General Dimensions
General dimensions are listed in the following topics:
- About General Dimensions
- Network and Traffic Topology
- Cloud Dimensions
- Geolocation Dimensions
- Application Context and Security
- Application Decodes
- Container Networking Dimensions
Notes:
- The categorization of dimensions in the topics below corresponds to the categories by which the dimensions are shown in the Dimension Selector Dialog (part of the ad hoc filter controls in the Filtering Options dialog).
- Except where noted, the dimensions listed in the tables below are available for both filtering and group-by.
- The value type refers to the data type (text, integer, etc.) of the dimension value.
- The column type refers to whether the dimension is literally stored in KDE (native) or derived at query-time from other KDE-stored information (virtual); see KDE Query Efficiency.
- The KDE name(s) given below, which represent the KDE column(s) corresponding to each dimension, may be used in API queries made with the Query SQL Method.
- Some columns are native (actually stored in the backend) while others are virtual (derived from other information). In general, filtering with dimensions based on native columns will return results faster than filtering with dimensions based on virtual columns.
About General Dimensions
In Kentik, general dimensions are dimensions that aren't collected as non-flow device metrics (e.g. SNMP or Streaming Telemetry) and also aren't specific to a particular device, such as a model of router. The general dimensions that are available in a given setting, such as the Query sidebar in Data Explorer (see Dimension Panes), vary depending on the category of the device (Router or Host; see Supported Device Types) as well as the specific device type.
If you don't find a given dimension in this article:
- For dimensions related to traffic routing, see Routing Dimensions.
- For dimensions that are collected as non-flow device metrics, see Device Metrics Dimensions.
- For dimensions that are device-specific, see Device-specific Metrics.
Network and Traffic Topology
This category of dimensions is used to filter or group-by on information related to devices including interface names and descriptions, port IDs, etc.
Note: The following dimensions are represented differently in the group-by Dimension Selectors (Group By Dimensions and Matrix By Dimensions dialogs) than in filtering (see Dimension Selector Dialog):
- Device Name is represented as the Device dimension.
- Interface Name and Description are represented by the Interface dimension.
- Traffic Orig/Term is represented as two separate dimensions, Traffic Origination and Traffic Termination.
- Ultimate Exit Interface Name and Description are represented by the Ultimate Exit Interface dimension.
Device Info Dimensions
Dimensions related to devices (see About Devices):
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| Device ID | Kentik-assigned unique numerical ID of the device (see Device General Settings). | string Virtual |
Non-directional: i_device_id |
| Device Name | User-defined name for the device (see Device General Settings). | string Virtual |
Non-directional: i_device_name |
| Device Type | Type of device: router, host, etc. (see Supported Device Types). Note: Used only for selection (filtering with WHERE clause), not for display or GROUP_BY. |
string Virtual |
Non-directional: i_device_type |
| Site | Name of the site to which the device has been assigned (see About Sites). If the device hasn't been assigned to a site, returns an empty string. Notes: - Supported operators for WHERE clause: case-insensitive equality, LIKE, IN, and regex matching. - Site assignments in the table may lag Admin settings by up to 10 minutes. |
string Virtual |
Non-directional: i_device_site_name |
| Device Labels | A label assigned to a collection of devices (see About Device Labels). | string Virtual |
Non-directional: i_device_label |
Interface Info Dimensions
Dimensions related to interfaces (see About Interfaces):
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| Interface ID | ID of the receiving/sending host or router interface (see Interface Field Definitions). | int Native |
Src/Dst: input_port, output_port |
| Interface Name | The Name (e.g. “GigabitEthernet0/1”) of the device interface (physical or logical) through which flow ingressed/egressed (see Interface Field Definitions). | string Virtual |
Src/Dst: i_input_interface_description, i_output_interface_description |
| Interface Description | The Description (e.g. “Connected to upstream ISP”) of the device interface (physical or logical) through which flow ingressed/egressed (see Interface Field Definitions). | string Virtual |
Src/Dst: i_input_snmp_alias, i_output_snmp_alias |
