General Dimensions

General dimensions are listed in the following topics:

Notes:
- The categorization of dimensions in the topics below corresponds to the categories by which the dimensions are shown in the Dimension Selector Dialog (part of the ad hoc filter controls in the Filtering Options dialog).
- Except where noted, the dimensions listed in the tables below are available for both filtering and group-by.
- The value type refers to the data type (text, integer, etc.) of the dimension value.
- The column type refers to whether the dimension is literally stored in KDE (native) or derived at query-time from other KDE-stored information (virtual); see KDE Query Efficiency.
- The KDE name(s) given below, which represent the KDE column(s) corresponding to each dimension, may be used in API queries made with the Query SQL Method.
- Some columns are native (actually stored in the backend) while others are virtual (derived from other information). In general, filtering with dimensions based on native columns will return results faster than filtering with dimensions based on virtual columns.

 

About General Dimensions

In Kentik, general dimensions are dimensions that aren't collected as non-flow device metrics (e.g. SNMP or Streaming Telemetry) and also aren't specific to a particular device, such as a model of router. The general dimensions that are available in a given setting, such as the Query sidebar in Data Explorer (see Dimension Panes), vary depending on the category of the device (Router or Host; see Supported Device Types) as well as the specific device type.

If you don't find a given dimension in this article:
- For dimensions related to traffic routing, see Routing Dimensions.
- For dimensions that are collected as non-flow device metrics, see Device Metrics Dimensions.
- For dimensions that are device-specific, see Device-specific Metrics.

 

Network and Traffic Topology

This category of dimensions is used to filter or group-by on information related to devices including interface names and descriptions, port IDs, etc.

Note: The following dimensions are represented differently in the group-by Dimension Selectors (Group By Dimensions and Matrix By Dimensions dialogs) than in filtering (see Dimension Selector Dialog):
- Device Name is represented as the Device dimension.
- Interface Name and Description are represented by the Interface dimension.
- Traffic Orig/Term is represented as two separate dimensions, Traffic Origination and Traffic Termination.
- Ultimate Exit Interface Name and Description are represented by the Ultimate Exit Interface dimension.

Device Info Dimensions

Dimensions related to devices (see About Devices):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Device ID Kentik-assigned unique numerical ID of the device (see Device General Settings). string
Virtual
Non-directional:
i_device_id
Device Name User-defined name for the device (see Device General Settings). string
Virtual
Non-directional:
i_device_name
Device Type Type of device: router, host, etc. (see Supported Device Types).
Note: Used only for selection (filtering with WHERE clause), not for display or GROUP_BY.
string
Virtual
Non-directional:
i_device_type
Site Name of the site to which the device has been assigned (see About Sites). If the device hasn't been assigned to a site, returns an empty string.
Notes:
- Supported operators for WHERE clause: case-insensitive equality, LIKE, IN, and regex matching.
- Site assignments in the table may lag Admin settings by up to 10 minutes.
string
Virtual
Non-directional:
i_device_site_name
Device Labels A label assigned to a collection of devices (see About Labels). string
Virtual
Non-directional:
i_device_label

Interface Info Dimensions

Dimensions related to interfaces (see About Interfaces):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Interface ID ID of the receiving/sending host or router interface (see Interface Field Definitions). int
Native
Src/Dst:
input_port,
output_port
Interface Name The Name (e.g. “GigabitEthernet0/1”) of the device interface (physical or logical) through which flow ingressed/egressed (see Interface Field Definitions). string
Virtual
Src/Dst:
i_input_interface_description,
i_output_interface_description
Interface Description The Description (e.g. “Connected to upstream ISP”) of the device interface (physical or logical) through which flow ingressed/egressed (see Interface Field Definitions). string
Virtual
Src/Dst:
i_input_snmp_alias,
i_output_snmp_alias
Interface Capacity The speed of the device interface through which flow ingressed/egressed (see Interface Field Definitions). bigint
Virtual
Src/Dst:
i_input_interface_speed,
i_output_interface_speed

