General Dimensions

General dimensions are listed in the following topics:

Notes:
- The categorization of dimensions in the topics below corresponds to the categories by which the dimensions are shown in the Dimension Selector Dialog (part of the ad hoc filter controls in the Filtering Options dialog).
- Except where noted, the dimensions listed in the tables below are available for both filtering and group-by.
- The value type refers to the data type (text, integer, etc.) of the dimension value.
- The column type refers to whether the dimension is literally stored in KDE (native) or derived at query-time from other KDE-stored information (virtual); see KDE Query Efficiency.
- The KDE name(s) given below, which represent the KDE column(s) corresponding to each dimension, may be used in API queries made with the Query SQL Method.
- Some columns are native (actually stored in the backend) while others are virtual (derived at query run-time) from other information). In general, filtering with dimensions based on native columns will return results faster than filtering with dimensions based on virtual columns.

 

About General Dimensions

In Kentik, general dimensions are dimensions that aren't collected as non-flow device metrics (e.g. SNMP or Streaming Telemetry) and also aren't specific to a particular device, such as a model of router. The general dimensions that are available in a given setting, such as the Query sidebar in Data Explorer (see Dimension Panes), vary depending on the category of the device (Router or Host; see Supported Device Types) as well as the specific device type.

If you don't find a given dimension in this article:
- For dimensions related to traffic routing, see Routing Dimensions.
- For dimensions that are collected as non-flow device metrics, see Device Metrics Dimensions.
- For dimensions that are device-specific, see Device-specific Metrics.

 

Network and Traffic Topology

This category of dimensions is used to filter or group-by on information related to devices including interface names and descriptions, port IDs, etc.

Note: The following dimensions are represented differently in the group-by Dimension Selectors (Group By Dimensions and Matrix By Dimensions dialogs) than in filtering (see Dimension Selector Dialog):
- Device Name is represented as the Device dimension.
- Interface Name and Description are represented by the Interface dimension.
- Traffic Orig/Term is represented as two separate dimensions, Traffic Origination and Traffic Termination.
- Ultimate Exit Interface Name and Description are represented by the Ultimate Exit Interface dimension.

Device Info Dimensions

Dimensions related to devices (see About Devices):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Device ID Kentik-assigned unique numerical ID of the device (see Device General Settings). string
Virtual
Non-directional:
i_device_id
Device Name User-defined name for the device (see Device General Settings). string
Virtual
Non-directional:
i_device_name
Device Type Type of device: router, host, etc. (see Supported Device Types).
Note: Used only for selection (filtering with WHERE clause), not for display or GROUP_BY.
string
Virtual
Non-directional:
i_device_type
Device Sample Rate The ratio of total flows per sampled flow (see Device Flow Settings). string Virtual Non-directional:
device_sample_rate
Site Name of the site to which the device has been assigned (see About Sites). If the device hasn't been assigned to a site, returns an empty string.
Notes:
- Supported operators for WHERE clause: case-insensitive equality, LIKE, IN, and regex matching.
- Site assignments in the table may lag Admin settings by up to 10 minutes.
string
Virtual
Non-directional:
i_device_site_name
Site Market Name of the site market to which the device has been assigned (see About Site Markets). If the device hasn't been assigned to a site market, returns an empty string. string
Virtual
Non-directional:
i_site_market
Device Labels A label assigned to a collection of devices (see About Labels). string
Virtual
Non-directional:
i_device_label

Interface Info Dimensions

Dimensions related to interfaces (see About Interfaces):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Interface ID ID of the receiving/sending host or router interface (see Interface Field Definitions). int
Native
Src/Dst:
input_port,
output_port
Interface Name The Name (e.g. “GigabitEthernet0/1”) of the device interface (physical or logical) through which flow ingressed/egressed (see Interface Field Definitions). string
Virtual
Src/Dst:
i_input_interface_description,
i_output_interface_description
Interface Description The Description (e.g. “Connected to upstream ISP”) of the device interface (physical or logical) through which flow ingressed/egressed (see Interface Field Definitions). string
Virtual
Src/Dst:
i_input_snmp_alias,
i_output_snmp_alias
Interface Capacity The speed of the device interface through which flow ingressed/egressed (see Interface Field Definitions). bigint
Virtual
Src/Dst:
i_input_interface_speed,
i_output_interface_speed

Interface Classification Dimensions

Dimensions related to interface classification (see Interface Classification):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Connectivity Type The connectivity type, such as transit, IX peering, etc., of the source/destination interface of this flow (see Connectivity Type Attribute). string
Virtual
Src/Dst:
i_src_connect_type_name,
i_dst_connect_type_name
Network Boundary The network boundary value (internal or external) of the source/destination interface of this flow (see Network Boundary Attribute). string
Virtual
Src/Dst:
i_src_network_bndry_name,
i_dst_network_bndry_name
Provider A string representing the provider via which source/destination traffic over a given interface reaches the Internet (see About Provider Classification). string
Virtual
Src/Dst:
i_src_provider_classification
i_dst_provider_classification

Network Classification Dimensions

Dimensions related to network classification (see Network Classification):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Traffic Orig/Term Indicates the location (inside or outside) of the source/destination of the flow (see Network Classification Dimensions). string
Virtual
Src/Dst:
i_trf_origination,
i_trf_termination
Host Direction If flow record is from host, indicates whether the direction of traffic is into or out of that host (see Network Classification Dimensions). string
Virtual
Non-directional:
i_host_direction
Traffic Profile The origination and termination of the flow (see Network Classification Dimensions). string
Virtual
Non-directional:
i_trf_profle
Simple Traffic Profile Alternate dimension for origination and termination of the flow (see Network Classification Dimensions). string
Virtual
Non-directional:
simple_trf_prof