| Interface Capacity | The speed of the device interface through which flow ingressed/egressed (see Interface Field Definitions). | bigint Virtual |
Src/Dst: i_input_interface_speed, i_output_interface_speed |
Interface Classification Dimensions
Dimensions related to interface classification (see Interface Classification):
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| Connectivity Type | The connectivity type, such as transit, IX peering, etc., of the source/destination interface of this flow (see Connectivity Type Attribute). | string Virtual |
Src/Dst: i_src_connect_type_name, i_dst_connect_type_name |
| Network Boundary | The network boundary value (internal or external) of the source/destination interface of this flow (see Network Boundary Attribute). | string Virtual |
Src/Dst: i_src_network_bndry_name, i_dst_network_bndry_name |
| Provider | A string representing the provider via which source/destination traffic over a given interface reaches the Internet (see About Provider Classification). | string Virtual |
Src/Dst: i_src_provider_classification i_dst_provider_classification |
Network Classification Dimensions
Dimensions related to network classification (see Network Classification):
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| Traffic Orig/Term | Indicates the location (inside or outside) of the source/destination of the flow (see Network Classification Dimensions). | string Virtual |
Src/Dst: i_trf_origination, i_trf_termination |
| Host Direction | If flow record is from host, indicates whether the direction of traffic is into or out of that host (see Network Classification Dimensions). | string Virtual |
Non-directional: i_host_direction |
| Traffic Profile | The origination and termination of the flow (see Network Classification Dimensions). | string Virtual |
Non-directional: i_trf_profle |
| Simple Traffic Profile | Alternate dimension for origination and termination of the flow (see Network Classification Dimensions). | string Virtual |
Non-directional: simple_trf_prof |
Ultimate Exit Dimensions
Dimensions related to Ultimate Exit (see Using Ultimate Exit):
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| Ultimate Exit Interface ID | Number of port through which the flow leaves (see Network Classification Dimensions). | bigint Native |
Non-directional: ult_exit_port |
| Ultimate Exit Interface Name | The SNMP description (portal name) of the interface through which the flow leaves (see Network Classification Dimensions). | string Virtual |
Non-directional: i_ult_exit_interface_description |
| Ultimate Exit Interface Description | The SNMP alias (portal description) of the interface through which the flow leaves (see Network Classification Dimensions). | string Virtual |
Non-directional: i_ult_exit_snmp_alias |
| Ultimate Exit Connectivity Type | The connectivity type value of the interface through which traffic left the network for another AS (see Network Classification Dimensions). | string Virtual |
Non-directional: i_ult_exit_connect_type_name |
| Ultimate Exit Network Boundary | The network boundary value of the interface through which traffic left the network for another AS (see Network Classification Dimensions). | string Virtual |
Non-directional: i_ult_exit_network_bndry_name |
| Ultimate Exit Provider | A string representing the ultimate exit provider (see Why Ultimate Exit). | string Virtual |
Non-directional: i_ult_provider_classifcation |
| Ultimate Exit Site | The name of the site through which the flow leaves (see Why Ultimate Exit). | string Virtual |
Non-directional: i_ult_exit_site |
| Ultimate Exit Device | The name of the device through which the flow leaves (see Why Ultimate Exit). | string Virtual |
Non-directional: i_ult_exit_device_name |
LAN Dimensions
Dimensions related to LAN properties:
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| VLAN | ID of receiving/sending VLAN. | int Native |
Src/Dst: vlan_in, vlan_out |
| MAC Address | Ethernet (L2) address of source/destination. Usage described in MAC Address Columns. | string Native |
Src/Dst: src_eth_mac, dst_eth_mac |
Cloud Dimensions
The dimensions used to filter or group-by on fields in VPC flow logs from cloud providers are covered in the following topics:
General Cloud Dimensions
These dimensions are applicable to all cloud providers for which flow log ingest is supported by Kentik (e.g. AWS, GCP, or Azure).
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| Cloud Provider | The cloud provider (e.g. AWS, GCP, or Azure) from which Kentik retrieved the flow log containing the data in this flow record. | string native |
Non-directional: kt_cloud_provider |
AWS Dimensions
The dimensions below represent data in flow logs from resources in Amazon Web Services (see Kentik for AWS).