Interface Classification Dimensions

Dimensions related to interface classification (see Interface Classification):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Connectivity Type The connectivity type, such as transit, IX peering, etc., of the source/destination interface of this flow (see Connectivity Type Attribute). string
Virtual
Src/Dst:
i_src_connect_type_name,
i_dst_connect_type_name
Network Boundary The network boundary value (internal or external) of the source/destination interface of this flow (see Network Boundary Attribute). string
Virtual
Src/Dst:
i_src_network_bndry_name,
i_dst_network_bndry_name
Provider A string representing the provider via which source/destination traffic over a given interface reaches the Internet (see About Provider Classification). string
Virtual
Src/Dst:
i_src_provider_classification
i_dst_provider_classification

Network Classification Dimensions

Dimensions related to network classification (see Network Classification):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Traffic Orig/Term Indicates the location (inside or outside) of the source/destination of the flow (see Network Classification Dimensions). string
Virtual
Src/Dst:
i_trf_origination,
i_trf_termination
Host Direction If flow record is from host, indicates whether the direction of traffic is into or out of that host (see Network Classification Dimensions). string
Virtual
Non-directional:
i_host_direction
Traffic Profile The origination and termination of the flow (see Network Classification Dimensions). string
Virtual
Non-directional:
i_trf_profle
Simple Traffic Profile Alternate dimension for origination and termination of the flow (see Network Classification Dimensions). string
Virtual
Non-directional:
simple_trf_prof

Ultimate Exit Dimensions

Dimensions related to Ultimate Exit (see Using Ultimate Exit):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Ultimate Exit Interface ID Number of port through which the flow leaves (see Network Classification Dimensions). bigint
Native
Non-directional:
ult_exit_port
Ultimate Exit Interface Name The SNMP description (portal name) of the interface through which the flow leaves (see Network Classification Dimensions). string
Virtual
Non-directional:
i_ult_exit_interface_description
Ultimate Exit Interface Description The SNMP alias (portal description) of the interface through which the flow leaves (see Network Classification Dimensions). string
Virtual
Non-directional:
i_ult_exit_snmp_alias
Ultimate Exit Connectivity Type The connectivity type value of the interface through which traffic left the network for another AS (see Network Classification Dimensions). string
Virtual
Non-directional:
i_ult_exit_connect_type_name
Ultimate Exit Network Boundary The network boundary value of the interface through which traffic left the network for another AS (see Network Classification Dimensions). string
Virtual
Non-directional:
i_ult_exit_network_bndry_name
Ultimate Exit Provider A string representing the ultimate exit provider (see Why Ultimate Exit). string
Virtual
Non-directional:
i_ult_provider_classifcation
Ultimate Exit Site The name of the site through which the flow leaves (see Why Ultimate Exit). string
Virtual
Non-directional:
i_ult_exit_site
Ultimate Exit Device The name of the device through which the flow leaves (see Why Ultimate Exit). string
Virtual
Non-directional:
i_ult_exit_device_name

LAN Dimensions

Dimensions related to LAN properties:

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
VLAN ID of receiving/sending VLAN. int
Native
Src/Dst:
vlan_in,
vlan_out
MAC Address Ethernet (L2) address of source/destination. Usage described in MAC Address Columns. string
Native
Src/Dst:
src_eth_mac,
dst_eth_mac

 

Cloud Dimensions

The dimensions used to filter or group-by on fields in VPC flow logs from cloud providers are covered in the following topics:

 
top  |  section

General Cloud Dimensions

These dimensions are applicable to all cloud providers for which flow log ingest is supported by Kentik (e.g. AWS, GCP, or Azure).

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Cloud Provider The cloud provider (e.g. AWS, GCP, or Azure) from which Kentik retrieved the flow log containing the data in this flow record. string
native
Non-directional:
kt_cloud_provider

 
top  |  section

AWS Dimensions

The dimensions below represent data in flow logs from resources in Amazon Web Services (see Kentik for AWS).

Note: AWS documentation for many of these fields may be found in the Amazon VPC User Guide topic Available fields.