Ultimate Exit Dimensions

Dimensions related to Ultimate Exit (see Using Ultimate Exit):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Ultimate Exit Interface ID Number of port through which the flow leaves (see Network Classification Dimensions). bigint
Native
Non-directional:
ult_exit_port
Ultimate Exit Interface Name The SNMP description (portal name) of the interface through which the flow leaves (see Network Classification Dimensions). string
Virtual
Non-directional:
i_ult_exit_interface_description
Ultimate Exit Interface Description The SNMP alias (portal description) of the interface through which the flow leaves (see Network Classification Dimensions). string
Virtual
Non-directional:
i_ult_exit_snmp_alias
Ultimate Exit Connectivity Type The connectivity type value of the interface through which traffic left the network for another AS (see Network Classification Dimensions). string
Virtual
Non-directional:
i_ult_exit_connect_type_name
Ultimate Exit Network Boundary The network boundary value of the interface through which traffic left the network for another AS (see Network Classification Dimensions). string
Virtual
Non-directional:
i_ult_exit_network_bndry_name
Ultimate Exit Provider A string representing the ultimate exit provider (see Why Ultimate Exit). string
Virtual
Non-directional:
i_ult_provider_classifcation
Ultimate Exit Site The name of the site through which the flow leaves (see Why Ultimate Exit). string
Virtual
Non-directional:
i_ult_exit_site
Ultimate Exit Site Market The name of the site market through which the flow leaves (see Why Ultimate Exit). string
Virtual
Non-directional:
i_ult_exit_site_market
Ultimate Exit Device ID The numerical ID of the device through which the flow leaves (see Why Ultimate Exit). string
Virtual
Non-directional:
i_ult_exit_device_id
Ultimate Exit Device The name of the device through which the flow leaves (see Why Ultimate Exit). string
Virtual
Non-directional:
i_ult_exit_device_name

LAN Dimensions

Dimensions related to LAN properties:

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
VLAN ID of receiving/sending VLAN. int
Native
Src/Dst:
vlan_in,
vlan_out
MAC Address Ethernet (L2) address of source/destination. Usage described in MAC Address Columns. string
Native
Src/Dst:
src_eth_mac,
dst_eth_mac

 

Cloud Dimensions

The dimensions used to filter or group-by on fields in VPC flow logs from cloud providers are covered in the following topics:

 
top  |  section

General Cloud Dimensions

These dimensions are applicable to all cloud providers for which flow log ingest is supported by Kentik (e.g. AWS, GCP, or Azure).

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Cloud Provider The cloud provider (e.g. AWS, GCP, or Azure) from which Kentik retrieved the flow log containing the data in this flow record. string
native
Non-directional:
kt_cloud_provider

 
top  |  section

AWS Dimensions

The dimensions below represent data in flow logs from resources in Amazon Web Services (see Kentik for AWS).

Note: AWS documentation for many of these fields may be found in the Amazon VPC User Guide topic Available fields.