Note: AWS documentation for many of these fields may be found in the Amazon VPC User Guide topic Available fields.
Directional AWS Dimensions
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| Account | Source/destination AWS account. | int Virtual |
Src/Dst: kt_aws_src_acc_id, kt_aws_dst_acc_id |
| Instance Name | Source/destination AWS instance name. | string Virtual |
Src/Dst: kt_aws_src_vm_name, kt_aws_dst_vm_name |
| Instance | Source/destination AWS instance | string Virtual |
Src/Dst: kt_aws_src_vm_id, kt_aws_dst_vm_id |
| Region | Source/destination AWS Region. | string Virtual |
Src/Dst: kt_aws_src_region, kt_aws_dst_region |
| Zone | Source/destination AWS Availability Zone. | string Virtual |
Src/Dst: kt_aws_src_zone, kt_aws_dst_zone |
| Instance Type | Source/destination AWS Instance Type. | string Virtual |
Src/Dst: kt_aws_src_vm_type, kt_aws_dst_vm_type |
| Image ID | Source/destination AWS Image ID. | string Virtual |
Src/Dst: kt_aws_src_image_id, kt_aws_dst_image_id |
| Security Group | Source/destination security group. | string Virtual |
Src/Dst: kt_aws_src_sg, kt_aws_dst_sg |
| Auto Scaling Group | Source/destination auto scaling group. | string Virtual |
Src/Dst: kt_aws_src_asg, kt_aws_dst_asg |
| Public DNS Name | Source/destination public DNS name. | string Virtual |
Src/Dst: kt_aws_src_pub_dns, kt_aws_dst_pub_dns |
| Private DNS Name | Source/destination private DNS name. | string Virtual |
Src/Dst: kt_aws_src_priv_dns, kt_aws_dst_priv_dns |
| VPC ID | Source/destination VPC ID. | string Virtual |
Src/Dst: kt_aws_src_vpc_id, kt_aws_dst_vpc_id |
| Subnet ID | Source/destination subnet ID. | string Virtual |
Src/Dst: kt_aws_src_subnet_id, kt_aws_dst_subnet_id |
| Instance Tags | Tags applied to VMs by users. | string Virtual |
Src/Dst: kt_aws_src_vm_tags, kt_aws_dst_vm_tags |
| Packet Address | The packet-level (original) source/destination IP address of the traffic. See pkt-srcaddr/pkt-dstaddr in AWS documentation. | bytes/IP Address UDR |
Src/Dst N.A. |
| Gateway ID | The ID of the gateway through which the flow entered your AWS resources. | string UDR |
Dst only N.A. |
| Gateway Type | The type of the gateway through which the flow entered your AWS resources | string UDR |
Dst only N.A. |
| Forwarding State | The route state of the destination prefix: - “active” if traffic is flowing towards an active route; - “blackholed” if traffic is flowing towards a blackhole route. |
string UDR |
Dst only N.A. |
| Interface ID | The ID (inferred from IP address) of the first (for source) or last (for destination) Elastic Network Interface on which the flow was recorded. | string UDR |
Src/Dst N.A. |
| Interface Type | The type of the network interface that recorded the flow: 0 - No value provided 1 - Unknown 2 - interface 3 - nat_gateway 4 - lambda 5 - transit_gateway 6 - vpc_endpoint 7 - network_load_balancer 8 - gateway_load_balancer_endpoint 9 - trunk 10 - global_accelerator_managed |
int UDR |
Src/Dst N.A. |
| AWS Service | The name of the subset of IP address ranges for the pkt-srcaddr field, if the source IP address is for an AWS service. For possible values see pkt-src-aws-service in AWS documentation. | int UDR |
Src/Dst N.A. |
| ENI Description | The description field of the Elastic Network Interface that recorded the flow. | string UDR |
Src/Dst N.A. |
| ENI Entity Name | The name of the entity based on the Elastic Network Interface that recorded the flow. | string UDR |
Src/Dst N.A. |
Non-directional AWS Dimensions
| Dimension name (portal) |
Description | Type: value column |
KDE name(s) |
| Firewall Action | The action associated with the traffic: - ACCEPT: The recorded traffic was permitted by the security groups or network ACLs. - REJECT: The recorded traffic was not permitted by the security groups or network ACLs. |
string Virtual |
kt_aws_action |
| Logging Status | The logging status of the flow log: - OK: Data is logging normally to the chosen destinations. - NODATA: There was no network traffic to or from the network interface during the capture window. - SKIPDATA: Some flow log records were skipped during the capture window. This may be because of an internal capacity constraint, or an internal error. |
string Virtual |
kt_aws_status |