Directional AWS Dimensions

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Account Source/destination AWS account. int
Virtual
Src/Dst:
kt_aws_src_acc_id,
kt_aws_dst_acc_id
Instance Name Source/destination AWS instance name. string
Virtual
Src/Dst:
kt_aws_src_vm_name,
kt_aws_dst_vm_name
Instance Source/destination AWS instance string
Virtual
Src/Dst:
kt_aws_src_vm_id,
kt_aws_dst_vm_id
Region Source/destination AWS Region. string
Virtual
Src/Dst:
kt_aws_src_region,
kt_aws_dst_region
Zone Source/destination AWS Availability Zone. string
Virtual
Src/Dst:
kt_aws_src_zone,
kt_aws_dst_zone
Instance Type Source/destination AWS Instance Type. string
Virtual
Src/Dst:
kt_aws_src_vm_type,
kt_aws_dst_vm_type
Image ID Source/destination AWS Image ID. string
Virtual
Src/Dst:
kt_aws_src_image_id,
kt_aws_dst_image_id
Security Group Source/destination security group. string
Virtual
Src/Dst:
kt_aws_src_sg,
kt_aws_dst_sg
Auto Scaling Group Source/destination auto scaling group. string
Virtual
Src/Dst:
kt_aws_src_asg,
kt_aws_dst_asg
Public DNS Name Source/destination public DNS name. string
Virtual
Src/Dst:
kt_aws_src_pub_dns,
kt_aws_dst_pub_dns
Private DNS Name Source/destination private DNS name. string
Virtual
Src/Dst:
kt_aws_src_priv_dns,
kt_aws_dst_priv_dns
VPC ID Source/destination VPC ID. string
Virtual
Src/Dst:
kt_aws_src_vpc_id,
kt_aws_dst_vpc_id
Subnet ID Source/destination subnet ID. string
Virtual
Src/Dst:
kt_aws_src_subnet_id,
kt_aws_dst_subnet_id
Instance Tags Tags applied to VMs by users. string
Virtual
Src/Dst:
kt_aws_src_vm_tags,
kt_aws_dst_vm_tags
Packet Address The packet-level (original) source/destination IP address of the traffic. See pkt-srcaddr/pkt-dstaddr in AWS documentation. bytes/IP Address
UDR
Src/Dst
N.A.
Gateway ID The ID of the gateway through which the flow entered your AWS resources. string
UDR
Dst only
N.A.
Gateway Type The type of the gateway through which the flow entered your AWS resources string
UDR
Dst only
N.A.
Forwarding State The route state of the destination prefix:
- “active” if traffic is flowing towards an active route;
- “blackholed” if traffic is flowing towards a blackhole route.
string
UDR
Dst only
N.A.
Interface ID The ID (inferred from IP address) of the first (for source) or last (for destination) Elastic Network Interface on which the flow was recorded. string
UDR
Src/Dst
N.A.
Interface Type The type of the network interface that recorded the flow:
0 - No value provided
1 - Unknown
2 - interface
3 - nat_gateway
4 - lambda
5 - transit_gateway
6 - vpc_endpoint
7 - network_load_balancer
8 - gateway_load_balancer_endpoint
9 - trunk
10 - global_accelerator_managed
int
UDR
Src/Dst
N.A.
AWS Service The name of the subset of IP address ranges for the pkt-srcaddr field, if the source IP address is for an AWS service. For possible values see pkt-src-aws-service in AWS documentation. int
UDR
Src/Dst
N.A.
ENI Description The description field of the Elastic Network Interface that recorded the flow. string
UDR
Src/Dst
N.A.
ENI Entity Name The name of the entity based on the Elastic Network Interface that recorded the flow. string
UDR
Src/Dst
N.A.