Directional AWS Dimensions

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Account Source/destination AWS account. int
Virtual
Src/Dst:
kt_aws_src_acc_id,
kt_aws_dst_acc_id
Instance Name Source/destination AWS instance name. string
Virtual
Src/Dst:
kt_aws_src_vm_name,
kt_aws_dst_vm_name
Instance Source/destination AWS instance string
Virtual
Src/Dst:
kt_aws_src_vm_id,
kt_aws_dst_vm_id
Region Source/destination AWS Region. string
Virtual
Src/Dst:
kt_aws_src_region,
kt_aws_dst_region
Zone Source/destination AWS Availability Zone. string
Virtual
Src/Dst:
kt_aws_src_zone,
kt_aws_dst_zone
Instance Type Source/destination AWS Instance Type. string
Virtual
Src/Dst:
kt_aws_src_vm_type,
kt_aws_dst_vm_type
Image ID Source/destination AWS Image ID. string
Virtual
Src/Dst:
kt_aws_src_image_id,
kt_aws_dst_image_id
Security Group Source/destination security group. string
Virtual
Src/Dst:
kt_aws_src_sg,
kt_aws_dst_sg
Auto Scaling Group Source/destination auto scaling group. string
Virtual
Src/Dst:
kt_aws_src_asg,
kt_aws_dst_asg
Public DNS Name Source/destination public DNS name. string
Virtual
Src/Dst:
kt_aws_src_pub_dns,
kt_aws_dst_pub_dns
Private DNS Name Source/destination private DNS name. string
Virtual
Src/Dst:
kt_aws_src_priv_dns,
kt_aws_dst_priv_dns
VPC ID Source/destination VPC ID. string
Virtual
Src/Dst:
kt_aws_src_vpc_id,
kt_aws_dst_vpc_id
Subnet ID Source/destination subnet ID. string
Virtual
Src/Dst:
kt_aws_src_subnet_id,
kt_aws_dst_subnet_id
Instance Tags Tags applied to VMs by users. string
Virtual
Src/Dst:
kt_aws_src_vm_tags,
kt_aws_dst_vm_tags
Packet Address The packet-level (original) source/destination IP address of the traffic. See pkt-srcaddr/pkt-dstaddr in AWS documentation. bytes/IP Address
Native
Src/Dst:
ktsubtype__aws_subnet__INET_00,
ktsubtype__aws_subnet__INET_01
Gateway ID The ID of the gateway through which the flow entered your AWS resources. string
Virtual
Dst only:
ktsubtype__aws_subnet__STR17
Gateway Type The type of the gateway through which the flow entered your AWS resources string
Virtual
Dst only:
ktsubtype__aws_subnet__STR19
Forwarding State The route state of the destination prefix:
- “active” if traffic is flowing towards an active route;
- “blackholed” if traffic is flowing towards a blackhole route.
string
Virtual
Dst only:
ktsubtype__aws_subnet__STR04,
ktsubtype__aws_subnet__STR05
Interface ID The ID (inferred from IP address) of the first (for source) or last (for destination) Elastic Network Interface on which the flow was recorded. string
Virtual
Src only:
ktsubtype__aws_subnet__STR20
Interface Type The type of the network interface that recorded the flow:
0 - No value provided
1 - Unknown
2 - interface
3 - nat_gateway
4 - lambda
5 - transit_gateway
6 - vpc_endpoint
7 - network_load_balancer
8 - gateway_load_balancer_endpoint
9 - trunk
10 - global_accelerator_managed
int
Virtual
Src/Dst:
ktsubtype__aws_subnet__INT02,
ktsubtype__aws_subnet__INT03
AWS Service The name of the subset of IP address ranges for the pkt-srcaddr field, if the source IP address is for an AWS service. For possible values see pkt-src-aws-service in AWS documentation. int
Virtual
Src/Dst:
ktsubtype__aws_subnet__INT04,
ktsubtype__aws_subnet__INT05
ENI Description The description field of the Elastic Network Interface that recorded the flow. string
Virtual
Src/Dst:
ktsubtype__aws_subnet__STR21,
ktsubtype__aws_subnet__STR22
ENI Entity Name The name of the entity based on the Elastic Network Interface that recorded the flow. string
Virtual
Src/Dst:
ktsubtype__aws_subnet__STR23,
ktsubtype__aws_subnet__STR24
AWS TGW AZ ID The ID of the transit gateway availability zone. string
Virtual
Src/Dst:
ktsubtype__aws_subnet__STR35,
ktsubtype__aws_subnet__STR29
AWS TGW ENI The Elastic Network Interface of the transit gateway. string Virtual Src/Dst:
ktsubtype__aws_subnet__STR36,
ktsubtype__aws_subnet__STR30
AWS TGW Subnet ID The subnet ID of the transit gateway. string Virtual Src/Dst:
ktsubtype__aws_subnet__STR37,
ktsubtype__aws_subnet__STR31
AWS TGW VPC ID The VPC ID of the transit gateway. string Virtual Src/Dst:
ktsubtype__aws_subnet__STR38,
ktsubtype__aws_subnet__STR32
AWS TGW VPC Account ID The VPC account ID of the transit gateway. bigint Virtual Src/Dst:
ktsubtype__aws_subnet__INT64_05,
ktsubtype__aws_subnet__INT64_06

Non-directional AWS Dimensions

Dimension
name (portal)
Description Type:
value
column
KDE name(s)
Firewall Action The action associated with the traffic:
- ACCEPT: The recorded traffic was permitted by the security groups or network ACLs.
- REJECT: The recorded traffic was not permitted by the security groups or network ACLs.
string
Native
kt_aws_action
Logging Status The logging status of the flow log:
- OK: Data is logging normally to the chosen destinations.
- NODATA: There was no network traffic to or from the network interface during the capture window.
- SKIPDATA: Some flow log records were skipped during the capture window. This may be because of an internal capacity constraint, or an internal error.
string
Native
kt_aws_status
Start Time The time, in Unix seconds, when the first packet of the flow was received within the aggregation interval. This might be up to 60 seconds after the packet was transmitted or received on the network interface. bigint
Native
ktsubtype__aws_subnet__INT00
End Time The time, in Unix seconds, when the last packet of the flow was received within the aggregation interval. This might be up to 60 seconds after the packet was transmitted or received on the network interface. bigint
Native
ktsubtype__aws_subnet__INT01
Observing Interface ID The ID of the network interface that recorded the flow. string
Native
ktsubtype__aws_subnet__STR03
Flow Log Account ID The AWS account ID of the owner of the source network interface that recorded the flow.
Note: This value may be unknown when the interface is created by an AWS service, e.g. when creating a VPC endpoint or Network Load Balancer.
string
Native
ktsubtype__aws_subnet__INT64_00
Flow Direction The direction of the flow with respect to the interface where traffic is captured:
- ingress
- egress.
string
Native
ktsubtype__aws_subnet__INT06
Traffic Path The path that egress traffic (see Flow Direction) takes to the destination:
1 - Through another resource in the same VPC
2 - Through an internet gateway or a gateway VPC endpoint
3 - Through a virtual private gateway
4 - Through an intra-region VPC peering connection
5 - Through an inter-region VPC peering connection
6 - Through a local gateway
7 - Through a gateway VPC endpoint (Nitro-based instances only)
8 - Through an internet gateway (Nitro-based instances only)
Note: If none of the above values apply, the field is set to "-"
int
Native
ktsubtype__aws_subnet__INT07
Cloud Ultimate Exit The last gateway the flow will traverse on its way to the destination IP address. string
Virtual
ktsubtype__aws_subnet__STR25
Cloud Ultimate Exit Type The type of the last gateway the flow will traverse on its way to the destination IP address:
- Virtual Gateway
- Customer Gateway
- Transit
- Internet
- VPC Peering Gateway
- Egress Only Internet Gateway
- NAT Gateway
- Carrier Gateway
string
Virtual
ktsubtype__aws_subnet__STR26
Observing VPC ID The ID of the observing VPC. string
Native
ktsubtype__aws_subnet__STR10
Observing VPC Subnet ID The ID of the observing VPC subnet. string
Native
ktsubtype__aws_subnet__STR11
Observing Instance ID The ID of the observing instance. string
Native
ktsubtype__aws_subnet__STR12
Observing Region The ID of the observing region. string
Native
ktsubtype__aws_subnet__STR14
Observing Availability Zone ID The ID of the observing availability zone. string
Native
ktsubtype__aws_subnet__STR15
Observing Sublocation ID The ID of the observing subscription. string
Native
ktsubtype__aws_subnet__STR16
AWS Resource Type The type of AWS resource being observed such as EC2, RDS, etc. string
Virtual
ktsubtype__aws_subnet__STR27
AWS TGW Attachment ID The ID of the transit gateway attachment. string
Virtual
ktsubtype__aws_subnet__STR28
AWS TGW ID The ID of the transit gateway. string
Virtual
ktsubtype__aws_subnet__STR33
AWS TGW Pair Attachment ID The ID of the paired transit gateway attachment. string
Virtual
ktsubtype__aws_subnet__STR34
AWS Packets Lost - Blackhole The number of packets lost due to blackhole routing. int
Virtual
ktsubtype__aws_subnet__INT64_01
AWS Packets Lost - MTU Exceeded The number of packets lost because the packet size exceeded the MTU. int
Virtual
ktsubtype__aws_subnet__INT64_02
AWS Packets Lost - No Route The number of packets lost due to the absence of a valid route. int
Virtual
ktsubtype__aws_subnet__INT64_03
AWS Packets Lost - TTL Expired The number of packets lost because the TTL expired. int
Virtual
ktsubtype__aws_subnet__INT64_04

