the original DNS query.
    - PTR: Look up a domain name based on an IP address.
    - MX: Mail exchange server for a DNS domain name.
    - NS: Authoritative name server for given host.
    - TXT: Non-formatted text string typically used by Sender Policy Framework (SPF) to prevent the sending of emails using a fake identity.
  • DNS Return Code: Status code from a DNS query (see DNS Parameters).
  • HTTP Host Header: Indicates the server's domain name.
  • HTTP Referrer: Indicates the source address of a webpage request.
  • HTTP Return Code: HTTP status codes (see HTTP Status Codes
  • HTTP User Agent: Identifies the client making the request.
  • HTTP URL: Filename portion of a web resource path, including query string if present.

Note: Kentik supports substring matching in certain host-sourced group-by dimensions (see DNS/WWW Extract Function).

© 2014- Kentik
In this article:
×