Non-directional AWS Dimensions

Dimension
name (portal)
Description Type:
value
column
KDE name(s)
Firewall Action The action associated with the traffic:
- ACCEPT: The recorded traffic was permitted by the security groups or network ACLs.
- REJECT: The recorded traffic was not permitted by the security groups or network ACLs.
string
Virtual
kt_aws_action
Logging Status The logging status of the flow log:
- OK: Data is logging normally to the chosen destinations.
- NODATA: There was no network traffic to or from the network interface during the capture window.
- SKIPDATA: Some flow log records were skipped during the capture window. This may be because of an internal capacity constraint, or an internal error.
string
Virtual
kt_aws_status
Start Time The time, in Unix seconds, when the first packet of the flow was received within the aggregation interval. This might be up to 60 seconds after the packet was transmitted or received on the network interface. bigint
UDR
N.A.
End Time The time, in Unix seconds, when the last packet of the flow was received within the aggregation interval. This might be up to 60 seconds after the packet was transmitted or received on the network interface. bigint
UDR
N.A.
Interface ID The ID of the network interface that recorded the flow. string
UDR
N.A.
Flow Log Account ID The AWS account ID of the owner of the source network interface that recorded the flow.
Note: This value may be unknown when the interface is created by an AWS service, e.g. when creating a VPC endpoint or Network Load Balancer.
string
UDR
N.A.
Flow Direction The direction of the flow with respect to the interface where traffic is captured:
- ingress
- egress.
string
UDR
N.A.
Traffic Path The path that egress traffic (see Flow Direction) takes to the destination:
1 - Through another resource in the same VPC
2 - Through an internet gateway or a gateway VPC endpoint
3 - Through a virtual private gateway
4 - Through an intra-region VPC peering connection
5 - Through an inter-region VPC peering connection
6 - Through a local gateway
7 - Through a gateway VPC endpoint (Nitro-based instances only)
8 - Through an internet gateway (Nitro-based instances only)
Note: If none of the above values apply, the field is set to "-"
int
UDR
N.A.
Cloud Ultimate Exit The last gateway the flow will traverse on its way to the destination IP address. string
UDR
N.A.
Cloud Ultimate Exit Type The type of the last gateway the flow will traverse on its way to the destination IP address:
- Virtual Gateway
- Customer Gateway
- Transit
- Internet
- VPC Peering Gateway
- Egress Only Internet Gateway
- NAT Gateway
- Carrier Gateway
string
UDR
N.A.

 
top  |  section

Azure Dimensions

These dimensions represent data in flow logs from resources in Microsoft Azure (see Kentik for Azure).

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Instance Name The name of the Azure instance (VM) that generated the flow log. string
Native
Src/Dst:
kt_az_src_inst_name,
kt_az_dst_inst_name
Instance The raw ID of the log-generating instance, which is useful for programmatic management of compute resources. string
Native
Src/Dst:
kt_az_src_inst_id,
kt_az_dst_inst_id
Region The geographical region of the Azure instance, which corresponds to a specific set of Azure data centers in which the instance may run. string
Native
Src/Dst:
kt_az_src_region,
kt_az_dst_region
Zone The High Availability Zone where the instance is currently deployed, which corresponds to a specific data center within a region. int
Native
Src/Dst:
kt_az_src_zone,
kt_az_dst_zone
Instance Type The kind of instance-generated flow logs, which may be Azure-provided or custom-built. These values do not follow a standard naming nomenclature. string
Native
Src/Dst:
kt_az_src_inst_type,
kt_az_dst_inst_type
Public DNS Name The publicly resolvable DNS name for an instance. string
Native
Src/Dst:
kt_az_src_fqdn,
kt_az_dst_fqdn
VNet ID An identifier for the virtual network object in which an instance resides. A virtual network is a collection of subnets within a given region. string
Native
Src/Dst:
kt_az_src_vnet,
kt_az_dst_vnet
Subnet Name The name of a subnet resource assigned to a virtual network. string
Native
Src/Dst:
kt_az_src_subnet,
kt_az_dst_subnet
Resource Group A set of related technical resources (disk, storage, VMs, APIs, services, etc.) that can be accessed as a group for bulk operations. string
Native
Src/Dst:
kt_az_src_resource_group,
kt_az_dst_resource_group
Public IP Address The public IP address assigned to an Azure instance. Public IP addresses are not assigned by default. string
Native
Src/Dst:
kt_az_src_public_ip,
kt_az_dst_public_ip
Subscription A top-level administrative object representing a set of resources that will be billed together in a monthly cycle. All Azure resources are tied to a subscription, which may contain multiple resource groups. string
Native
Src/Dst:
kt_az_src_sub_id,
kt_az_dst_sub_id
Security Rule The name of the security rule by which this flow was allowed or denied as it passed through a security group (see below) on its way to or from an Azure instance. string
Native
Src/Dst:
ktsubtype__azure_subnet__STR01,
ktsubtype__azure_subnet__STR00
Firewall Action The actions (allow or deny) taken on this flow by the security rules by which it was evaluated on the way to or from an Azure instance. string
Native
Src/Dst:
ktsubtype__azure_subnet__STR03,
ktsubtype__azure_subnet__STR02
Security Group A collection of enforced security policies (each a collection of rules) at the edge of a virtual network and/or applied to a network interface attached to an instance. Traffic to an instance from the internet must pass through at least one security group at the edge of the virtual network and may also pass through an additional security group attached to the interface of an instance. string
Native
Src/Dst:
kt_az_src_nsg_name,
kt_az_dst_nsg_name