 
top  |  section

Azure Dimensions

These dimensions represent data in flow logs from resources in Microsoft Azure (see Kentik for Azure).

Directional Azure Dimensions

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Instance Name The name of the Azure instance (VM) that generated the flow log. string
Virtual
Src/Dst:
kt_az_src_inst_name,
kt_az_dst_inst_name
Instance The raw ID of the log-generating instance, which is useful for programmatic management of compute resources. string
Virtual
Src/Dst:
kt_az_src_inst_id,
kt_az_dst_inst_id
Region The geographical region of the Azure instance, which corresponds to a specific set of Azure data centers in which the instance may run. string
Virtual
Src/Dst:
kt_az_src_region,
kt_az_dst_region
Zone The High Availability Zone where the instance is currently deployed, which corresponds to a specific data center within a region. int
Virtual
Src/Dst:
kt_az_src_zone,
kt_az_dst_zone
Instance Type The kind of instance-generated flow logs, which may be Azure-provided or custom-built. These values do not follow a standard naming nomenclature. string
Virtual
Src/Dst:
kt_az_src_inst_type,
kt_az_dst_inst_type
Public DNS Name The publicly resolvable DNS name for an instance. string
Virtual
Src/Dst:
kt_az_src_fqdn,
kt_az_dst_fqdn
VNet ID An identifier for the virtual network object in which an instance resides. A virtual network is a collection of subnets within a given region. string
Virtual
Src/Dst:
kt_az_src_vnet,
kt_az_dst_vnet
Subnet Name The name of a subnet resource assigned to a virtual network. string
Virtual
Src/Dst:
kt_az_src_subnet,
kt_az_dst_subnet
Resource Group A set of related technical resources (disk, storage, VMs, APIs, services, etc.) that can be accessed as a group for bulk operations. string
Virtual
Src/Dst:
kt_az_src_resource_group,
kt_az_dst_resource_group
Public IP Address The public IP address assigned to an Azure instance. Public IP addresses are not assigned by default. string
Virtual
Src/Dst:
kt_az_src_public_ip,
kt_az_dst_public_ip
Subscription A top-level administrative object representing a set of resources that will be billed together in a monthly cycle. All Azure resources are tied to a subscription, which may contain multiple resource groups. string
Virtual
Src/Dst:
kt_az_src_sub_id,
kt_az_dst_sub_id
Security Rule The name of the security rule by which this flow was allowed or denied as it passed through a security group (see below) on its way to or from an Azure instance. string
Virtual
Src/Dst:
ktsubtype__azure_subnet__STR01,
ktsubtype__azure_subnet__STR00
Firewall Action The actions (allow or deny) taken on this flow by the security rules by which it was evaluated on the way to or from an Azure instance. string
Virtual
Src/Dst:
ktsubtype__azure_subnet__STR03,
ktsubtype__azure_subnet__STR02
Security Group A collection of enforced security policies (each a collection of rules) at the edge of a virtual network and/or applied to a network interface attached to an instance. Traffic to an instance from the internet must pass through at least one security group at the edge of the virtual network and may also pass through an additional security group attached to the interface of an instance. string
Virtual
Src/Dst:
kt_az_src_nsg_name,
kt_az_dst_nsg_name
Interface Name The name of the network interface. string
Virtual
Src/Dst:
ktsubtype__azure_subnet__STR06,
ktsubtype__azure_subnet__STR07
Gateway Name The name of the gateway. string
Virtual
Src/Dst:
ktsubtype__azure_subnet__STR09,
ktsubtype__azure_subnet__STR10
Gateway Type The type of gateway such as VPN, ExpressRoute, Application Gateway, etc. string
Virtual
Src/Dst:
ktsubtype__azure_subnet__STR11,
ktsubtype__azure_subnet__STR12
FQDN The fully qualified domain name. string
Virtual
Dst:
ktsubtype__azure_subnet__STR19
Load Balancer The Azure load balancer resource that distributes traffic. string
Virtual
Src/Dst:
ktsubtype__azure_subnet__STR23,
ktsubtype__azure_subnet__STR24