| Start Time | The time, in Unix seconds, when the first packet of the flow was received within the aggregation interval. This might be up to 60 seconds after the packet was transmitted or received on the network interface. | bigint UDR |
N.A. |
| End Time | The time, in Unix seconds, when the last packet of the flow was received within the aggregation interval. This might be up to 60 seconds after the packet was transmitted or received on the network interface. | bigint UDR |
N.A. |
| Interface ID | The ID of the network interface that recorded the flow. | string UDR |
N.A. |
| Flow Log Account ID | The AWS account ID of the owner of the source network interface that recorded the flow. Note: This value may be unknown when the interface is created by an AWS service, e.g. when creating a VPC endpoint or Network Load Balancer. |
string UDR |
N.A. |
| Flow Direction | The direction of the flow with respect to the interface where traffic is captured: - ingress - egress. |
string UDR |
N.A. |
| Traffic Path | The path that egress traffic (see Flow Direction) takes to the destination: 1 - Through another resource in the same VPC 2 - Through an internet gateway or a gateway VPC endpoint 3 - Through a virtual private gateway 4 - Through an intra-region VPC peering connection 5 - Through an inter-region VPC peering connection 6 - Through a local gateway 7 - Through a gateway VPC endpoint (Nitro-based instances only) 8 - Through an internet gateway (Nitro-based instances only) Note: If none of the above values apply, the field is set to "-" |
int UDR |
N.A. |
| Cloud Ultimate Exit | The last gateway the flow will traverse on its way to the destination IP address. | string UDR |
N.A. |
| Cloud Ultimate Exit Type | The type of the last gateway the flow will traverse on its way to the destination IP address: - Virtual Gateway - Customer Gateway - Transit - Internet - VPC Peering Gateway - Egress Only Internet Gateway - NAT Gateway - Carrier Gateway |
string UDR |
N.A. |
Azure Dimensions
These dimensions represent data in flow logs from resources in Microsoft Azure (see Kentik for Azure).
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| Instance Name | The name of the Azure instance (VM) that generated the flow log. | string Native |
Src/Dst: kt_az_src_inst_name, kt_az_dst_inst_name |
| Instance | The raw ID of the log-generating instance, which is useful for programmatic management of compute resources. | string Native |
Src/Dst: kt_az_src_inst_id, kt_az_dst_inst_id |
| Region | The geographical region of the Azure instance, which corresponds to a specific set of Azure data centers in which the instance may run. | string Native |
Src/Dst: kt_az_src_region, kt_az_dst_region |
| Zone | The High Availability Zone where the instance is currently deployed, which corresponds to a specific data center within a region. | int Native |
Src/Dst: kt_az_src_zone, kt_az_dst_zone |
| Instance Type | The kind of instance-generated flow logs, which may be Azure-provided or custom-built. These values do not follow a standard naming nomenclature. | string Native |
Src/Dst: kt_az_src_inst_type, kt_az_dst_inst_type |
| Public DNS Name | The publicly resolvable DNS name for an instance. | string Native |
Src/Dst: kt_az_src_fqdn, kt_az_dst_fqdn |
| VNet ID | An identifier for the virtual network object in which an instance resides. A virtual network is a collection of subnets within a given region. | string Native |
Src/Dst: kt_az_src_vnet, kt_az_dst_vnet |
| Subnet Name | The name of a subnet resource assigned to a virtual network. | string Native |
Src/Dst: kt_az_src_subnet, kt_az_dst_subnet |
| Resource Group | A set of related technical resources (disk, storage, VMs, APIs, services, etc.) that can be accessed as a group for bulk operations. | string Native |
Src/Dst: kt_az_src_resource_group, kt_az_dst_resource_group |
| Public IP Address | The public IP address assigned to an Azure instance. Public IP addresses are not assigned by default. | string Native |
Src/Dst: kt_az_src_public_ip, kt_az_dst_public_ip |
| Subscription | A top-level administrative object representing a set of resources that will be billed together in a monthly cycle. All Azure resources are tied to a subscription, which may contain multiple resource groups. | string Native |