 
top  |  section

GCP Dimensions

These dimensions represent data in flow logs from resources in Google Cloud Platform (see Kentik for GCP).

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Project ID Source GCE Project ID. string
Virtual
Src/Dst:
kt_gce_src_proj_id,
kt_gce_dst_proj_id
VM Name Source VM Name. string
Virtual
Src/Dst:
kt_gce_src_vm_name,
kt_gce_dst_vm_name
Region Source VM Name. string
Virtual
Src/Dst:
kt_gce_src_region,
kt_gce_dst_region
Zone Source VM Name. string
Virtual
Src/Dst:
kt_gce_src_zone,
kt_gce_dst_zone
Subnet Name Source GCE Subnet Name. string
Virtual
Src/Dst:
kt_gce_src_vpc_snn,
kt_gce_dst_vpc_snn
VM Type Source VM type. string
Virtual
Src/Dst:
kt_gce_src_vm_type,
kt_gce_dst_vm_type
Image ID Source image ID. string
Virtual
Src/Dst:
kt_gce_src_vm_image,
kt_gce_dst_vm_image
Instance Group ID or Name Src instance group ID or name. string
Virtual
Src/Dst:
kt_gce_src_vm_group,
kt_gce_dst_vm_group
Reporter Indicates where the flow was collected/reported:
- By the source VM/instance if value is SRC;
- By the destination VM/instance if value is DEST.
string
Virtual
Non-directional:
kt_gce_reporter

 
top  |  section

IBM Dimensions

IBM Cloud dimensions are based on the header fields and flow log fields of flow logs exported from resources in IBM Cloud (see Kentik for IBM Cloud).

Note: Additional details about many of these fields may be found in the IBM documentation topic Flow log fields.

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Region The region alias of the bucket that holds the flow logs. string Src/Dst
Availability Zone The availability zone that is the source/destination of the flow. string Src/Dst
VPC The ID of the virtual network that is the source/destination of the flow. string Src/Dst
Subnet The ID of the subnet within the VPC that is the source/destination of the flow. string Src/Dst
Vnic The ID of the source/destination vNIC (virtual Network interface Controller) string Src/Dst
Instance The CRN (Cloud Resource Name) of the instance to which the vNIC is attached. string Src/Dst
Start Time When the first byte in a flow log was captured and seen in the data path. string Non-directional
End Time When the last byte in a flow log was captured and seen in the data path. string Non-directional
Action Indicates whether the traffic summarized by this flow was accepted) or rejected. string Non-directional
Direction If the first packet on the connection was received by the vNIC, the direction is I (inbound). If the first packet was sent by the vNIC, the direction is O (outbound). string Non-directional
Account An IBM Cloud customer account. string Non-directional
Endpoint Type The type of endpoint, currently only "vnic" string Non-directional
Record Type The type of traffic included in the flow (all, ingress, egress, or internal). string Non-directional

 

Geolocation Dimensions

These dimensions are used to filter or group-by on flow properties related to physical location.

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Custom Geo A collection of countries that have been assigned a common geographical label (see About Custom Geos). string
Native
Src/Dst:
kt_src_market,
kt_dst_market
Country Two-letter country code associated with the source/destination IP of the flow. string
Native
Src/Dst:
src_geo,
dst_geo
Region Full-string English name of the region (state or province, e.g. "California") associated with the source IP of the flow. string
Native
Src/Dst:
src_geo_region,
dst_geo_region
City Full-string English name of the city (e.g. "San Francisco") associated with the source IP of the flow. string
Native
Src/Dst:
src_geo_city,
dst_geo_city
Site Country A country in which your organization has sites; enables the grouping, with a single dimension, of traffic from all sites in a given country. string
Virtual
Non-directional:
i_device_site_country
Ultimate Exit Site Country The name of the country containing the site through which flow leaves. string
Virtual
Non-directional:
i_ult_exit_site_country

 

Application Context and Security

These dimensions are used to filter or group-by based on various factors related to context — whether a flow originated or terminated with a commercial CDN, for example, or what "service" (port and protocol) it represents — as well as whether the value of certain flow fields match those of known security threats.