Non-directional Azure Dimensions

Dimension
name (portal)
Description Type:
value
column
KDE name(s)
Observing MAC Address The MAC address of the observing device. string
Virtual
ktsubtype__azure_subnet__STR08
Ingress Virtual Hub The name of the Azure Virtual Hub where the traffic enters. string
Virtual
ktsubtype__azure_subnet__STR13
Egress Virtual Hub The name of the Azure Virtual Hub where the traffic exits. string
Virtual
ktsubtype__azure_subnet__STR14
ExpressRoute Circuit Name The name of the Azure ExpressRoute circuit. string
Virtual
ktsubtype__azure_subnet__STR15
ExpressRoute Peering Type The name of peering type of the Azure ExpressRoute. string
Virtual
ktsubtype__azure_subnet__STR16
Firewall Policy The policy that governs that handling of traffic. string
Virtual
ktsubtype__azure_subnet__STR20
Firewall Rule The rule within the policy that allows or denies traffic. string
Virtual
ktsubtype__azure_subnet__STR21
Application Protocol The application layer protocol used in the communication process. string
Virtual
ktsubtype__azure_subnet__STR22
Logging Resource Category The classification of the logging resource. string
Virtual
ktsubtype__azure_subnet__STR17
Logging Resource Name The name of the logging resource. string
Virtual
ktsubtype__azure_subnet__STR18

 
top  |  section

GCP Dimensions

These dimensions represent data from resources in Google Cloud Platform (see Kentik for GCP).

Directional GCP Dimensions

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Project ID The Google Compute Engine (GCE) Project ID. string
Native
Src/Dst:
kt_gce_src_proj_id,
kt_gce_dst_proj_id
VM Name The GCE VM name. string
Native
Src/Dst:
kt_gce_src_vm_name,
kt_gce_dst_vm_name
Region The GCE region. string
Native
Src/Dst:
kt_gce_src_region,
kt_gce_dst_region
Zone The GCE zone. string
Native
Src/Dst:
kt_gce_src_zone,
kt_gce_dst_zone
Subnet Name The GCE subnet name. string
Native
Src/Dst:
kt_gce_src_vpc_snn,
kt_gce_dst_vpc_snn
VM Type The GCE VM type. string
Virtual
Src/Dst:
kt_gce_src_vm_type,
kt_gce_dst_vm_type
Image ID The GCE image ID. string
Virtual
Src/Dst:
kt_gce_src_vm_image,
kt_gce_dst_vm_image
Instance Group ID or Name The GCE instance group ID or name. string
Virtual
Src/Dst:
kt_gce_src_vm_group,
kt_gce_dst_vm_group
VPC Name The name of the VPC. string
Native
Src/Dst:
ktsubtype__gcp_subnet__STR11,
ktsubtype__gcp_subnet__STR12
GKE Pod Name The name of the individual pod in GKE (Google Kubernetes Engine). string
Native
Src/Dst:
kt_k8s_src_pod_name,
kt_k8s_dst_pod_name
GKE Pod Namespace The namespace that the pod is a part of in GKE. string
Native
Src/Dst:
kt_k8s_src_pod_ns,
kt_k8s_dst_pod_ns
GKE Cluster Name The name of the GKE cluster. string
Native
Src/Dst:
kt_k8s_src_load_name,
kt_k8s_src_load_name
GKE Cluster Location The location of the GKE cluster. string
Native
Src/Dst:
kt_k8s_src_load_ns,
kt_k8s_src_load_ns
GKE Service Name The name of the GKE service. string
Native
Src/Dst:
kt_k8s_src_svc_name,
kt_k8s_dst_svc_name
GKE Service Namespace The namespace that the GKE is a part of. string
Native
Src/Dst:
kt_k8s_src_svc_ns,
kt_k8s_src_svc_ns
Entity Gateway Name The name of the gateway entity. string
Virtual
Src/Dst:
ktsubtype__gcp_subnet__STR27,
ktsubtype__gcp_subnet__STR28
Entity Gateway Type The type of gateway. string
Virtual
Src/Dst:
ktsubtype__gcp_subnet__STR29,
ktsubtype__gcp_subnet__STR30

Non-directional GCP Dimensions

Dimension
name (portal)
Description Type:
value
column
KDE name(s)
Reporter Indicates where the flow was collected/reported:
- By the source VM/instance if value is SRC;
- By the destination VM/instance if value is DEST.
string
Native
kt_gce_reporter
Dedicated Interconnect Name The name of the GCP Dedicated Interconnect. string
Virtual
ktsubtype__gcp_subnet__STR25
Dedicated Interconnect Type The type of interconnection established. string
Virtual
ktsubtype__gcp_subnet__STR26

Non-directional Google Cloud Run (GCR) Dimensions

Dimension
name (portal)
Description Type:
value
column
KDE name(s)
Project ID The GCP Cloud Run project ID. string
Virtual
ktsubtype__gcp_subnet__STR04
Resource Type The GCP Cloud Run resource type. string
Virtual
ktsubtype__gcp_subnet__STR00
Service Name The GCP Cloud Run service name. string
Virtual
ktsubtype__gcp_subnet__STR01
Location The region where the GCP Cloud Run service is deployed. string
Virtual
ktsubtype__gcp_subnet__STR02
Service Revision Name The name of the GCP Cloud Run service revision. string
Virtual
ktsubtype__gcp_subnet__STR03
HTTP Status Code The HTTP response status code indicating the result of the request processed by the GCP Cloud Run service. int
Virtual
ktsubtype__gcp_subnet__INT00

 
top  |  section

OCI Dimensions

These dimensions represent data from resources in Oracle Cloud Infrastructure (see Kentik for OCI).