Src/Dst: kt_az_src_sub_id, kt_az_dst_sub_id |
| Security Rule | The name of the security rule by which this flow was allowed or denied as it passed through a security group (see below) on its way to or from an Azure instance. | string Native |
Src/Dst: ktsubtype__azure_subnet__STR01, ktsubtype__azure_subnet__STR00 |
| Firewall Action | The actions (allow or deny) taken on this flow by the security rules by which it was evaluated on the way to or from an Azure instance. | string Native |
Src/Dst: ktsubtype__azure_subnet__STR03, ktsubtype__azure_subnet__STR02 |
| Security Group | A collection of enforced security policies (each a collection of rules) at the edge of a virtual network and/or applied to a network interface attached to an instance. Traffic to an instance from the internet must pass through at least one security group at the edge of the virtual network and may also pass through an additional security group attached to the interface of an instance. | string Native |
Src/Dst: kt_az_src_nsg_name, kt_az_dst_nsg_name |
GCP Dimensions
These dimensions represent data in flow logs from resources in Google Cloud Platform (see Kentik for GCP).
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| Project ID | Source GCE Project ID. | string Virtual |
Src/Dst: kt_gce_src_proj_id, kt_gce_dst_proj_id |
| VM Name | Source VM Name. | string Virtual |
Src/Dst: kt_gce_src_vm_name, kt_gce_dst_vm_name |
| Region | Source VM Name. | string Virtual |
Src/Dst: kt_gce_src_region, kt_gce_dst_region |
| Zone | Source VM Name. | string Virtual |
Src/Dst: kt_gce_src_zone, kt_gce_dst_zone |
| Subnet Name | Source GCE Subnet Name. | string Virtual |
Src/Dst: kt_gce_src_vpc_snn, kt_gce_dst_vpc_snn |
| VM Type | Source VM type. | string Virtual |
Src/Dst: kt_gce_src_vm_type, kt_gce_dst_vm_type |
| Image ID | Source image ID. | string Virtual |
Src/Dst: kt_gce_src_vm_image, kt_gce_dst_vm_image |
| Instance Group ID or Name | Src instance group ID or name. | string Virtual |
Src/Dst: kt_gce_src_vm_group, kt_gce_dst_vm_group |
| Reporter | Indicates where the flow was collected/reported: - By the source VM/instance if value is SRC; - By the destination VM/instance if value is DEST. |
string Virtual |
Non-directional: kt_gce_reporter |
IBM Dimensions
IBM Cloud dimensions are based on the header fields and flow log fields of flow logs exported from resources in IBM Cloud (see Kentik for IBM Cloud).
Note: Additional details about many of these fields may be found in the IBM documentation topic Flow log fields.
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| Region | The region alias of the bucket that holds the flow logs. | string | Src/Dst |
| Availability Zone | The availability zone that is the source/destination of the flow. | string | Src/Dst |
| VPC | The ID of the virtual network that is the source/destination of the flow. | string | Src/Dst |
| Subnet | The ID of the subnet within the VPC that is the source/destination of the flow. | string | Src/Dst |
| Vnic | The ID of the source/destination vNIC (virtual Network interface Controller) | string | Src/Dst |
| Instance | The CRN (Cloud Resource Name) of the instance to which the vNIC is attached. | string | Src/Dst |
| Start Time | When the first byte in a flow log was captured and seen in the data path. | string | Non-directional |
| End Time | When the last byte in a flow log was captured and seen in the data path. | string | Non-directional |
| Action | Indicates whether the traffic summarized by this flow was accepted) or rejected. | string | Non-directional |
| Direction | If the first packet on the connection was received by the vNIC, the direction is I (inbound). If the first packet was sent by the vNIC, the direction is O (outbound). | string | Non-directional |
| Account | An IBM Cloud customer account. | string | Non-directional |
| Endpoint Type | The type of endpoint, currently only "vnic" | string | Non-directional |
| Record Type | The type of traffic included in the flow (all, ingress, egress, or internal). | string | Non-directional |
Geolocation Dimensions
These dimensions are used to filter or group-by on flow properties related to physical location.