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Cloud The name of the vendor (e.g. AWS, GCP, Azure, etc.) operating the cloud computing service in which this flow originated (src) or terminated (dst). The value is derived by checking the IP address (src or dst) in the flow against the cloud provider's list of IPs. string
Native
Src/Dst:
kt_src_cloud
kt_dst_cloud
Cloud Service The name that a cloud computing vendor assigns to the service in which a flow originated (src) or terminated (dst). The value is derived by checking the IP address (src or dst) in the flow against the cloud provider's list of IPs. string
Native
Src/Dst:
kt_src_cloud_service
kt_dst_cloud_service
CDN Commercial CDN (if any) with which the flow originated/terminated (see CDN Attribution Dimensions).
Note: This dimension is available only for organizations with CDN Attribution enabled.
string
Native
Src/Dst:
src_cdn,
dst_cdn
Service (Port + Proto) The combination of the port and protocol of the source/destination flow.
Note: This dimension is available only for group-by. For filtering, use Port Number and Protocol.
string
Virtual
Src/Dst:
N.A.
Bot Net CC A source/destination IP for the flow that has been identified as a botnet command and control (CC) servers (see Threat Feed Dimensions). string
Native
Src/Dst:
src_threat_bnetcc,
dst_threat_bnetcc
Threat List Host A source/destination IP for the flow that has been identified as a threat (see Threat Feed Dimensions). string
Native
Src/Dst:
src_threat_host,
dst_threat_host
Application An identifying string for the application associated with a flow, which is either derived by evaluating flow data or provided in the flow data itself (see About Applications). string
Native
Non-directional:
application
TCP Flags TCP flags that were set on the flow using a flow mask (TCP Flag Filtering). int
Native
Non-directional:
tcp_flags
OTT Service An individual OTT content service whose hostname is looked up via DNS. string
Native
Non-directional:
ott_service
OTT Service Type The nature of the content provided by an OTT content service. Values include Adult, Ads, Antivirus, Audio, Cloud, Conferencing, Dating, Developer Tools, Documents, Ecommerce, File Sharing, Gaming, IoT, Mail, Maps, Media, Messaging, Network, Newsgroups, Photo Sharing, Social, Software Download, Software Updates, Storage, Video, VPN, Web. string
Virtual
Non-directional:
N.A.
OTT Service Provider An entity that offers an OTT content service. For example Google is the provider for Google Drive, GMail, Google Maps, etc. string
Virtual
Non-directional:
N.A.

 

Application Decodes

Dimensions related to "application decodes" are covered in the following topics:

 
top  |  section

About Application Decodes

Application decodes dimensions are used to filter or group-by based on host-related fields (e.g. HTTP and DNS-related fields) with which Kentik enriches flow records from our software host agent (see About kprobe). Kentik originally allocated this data to a fixed set of KDE columns but later switched to the more efficient approach of storing it in UDR columns (see Universal Data Records). As a result, data from current kprobe versions is queried via dimensions that are categorized as "Application Decodes" in the portal UI while data from kprobe versions older than 1.3.0 is queried via dimensions that are now categorized as "Legacy Application Decodes."

Note: To determine the version of a given instance of kprobe, use the --version argument described in Print-related Configuration.

 
top  |  section

Application Decodes Dimensions

The dimensions in the table below correspond to application decode fields from kprobe version 1.3.0 and above, which use UDR columns in KDE (see Universal Data Records).

Notes:
- These dimensions are all non-directional.
- For application decodes metrics, see Application Decodes Metrics.
- The dimensions below require Kentik's kprobe software host agent (see About kprobe).