Notes:
- All KDE columns for OCI dimensions are UDR (see Universal Data Records).
- Additional details about OCI flow logs may be found in the OCI documentation topic Details for VCN Flow Logs.

Directional OCI Dimensions

Dimension
name (portal)
Description Type:
value
column
KDE name(s)
Subnet Name The name of the subnet. string
Virtual
Src/Dst:
ktsubtype__oci_subnet__STR06,
ktsubtype__oci_subnet__STR07
VCN Name The name of the virtual cloud network. string
Virtual
Src/Dst:
ktsubtype__oci_subnet__STR08,
ktsubtype__oci_subnet__STR09
Region The region where the resource is located. string
Virtual
Src/Dst:
ktsubtype__oci_subnet__STR10,
ktsubtype__oci_subnet__STR11
VNIC Name The name of the virtual network interface card. string
Virtual
Src/Dst:
ktsubtype__oci_subnet__STR12,
ktsubtype__oci_subnet__STR13
Instance Name The name of the instance. string
Virtual
Src/Dst:
ktsubtype__oci_subnet__STR14,
ktsubtype__oci_subnet__STR15
Dynamic Routing Gateway Name The name of the dynamic routing gateway. string
Virtual
Src/Dst:
ktsubtype__oci_subnet__STR16,
ktsubtype__oci_subnet__STR17
Local Peering Gateway Name The name of the local peering gateway. string
Virtual
Src/Dst:
ktsubtype__oci_subnet__STR18,
ktsubtype__oci_subnet__STR19

Non-directional OCI Dimensions

Dimension
name (portal)
Description Type:
value
column
KDE name(s)
Action Indicates whether the record’s traffic was accepted or rejected by the security lists. string
Native
ktsubtype__oci_subnet__STR00
Status The status of the data capture window for the flow log. string
Native
ktsubtype__oci_subnet__STR01
Tenant OCID The Oracle Cloud ID of the tenant. string
Native
ktsubtype__oci_subnet__STR02
VNIC OCID The Oracle Cloud ID of the virtual network interface card. string
Native
ktsubtype__oci_subnet__STR03
VNIC Compartment OCID The Oracle Cloud ID of the compartment to which the VNIC belongs. string
Native
ktsubtype__oci_subnet__STR04
VNIC Subnet OCID The Oracle Cloud ID of the subnet to which the VNIC belongs. string
Native
ktsubtype__oci_subnet__STR05
Internet Gateway The OCI Internet Gateway that provides a path for the network traffic between the VCN and the internet. string
Virtual
ktsubtype__oci_subnet__STR20
NAT Gateway The OCI Network Address Translation gateway that enables instances to initiate connections to the internet. string
Virtual
ktsubtype__oci_subnet__STR21
Service Gateway The OCI Service Gateway that provides a path for the network traffic between the VCN and the other OCI resources. string
Virtual
ktsubtype__oci_subnet__STR22
IPsec Connection Name The name of the IPsec VPN connection. string
Virtual
ktsubtype__oci_subnet__STR23
Virtual Circuit Name The name of the OCI Virtual Circuit. string
Virtual
ktsubtype__oci_subnet__STR24
 

Geolocation Dimensions

These dimensions are used to filter or group-by on flow properties related to physical location.

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Custom Geo A collection of countries that have been assigned a common geographical label (see About Custom Geos). string
Native
Src/Dst:
kt_src_market,
kt_dst_market
Country Two-letter country code associated with the source/destination IP of the flow. string
Native
Src/Dst:
src_geo,
dst_geo
Region Full-string English name of the region (state or province, e.g. "California") associated with the source IP of the flow. string
Native
Src/Dst:
src_geo_region,
dst_geo_region
City Full-string English name of the city (e.g. "San Francisco") associated with the source IP of the flow. string
Native
Src/Dst:
src_geo_city,
dst_geo_city
Site Country A country in which your organization has sites; enables the grouping, with a single dimension, of traffic from all sites in a given country. string
Virtual
Non-directional:
i_device_site_country
Ultimate Exit Site Country The name of the country containing the site through which flow leaves. string
Virtual
Non-directional:
i_ult_exit_site_country

 

Application Context and Security

These dimensions are used to filter or group-by based on various factors related to context — whether a flow originated or terminated with a commercial CDN, for example, or what "service" (port and protocol) it represents — as well as whether the value of certain flow fields match those of known security threats.

