Exploring Your Network Data in Kentik

A cornerstone of network observability is the ability to ask any question of your network. And that means having an unbound capacity to explore the tremendous amount and variety of network telemetry that you collect. It means being able to see trends and patterns from a macro level, and it also means being able to get very granular to see individual transactions and IP conversations. Collecting information from flow records, SNMP, streaming telemetry, BGP, eBPF, RF and so much more is certainly very important. But what's just as important is the ability to query that data efficiently according to your specific scenario, your specific role, your specific needs. The Kentik Data Explorer is a very powerful interface between you as an engineer, whether that's network systems, cloud security or SRE, and the database of information that you've collected with the Kentik platform. So using the Kentik Data Explorer, you can manually explore all of that data, which is stored in the main tables of the Kentik Data Engine. You can filter on very specific parameters such as time range, various data sources and types, and hundreds of different dimensions, such as IP addresses, ASNs, application and security tags, container information, the fields inside of VPC flow logs and a lot more. You can query the database using Kentik's quick filters, or you can create custom ones. And when you query the database according to whatever parameters matter to you, you can select the type of interactive results you get back, whether that's in the form of some type of chart, a graph table, or the CURL and/or JSON code that you can use to return information from the Kentik query API. And of course, to save you time and effort, your custom queries get saved to the library so you don't have to recreate them and you can share them with your team. So now let's take a look at the Kentik Data Explorer in action. After opening the Kentik interface, we can navigate to the main menu here in the upper left of your screen. Then we can select Data Explorer from the menu. But remember, Data Explorer represents the interface between you and the entire underlying database. So in reality, all of the functions that you see here on your screen in the menu will use the same underlying data and then have a link that can take you back to the Data Explorer if you need to investigate something further. So we'll select Data Explorer and get our dashboard, which of course, you can customize to fit your own needs. Here on the right of your screen, notice we have our query menu open and all of the various parameters we can use to refine our queries. We can edit the data sources we care about, such as network devices, like routers and switches, public cloud, labels sites, specific devices we might be interested in. And we can also edit the dimensions used in our query, and this allows us to filter at a very granular level. Remember that the whole point of Data Explorer is to provide you that unbound ability to explore the data any way that you need and then likewise get back the results in any format that makes most sense for you. So here, we can filter on one or two dimensions or a variety of different dimensions in combination. Now at the top we have a list related to networking, so things like interface, VLAN, site, and so on. And beneath that, we have parameters related to routing, things like AS path, VRF, DSCP values and so on as well. Now as I scroll down more notice that we can filter on many different parameters related to public cloud, which is pretty extensive when you dig into this. And we can combine all of these filters with geolocation, application, context, DNS information scrolling down even more, you can filter based on container information too. So things like pod name, namespace, service name and so on. Now I've made it through only about half of this list. And the point is that you have an incredible ability to filter the database exactly the way you want for your particular scenario and then get back the results related specifically to your role, your scenario, your specific needs, that unbound ability to explore. And of course, you can also select a time range by using the dropdown menu here, but you can also look simply by highlighting that segment in the visualization, and the system will automatically update and then look at that time range for you. Sometimes it's important in these deeper dives to look at bits per second or packets per second. Or maybe you're interested in looking specifically at transmissions or fragments. There are literally dozens of different metrics to filter on, and here in the metrics dropdown, you can select exactly what you want to see. Now when you create a custom filter, you can save it and share it here by selecting in the upper right this button. And then notice that you can add a name and description and you can copy the link or email that information to your team. Under actions, we have options to export our data in several formats, and we can also add this new query to our Observation Deck, which is one of the main dashboards in the platform. But you can add this new query to an existing dashboard or create a new one. If you like. And notice here that you can also see the API call that we used to get that result for you. So Data Explorer is a way to literally explore all the data ingested into the Kentik platform. But let's say that you're doing something different. You're using a different component of the platform, such as DDoS Defense. You're investigating a DDoS attack, for example. So you'd start here and do what you need to do here in the DDoS Defense to mitigate the attack and then start a post mortem investigation. Now, as you drill down further, you may need to get very granular, which is common with a network security task. As I drill down into this specific attack, notice here in the lower right, I can examine the data used for this alert in Data Explorer itself simply by clicking the link, which then takes me to the query results in Data Explorer. So here you can edit the parameters even more if you like, which we've looked at earlier. And then here you could see the specific filter that this policy used broken down for you. The idea here is unbound, efficient ability to explore all of the very different types of network telemetry in the database. In other words, ask any question you want of your network and find the answer that you need. For more information, visit kentik.com/dataexplorer. And you can always reach out to a Kentik representative as well. Thanks very much.