DNS Dimensions

Dimensions related to DNS properties (see Host Traffic Dimensions):

Dimension
name (portal)
Description Type:
value
column
Direction
DNS Query Name Query from a DNS resolver to a DNS name server. string
UDR
Non-directional
DNS Query Type The resource record type requested by the DNS query. bigint
UDR
Non-directional
DNS Reply Code DNS return code (see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6). bigint
UDR
Non-directional
DNS Reply Data The response from a DNS server to a DNS query. string
UDR
Non-directional

HTTP Dimensions

Dimensions related to HTTP properties (see Host Traffic Dimensions):

Dimension
name (portal)
Description Type:
value
column
Direction
HTTP URL Filename portion of path, with query string (if any). string
UDR
Non-directional
HTTP Host Domain name of the server. string
UDR
Non-directional
HTTP Referrer The address from which a destination webpage is requested. string
UDR
Non-directional
HTTP URL Filename portion of path, with query string (if any). string
UDR
Non-directional
HTTP Host Domain name of the server. string
UDR
Non-directional

TLS Dimensions

Dimensions related to Transport Layer Security (see IETF RFC8446):

Dimension
name (portal)
Description Type:
value
column
Direction
TLS Server Name The Server Name Indication (SNI), which is a TLS extension by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. string
UDR
Non-directional
TLS Server Version The version of the TLS server (as of August 2018 the current version was 1.3). int
UDR
Non-directional
TLS Cipher Suite A set of cryptographic algorithms used to create keys and encrypt information for TLS. int
UDR
Non-directional

DHCP Dimensions

Dimensions related to Dynamic Host Configuration Protocol (see IETF RFC2131):

Dimension
name (portal)
Description Type:
value
column
Direction
DHCP OP Message op code / message type: 1 = BOOTREQUEST, 2 = BOOTREPLY. int
UDR
Non-directional
DHCP Message Type The type of the DHCP message, e.g. DHCPDISCOVER, DHCPOFFER, etc. (see DHCP Message Type). int
UDR
Non-directional
DHCP CI Address A client IP address (ciaddr) that has already been allocated and accepted; only filled in if client is in BOUND, RENEW or REBINDING state and can respond to ARP requests. string
UDR
Non-directional
DHCP YI Address The IP address of the client (yiaddr) as allocated by the server and accepted by the client. string
UDR
Non-directional
DHCP SI Address The IP address of next server to use in bootstrap (siaddr). string
UDR
Non-directional
DHCP Lease In a client request (DHCPDISCOVER or DHCPREQUEST), the requested lease time for the IP address; in a server reply, the lease time offered by the server (see IP Address Lease Time). int
UDR
Non-directional
DHCP CH Address The client hardware address (chaddr). string
UDR
Non-directional
DHCP Hostname The name of the client (see Host Name Option). string
UDR
Non-directional
DHCP Domain The domain name that client should use when resolving hostnames via the Domain Name System (see Domain Name Option). string
UDR
Non-directional

Radius Dimensions

Dimensions related to RADIUS (see FreeRADIUS attributes):

Dimension
name (portal)
Description Type:
value
column
Direction
Radius Code The RADIUS Packet type: Access-Request, Access-Accept, Access-Reject, or Access-Challenge (see IETF RFC2865). int
UDR
Non-directional
Radius User Name The name of the user to be authenticated. string
UDR
Non-directional
Radius Service Type The type of service the user has requested, or the type of service to be provided. int
UDR
Non-directional
Radius Framed IP Address The address to be configured for the user. string
UDR
Non-directional
Radius Framed IP Mask The IP netmask to be configured for the user when the user is a router to a network. string
UDR
Non-directional
Radius Framed Protocol The framing to be used for framed access. string
UDR
Non-directional
Radius Accounting Status Indicates whether this Accounting-Request marks the beginning of the user service (Start) or the end (Stop). int
UDR
Non-directional
Radius Accounting Session ID A unique Accounting ID that enables the matching of start and stop records in a log file. string
UDR
Non-directional

 
top  |  section

Legacy Application Decodes

The dimensions in the table below correspond to application decode fields from kprobe versions earlier than 1.3.0.

Note: The dimensions below require Kentik's kprobe software host agent (see About kprobe).