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
Cloud The name of the vendor (e.g. AWS, GCP, Azure, etc.) operating the cloud computing service in which this flow originated (src) or terminated (dst). The value is derived by checking the IP address (src or dst) in the flow against the cloud provider's list of IPs. string
Native
Src/Dst:
kt_src_cloud
kt_dst_cloud
Cloud Service The name that a cloud computing vendor assigns to the service in which a flow originated (src) or terminated (dst). The value is derived by checking the IP address (src or dst) in the flow against the cloud provider's list of IPs. string
Native
Src/Dst:
kt_src_cloud_service
kt_dst_cloud_service
CDN Commercial CDN (if any) with which the flow originated/terminated (see CDN Attribution Dimensions).
Note: This dimension is available only for organizations with CDN Attribution enabled.
string
Native
Src/Dst:
src_cdn,
dst_cdn
Service (Port + Proto) The combination of the port and protocol of the source/destination flow.
Note: This dimension is available only for group-by. For filtering, use Port Number and Protocol.
string
Virtual
Src/Dst:
N.A.
Bot Net CC A source/destination IP for the flow that has been identified as a botnet command and control (CC) servers (see Threat Feed Dimensions). string
Native
Src/Dst:
src_threat_bnetcc,
dst_threat_bnetcc
Threat List Host A source/destination IP for the flow that has been identified as a threat (see Threat Feed Dimensions). string
Native
Src/Dst:
src_threat_host,
dst_threat_host
Application An identifying string for the application associated with a flow, which is either derived by evaluating flow data or provided in the flow data itself (see About Applications). string
Native
Non-directional:
application
TCP Flags TCP flags that were set on the flow using a flow mask (TCP Flag Filtering). int
Native
Non-directional:
tcp_flags
OTT Service An individual OTT content service whose hostname is looked up via DNS. string
Native
Non-directional:
ott_service
OTT Service Type The nature of the content provided by an OTT content service. Values include Adult, Ads, Antivirus, Audio, Cloud, Conferencing, Dating, Developer Tools, Documents, Ecommerce, File Sharing, Gaming, IoT, Mail, Maps, Media, Messaging, Network, Newsgroups, Photo Sharing, Social, Software Download, Software Updates, Storage, Video, VPN, Web. string
Virtual
Non-directional:
N.A.
OTT Service Provider An entity that offers an OTT content service. For example Google is the provider for Google Drive, GMail, Google Maps, etc. string
Virtual
Non-directional:
N.A.

 

Application Decodes

Dimensions related to "application decodes" are covered in the following topics:

 
top  |  section

About Application Decodes

Application decodes dimensions are used to filter or group-by based on host-related fields (e.g. HTTP and DNS-related fields) with which Kentik enriches flow records from our software host agent (see About kprobe). Kentik originally allocated this data to a fixed set of KDE columns but later switched to the more efficient approach of storing it in UDR columns (see Universal Data Records). As a result, data from current kprobe versions is queried via dimensions that are categorized as "Application Decodes" in the portal UI while data from kprobe versions older than 1.3.0 is queried via dimensions that are now categorized as "Legacy Application Decodes."

Note: To determine the version of a given instance of kprobe, use the --version argument described in Print-related Configuration.

 
top  |  section

Application Decodes Dimensions

The dimensions in the table below correspond to application decode fields from kprobe version 1.3.0 and above, which use UDR columns in KDE (see Universal Data Records).

Notes:
- These dimensions are all non-directional.
- For application decodes metrics, see Application Decodes Metrics.
- The dimensions below require Kentik's kprobe software host agent (see About kprobe).

DNS Dimensions

Dimensions related to DNS properties (see Host Traffic Dimensions):

Dimension
name (portal)
Description Type:
value
column
Direction
DNS Query Name Query from a DNS resolver to a DNS name server. string
UDR
Non-directional
DNS Query Type The resource record type requested by the DNS query. bigint
UDR
Non-directional
DNS Reply Code DNS return code (see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6). bigint
UDR
Non-directional
DNS Reply Data The response from a DNS server to a DNS query. string
UDR
Non-directional

HTTP Dimensions

Dimensions related to HTTP properties (see Host Traffic Dimensions):

Dimension
name (portal)
Description Type:
value
column
Direction
HTTP URL Filename portion of path, with query string (if any). string
UDR
Non-directional
HTTP Host Domain name of the server. string
UDR
Non-directional
HTTP Referrer The address from which a destination webpage is requested. string
UDR
Non-directional
HTTP URL Filename portion of path, with query string (if any). string
UDR
Non-directional
HTTP Host Domain name of the server. string
UDR
Non-directional

TLS Dimensions

Dimensions related to Transport Layer Security (see IETF RFC8446):

Dimension
name (portal)
Description Type:
value
column
Direction
TLS Server Name The Server Name Indication (SNI), which is a TLS extension by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. string
UDR
Non-directional
TLS Server Version The version of the TLS server (as of August 2018 the current version was 1.3). int
UDR
Non-directional
TLS Cipher Suite A set of cryptographic algorithms used to create keys and encrypt information for TLS. int
UDR
Non-directional

DHCP Dimensions

Dimensions related to Dynamic Host Configuration Protocol (see IETF RFC2131):

Dimension
name (portal)
Description Type:
value
column
Direction
DHCP OP Message op code / message type: 1 = BOOTREQUEST, 2 = BOOTREPLY. int
UDR
Non-directional
DHCP Message Type The type of the DHCP message, e.g. DHCPDISCOVER, DHCPOFFER, etc. (see DHCP Message Type). int
UDR
Non-directional
DHCP CI Address A client IP address (ciaddr) that has already been allocated and accepted; only filled in if client is in BOUND, RENEW or REBINDING state and can respond to ARP requests. string
UDR
Non-directional
DHCP YI Address The IP address of the client (yiaddr) as allocated by the server and accepted by the client. string
UDR
Non-directional
DHCP SI Address The IP address of next server to use in bootstrap (siaddr). string
UDR
Non-directional
DHCP Lease In a client request (DHCPDISCOVER or DHCPREQUEST), the requested lease time for the IP address; in a server reply, the lease time offered by the server (see IP Address Lease Time). int
UDR
Non-directional
DHCP CH Address The client hardware address (chaddr). string
UDR
Non-directional
DHCP Hostname The name of the client (see Host Name Option). string
UDR
Non-directional
DHCP Domain The domain name that client should use when resolving hostnames via the Domain Name System (see Domain Name Option). string
UDR
Non-directional

Radius Dimensions

Dimensions related to RADIUS (see FreeRADIUS attributes):