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| Custom Geo | A collection of countries that have been assigned a common geographical label (see About Custom Geo). | string Native |
Src/Dst: kt_src_market, kt_dst_market |
| Country | Two-letter country code associated with the source/destination IP of the flow. | string Native |
Src/Dst: src_geo, dst_geo |
| Region | Full-string English name of the region (state or province, e.g. "California") associated with the source IP of the flow. | string Native |
Src/Dst: src_geo_region, dst_geo_region |
| City | Full-string English name of the city (e.g. "San Francisco") associated with the source IP of the flow. | string Native |
Src/Dst: src_geo_city, dst_geo_city |
| Site Country | A country in which your organization has sites; enables the grouping, with a single dimension, of traffic from all sites in a given country. | string Virtual |
Non-directional: i_device_site_country |
| Ultimate Exit Site Country | The name of the country containing the site through which flow leaves. | string Virtual |
Non-directional: i_ult_exit_site_country |
Application Context and Security
These dimensions are used to filter or group-by based on various factors related to context — whether a flow originated or terminated with a commercial CDN, for example, or what "service" (port and protocol) it represents — as well as whether the value of certain flow fields match those of known security threats.
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| Cloud | The name of the vendor (e.g. AWS, GCP, Azure, etc.) operating the cloud computing service in which this flow originated (src) or terminated (dst). The value is derived by checking the IP address (src or dst) in the flow against the cloud provider's list of IPs. | string Native |
Src/Dst: kt_src_cloud kt_dst_cloud |
| Cloud Service | The name that a cloud computing vendor assigns to the service in which a flow originated (src) or terminated (dst). The value is derived by checking the IP address (src or dst) in the flow against the cloud provider's list of IPs. | string Native |
Src/Dst: kt_src_cloud_service kt_dst_cloud_service |
| CDN | Commercial CDN (if any) with which the flow originated/terminated (see CDN Attribution Dimensions). Note: This dimension is available only for organizations with CDN Attribution enabled. |
string Native |
Src/Dst: src_cdn, dst_cdn |
| Service (Port + Proto) | The combination of the port and protocol of the source/destination flow. Note: This dimension is available only for group-by. For filtering, use Port Number and Protocol. |
string Virtual |
Src/Dst: N.A. |
| Bot Net CC | A source/destination IP for the flow that has been identified as a botnet command and control (CC) servers (see Threat Feed Dimensions). | string Native |
Src/Dst: src_threat_bnetcc, dst_threat_bnetcc |
| Threat List Host | A source/destination IP for the flow that has been identified as a threat (see Threat Feed Dimensions). | string Native |
Src/Dst: src_threat_host, dst_threat_host |
| Application | An identifying string for the application associated with a flow, which is either derived by evaluating flow data or provided in the flow data itself (see About Applications). | string Native |
Non-directional: application |
| TCP Flags | TCP flags that were set on the flow using a flow mask (TCP Flag Filtering). | int Native |
Non-directional: tcp_flags |
| OTT Service | An individual OTT content service whose hostname is looked up via DNS. | string Native |
Non-directional: ott_service |
| OTT Service Type | The nature of the content provided by an OTT content service. Values include Adult, Ads, Antivirus, Audio, Cloud, Conferencing, Dating, Developer Tools, Documents, Ecommerce, File Sharing, Gaming, IoT, Mail, Maps, Media, Messaging, Network, Newsgroups, Photo Sharing, Social, Software Download, Software Updates, Storage, Video, VPN, Web. | string Virtual |
Non-directional: N.A. |
| OTT Service Provider | An entity that offers an OTT content service. For example Google is the provider for Google Drive, GMail, Google Maps, etc. | string Virtual |
Non-directional: N.A. |
Application Decodes
Dimensions related to "application decodes" are covered in the following topics:
About Application Decodes
Application decodes dimensions are used to filter or group-by based on host-related fields (e.g. HTTP and DNS-related fields) with which Kentik enriches flow records from our software host agent (see About kprobe). Kentik originally allocated this data to a fixed set of KDE columns but later switched to the more efficient approach of storing it in UDR columns (see Universal Data Records). As a result, data from current kprobe versions is queried via dimensions that are categorized as "Application Decodes" in the portal UI while data from kprobe versions older than 1.3.0 is queried via dimensions that are now categorized as "Legacy Application Decodes."