Legacy DNS Dimensions

Dimensions related to DNS properties (see Host Traffic Dimensions):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
DNS Query Query from a DNS resolver to a DNS name server.
Note: Superseded by DNS Query Name.
string
Native
Src/Dst:
kflow_dns_query,
N.A.
DNS Query Type The resource record type requested by the DNS query. bigint
Native
Src/Dst:
kflow_dns_query_type,
N.A.
DNS Return Code DNS return code (see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6).
Note: Superseded by DNS Reply Code.
bigint
Native
Src/Dst:
kflow_dns_ret_code,
N.A.
DNS Response The response from a DNS server to a DNS query.
Note: Superseded by DNS Reply Data.
string
Native
Src/Dst:
kflow_dns_response,
N.A.

Legacy HTTP Dimensions

Dimensions related to HTTP properties (see Host Traffic Dimensions):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
HTTP URL Filename portion of path, with query string (if any). string
Native
Src/Dst:
N.A.,
kflow_http_url
HTTP Host Header Domain name of the server.
Note: Superseded by HTTP Host.
string
Native
Src/Dst:
N.A.,
kflow_http_host
HTTP Return Code HTTP status code.
Note: Superseded by HTTP Status.
bigint
Native
Src/Dst:
N.A.,
kflow_http_status
HTTP Referrer The address from which a destination webpage is requested. string
Native
Src/Dst:
N.A.,
kflow_http_referer
HTTP User Agent User agent information identifying the client that submitted a request. string
Native
Src/Dst:
N.A.,
kflow_http_ua

 

Container Networking Dimensions

Kentik dimensions related to container networking are covered in the following topics:

Notes:
- Container networking is currently supported in Kentik via Kubernetes. Support for other forms of container networking is planned.
- Use of Kubernetes with Kentik requires a special software agent; contact Customer Support for further information.

 
top  |  section

Kubernetes Dimensions

These dimensions represent information, gathered by Kentik at ingest, about the setup of a Kubernetes-managed container (see What is Kubernetes). These fields are stored in the KDE flow records of traffic from the container.

Note: See also PATA Dimensions.

Dimension
name (portal)
Description Type:
value
column
Direction
Pod Name The name of a pod, which represents a set of running containers on your cluster. string Src/Dst
Pod Namespace The scope within which the pod name is valid and unique. string Src/Dst
Workload Name The name of a workload, which is a system of services or applications that can run to fulfill a task or carry out a business process. string Src/Dst
Workload Namespace The scope within which the workload name is valid and unique. string Src/Dst
Container Name The name of an executable image that contains software and all of its dependencies. string Dst only
Service Name The name of a network application that is running as one or more pods in your cluster. string Src/Dst
Service Namespace The namespace in which the service is running. string Src/Dst

 
top  |  section

PATA Dimensions

The values for process-aware telemetry agent (PATA) dimensions originate from Kentik's kappa host agent, a host-based telemetry agent providing ultra-efficient observability across production settings including both on-premises data centers and cloud infrastructure (see Kubernetes Dimensions & Metrics).

Notes:
- The descriptions in the table below apply only in the context of Kubernetes.
- See also Kubernetes Dimensions.

Dimension
name (portal)
Description Type Direction
Process PID The ID of the source or destination process of the flow. integer Src & Dst
Process Name The name of the source or destination process of the flow string Src & Dst
Process Cmdline The command entered at the CLI, related to the process ID of the source or destination process of the flow. string Src & Dst
Process Container ID The string (guid format) that uniquely identifies the container. string Src & Dst
Node The source or destination Kubernetes node that originated or terminated the flow. string Src & Dst
Object Name The Kubernetes object (pod or service name) for the source or destination pod in the traffic flow. string Src & Dst
Object Namespace The Kubernetes namespace of the source or destination pod in the traffic flow. string Src & Dst
Object Type The Kubernetes object type for the traffic flow (pod or service). string Src & Dst
Container Name The container name(s) related to the source or destination process ID. string Src & Dst
Workload Name The name of the workload that a pod or service was deployed as. string Src & Dst
Workload Namespace The namespace name of a source or destination traffic flow. string Src & Dst
Object Labels The object labels associated with source or destination traffic. string Src & Dst
Cluster ID A unique identifying integer that the cluster assigns to itself. integer Other
© 2014- Kentik
In this article:
×