Dimension
name (portal)
Description Type:
value
column
Direction
Radius Code The RADIUS Packet type: Access-Request, Access-Accept, Access-Reject, or Access-Challenge (see IETF RFC2865). int
UDR
Non-directional
Radius User Name The name of the user to be authenticated. string
UDR
Non-directional
Radius Service Type The type of service the user has requested, or the type of service to be provided. int
UDR
Non-directional
Radius Framed IP Address The address to be configured for the user. string
UDR
Non-directional
Radius Framed IP Mask The IP netmask to be configured for the user when the user is a router to a network. string
UDR
Non-directional
Radius Framed Protocol The framing to be used for framed access. string
UDR
Non-directional
Radius Accounting Status Indicates whether this Accounting-Request marks the beginning of the user service (Start) or the end (Stop). int
UDR
Non-directional
Radius Accounting Session ID A unique Accounting ID that enables the matching of start and stop records in a log file. string
UDR
Non-directional

 
top  |  section

Legacy Application Decodes

The dimensions in the table below correspond to application decode fields from kprobe versions earlier than 1.3.0.

Note: The dimensions below require Kentik's kprobe software host agent (see About kprobe).

Legacy DNS Dimensions

Dimensions related to DNS properties (see Host Traffic Dimensions):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
DNS Query Query from a DNS resolver to a DNS name server.
Note: Superseded by DNS Query Name.
string
Native
Src/Dst:
kflow_dns_query,
N.A.
DNS Query Type The resource record type requested by the DNS query. bigint
Native
Src/Dst:
kflow_dns_query_type,
N.A.
DNS Return Code DNS return code (see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6).
Note: Superseded by DNS Reply Code.
bigint
Native
Src/Dst:
kflow_dns_ret_code,
N.A.
DNS Response The response from a DNS server to a DNS query.
Note: Superseded by DNS Reply Data.
string
Native
Src/Dst:
kflow_dns_response,
N.A.

Legacy HTTP Dimensions

Dimensions related to HTTP properties (see Host Traffic Dimensions):

Dimension
name (portal)
Description Type:
value
column
Direction
KDE name(s)
HTTP URL Filename portion of path, with query string (if any). string
Native
Src/Dst:
N.A.,
kflow_http_url
HTTP Host Header Domain name of the server.
Note: Superseded by HTTP Host.
string
Native
Src/Dst:
N.A.,
kflow_http_host
HTTP Return Code HTTP status code.
Note: Superseded by HTTP Status.
bigint
Native
Src/Dst:
N.A.,
kflow_http_status
HTTP Referrer The address from which a destination webpage is requested. string
Native
Src/Dst:
N.A.,
kflow_http_referer
HTTP User Agent User agent information identifying the client that submitted a request. string
Native
Src/Dst:
N.A.,
kflow_http_ua

 

Container Networking Dimensions

Kentik dimensions related to container networking are covered in the following topics:

Notes:
- Container networking is currently supported in Kentik via Kubernetes. Support for other forms of container networking is planned.
- Use of Kubernetes with Kentik requires a special software agent; contact Customer Support for further information.

 
top  |  section

Kubernetes Dimensions

These dimensions represent information, gathered by Kentik at ingest, about the setup of a Kubernetes-managed container (see What is Kubernetes). These fields are stored in the KDE flow records of traffic from the container.

Note: See also PATA Dimensions.

Dimension
name (portal)
Description Type:
value
column
Direction
Pod Name The name of a pod, which represents a set of running containers on your cluster. string Src/Dst
Pod Namespace The scope within which the pod name is valid and unique. string Src/Dst
Workload Name The name of a workload, which is a system of services or applications that can run to fulfill a task or carry out a business process. string Src/Dst
Workload Namespace The scope within which the workload name is valid and unique. string Src/Dst
Container Name The name of an executable image that contains software and all of its dependencies. string Dst only
Service Name The name of a network application that is running as one or more pods in your cluster. string Src/Dst
Service Namespace The namespace in which the service is running. string Src/Dst

 
top  |  section

PATA Dimensions

The values for process-aware telemetry agent (PATA) dimensions originate from Kentik's kappa host agent, a host-based telemetry agent providing ultra-efficient observability across production settings including both on-premises data centers and cloud infrastructure (see Kubernetes Dimensions & Metrics).

Notes:
- The descriptions in the table below apply only in the context of Kubernetes.
- See also Kubernetes Dimensions.

Dimension
name (portal)
Description Type Direction
Process PID The ID of the source or destination process of the flow. integer Src & Dst
Process Name The name of the source or destination process of the flow string Src & Dst
Process Cmdline The command entered at the CLI, related to the process ID of the source or destination process of the flow. string Src & Dst
Process Container ID The string (guid format) that uniquely identifies the container. string Src & Dst
Node The source or destination Kubernetes node that originated or terminated the flow. string Src & Dst
Object Name The Kubernetes object (pod or service name) for the source or destination pod in the traffic flow. string Src & Dst
Object Namespace The Kubernetes namespace of the source or destination pod in the traffic flow. string Src & Dst
Object Type The Kubernetes object type for the traffic flow (pod or service). string Src & Dst
Container Name The container name(s) related to the source or destination process ID. string Src & Dst
Workload Name The name of the workload that a pod or service was deployed as. string Src & Dst
Workload Namespace The namespace name of a source or destination traffic flow. string Src & Dst
Object Labels The object labels associated with source or destination traffic. string Src & Dst
Cluster ID A unique identifying integer that the cluster assigns to itself. integer Other
© 2014- Kentik
In this article:
×