Note: To determine the version of a given instance of kprobe, use the --version argument described in Print-related Configuration.
Application Decodes Dimensions
The dimensions in the table below correspond to application decode fields from kprobe version 1.3.0 and above, which use UDR columns in KDE (see Universal Data Records).
Notes:
- These dimensions are all non-directional.
- For application decodes metrics, see Application Decodes Metrics.
- The dimensions below require Kentik's kprobe software host agent (see About kprobe).
DNS Dimensions
Dimensions related to DNS properties (see Host Traffic Dimensions):
| Dimension name (portal) |
Description | Type: value column |
Direction |
| DNS Query Name | Query from a DNS resolver to a DNS name server. | string UDR |
Non-directional |
| DNS Query Type | The resource record type requested by the DNS query. | bigint UDR |
Non-directional |
| DNS Reply Code | DNS return code (see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6). | bigint UDR |
Non-directional |
| DNS Reply Data | The response from a DNS server to a DNS query. | string UDR |
Non-directional |
HTTP Dimensions
Dimensions related to HTTP properties (see Host Traffic Dimensions):
| Dimension name (portal) |
Description | Type: value column |
Direction |
| HTTP URL | Filename portion of path, with query string (if any). | string UDR |
Non-directional |
| HTTP Host | Domain name of the server. | string UDR |
Non-directional |
| HTTP Referrer | The address from which a destination webpage is requested. | string UDR |
Non-directional |
| HTTP URL | Filename portion of path, with query string (if any). | string UDR |
Non-directional |
| HTTP Host | Domain name of the server. | string UDR |
Non-directional |
TLS Dimensions
Dimensions related to Transport Layer Security (see IETF RFC8446):
| Dimension name (portal) |
Description | Type: value column |
Direction |
| TLS Server Name | The Server Name Indication (SNI), which is a TLS extension by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. | string UDR |
Non-directional |
| TLS Server Version | The version of the TLS server (as of August 2018 the current version was 1.3). | int UDR |
Non-directional |
| TLS Cipher Suite | A set of cryptographic algorithms used to create keys and encrypt information for TLS. | int UDR |
Non-directional |
DHCP Dimensions
Dimensions related to Dynamic Host Configuration Protocol (see IETF RFC2131):
| Dimension name (portal) |
Description | Type: value column |
Direction |
| DHCP OP | Message op code / message type: 1 = BOOTREQUEST, 2 = BOOTREPLY. | int UDR |
Non-directional |
| DHCP Message Type | The type of the DHCP message, e.g. DHCPDISCOVER, DHCPOFFER, etc. (see DHCP Message Type). | int UDR |
Non-directional |
| DHCP CI Address | A client IP address (ciaddr) that has already been allocated and accepted; only filled in if client is in BOUND, RENEW or REBINDING state and can respond to ARP requests. | string UDR |
Non-directional |
| DHCP YI Address | The IP address of the client (yiaddr) as allocated by the server and accepted by the client. | string UDR |
Non-directional |
| DHCP SI Address | The IP address of next server to use in bootstrap (siaddr). | string UDR |
Non-directional |
| DHCP Lease | In a client request (DHCPDISCOVER or DHCPREQUEST), the requested lease time for the IP address; in a server reply, the lease time offered by the server (see IP Address Lease Time). | int UDR |
Non-directional |
| DHCP CH Address | The client hardware address (chaddr). | string UDR |
Non-directional |
| DHCP Hostname | The name of the client (see Host Name Option). | string UDR |
Non-directional |
| DHCP Domain | The domain name that client should use when resolving hostnames via the Domain Name System (see Domain Name Option). | string UDR |
Non-directional |
Radius Dimensions
Dimensions related to RADIUS (see FreeRADIUS attributes):
| Dimension name (portal) |
Description | Type: value column |
Direction |
| Radius Code | The RADIUS Packet type: Access-Request, Access-Accept, Access-Reject, or Access-Challenge (see IETF RFC2865). | int UDR |
Non-directional |
| Radius User Name | The name of the user to be authenticated. | string UDR |
Non-directional |
| Radius Service Type | The type of service the user has requested, or the type of service to be provided. | int UDR |
Non-directional |
| Radius Framed IP Address | The address to be configured for the user. | string UDR |
Non-directional |
| Radius Framed IP Mask | The IP netmask to be configured for the user when the user is a router to a network. | string UDR |
Non-directional |
| Radius Framed Protocol | The framing to be used for framed access. | string UDR |
Non-directional |
| Radius Accounting Status | Indicates whether this Accounting-Request marks the beginning of the user service (Start) or the end (Stop). | int UDR |
Non-directional |
| Radius Accounting Session ID | A unique Accounting ID that enables the matching of start and stop records in a log file. | string UDR |
Non-directional |
Legacy Application Decodes
The dimensions in the table below correspond to application decode fields from kprobe versions earlier than 1.3.0.
Note: The dimensions below require Kentik's kprobe software host agent (see About kprobe).
Legacy DNS Dimensions
Dimensions related to DNS properties (see Host Traffic Dimensions):
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| DNS Query | Query from a DNS resolver to a DNS name server. Note: Superseded by DNS Query Name. |
string Native |
Src/Dst: kflow_dns_query, N.A. |
| DNS Query Type | The resource record type requested by the DNS query. | bigint Native |
Src/Dst: kflow_dns_query_type, N.A. |
| DNS Return Code | DNS return code (see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6). Note: Superseded by DNS Reply Code. |
bigint Native |
Src/Dst: kflow_dns_ret_code, N.A. |
| DNS Response | The response from a DNS server to a DNS query. Note: Superseded by DNS Reply Data. |
string Native |
Src/Dst: kflow_dns_response, N.A. |
Legacy HTTP Dimensions
Dimensions related to HTTP properties (see Host Traffic Dimensions):
| Dimension name (portal) |
Description | Type: value column |
Direction KDE name(s) |
| HTTP URL | Filename portion of path, with query string (if any). | string Native |
Src/Dst: N.A., kflow_http_url |
| HTTP Host Header | Domain name of the server. Note: Superseded by HTTP Host. |
string Native |
Src/Dst: N.A., kflow_http_host |
| HTTP Return Code | HTTP status code. Note: Superseded by HTTP Status. |
bigint Native |
Src/Dst: N.A., kflow_http_status |
| HTTP Referrer | The address from which a destination webpage is requested. | string Native |
Src/Dst: N.A., kflow_http_referer |
| HTTP User Agent | User agent information identifying the client that submitted a request. | string Native |
Src/Dst: N.A., kflow_http_ua |
Container Networking Dimensions
Kentik currently supports Kubernetes for container networking. Support for other forms of container networking is planned.
Note: Use of Kubernetes with Kentik requires a special software agent; contact Customer Success (see Customer Support) for further information.
Kubernetes Dimensions
These dimensions represent information, gathered by Kentik at ingest, about the setup of a Kubernetes-managed container (see What is Kubernetes). These fields are stored in the KDE flow records of traffic from the container.
| Dimension name (portal) |
Description | Type: value column |
Direction |
| Pod Name | The name of a pod, which represents a set of running containers on your cluster. | string | Src/Dst |
| Pod Namespace | The scope within which the pod name is valid and unique. | string | Src/Dst |
| Workload Name | The name of a workload, which is a system of services or applications that can run to fulfill a task or carry out a business process. | string | Src/Dst |
| Workload Namespace | The scope within which the workload name is valid and unique. | string | Src/Dst |
| Container Name | The name of an executable image that contains software and all of its dependencies. | string | Dst only |