Traffic Sentinel : Help
Help Index Top > Report > Explore

The Explore page is used to query the traffic database and generate charts.

Topics:

See Also:


Which Database should I select?

There are three types of data:

There are two versions of each database:

Back to Top

How do I trend utilization for a specific network interface?

  1. Select the Historical Interface Counters database.
  2. Select the interface from the Interface list. If the interface isn't in the list, go to the Sentinel:Search>Agent/Interface page to find the interface, then click on the Explore button to return to the Explore page. Alternatively, navigate to the interface using the Sentinel:Traffic>Status page. Once the interface has been selected, click on the Explore button.
  3. Select the set of counters to plot by choosing a Value setting (in this case select % Utilization).
  4. Select an Interval to plot.
Back to Top

How do I select a particular time interval?

Each chart has an Interval setting that allows the time range to be specified. Time intervals are always relative to the current time (e.g. Yesterday, Last 6 Hours etc.). Relative times are useful when creating reports since the chart will automatically update it's interval whenever the report is run.
Note: The actual interval used is displayed in chart subtitle.

In trend charts it is possible to zoom in on particular subintervals of interest. Just position the mouse at the beginning of the subinterval you are interested in, click on the mouse button and drag to the end of the interval. Release the mouse button and the chart will zoom into the subinterval. To unzoom, click on the Unzoom button above the chart.

Back to Top

How do I see top contributors to traffic?

If any of the Traffic databases are selected, you will be able to pick a Category and Value for the chart. The Category determines the packet flow attribute that will be used to construct the categories in the chart and the Value determines the value that will be plotted. For example, setting Category = Source Address and Value = Bytes will display the total number of bytes transmitted by each source address.

The Truncate setting specifies the number of values to display. For example, setting Truncate = 5 in the previous example would display the top 5 Sources Address (by bytes transmitted).

The Chart Type setting is used to determine the type of chart to display; such as bar chart, pie chart or trend chart.

The Show setting determines if names or numeric addresses will be used in the chart.

Back to Top

How do I drill-down and select specific traffic?

Clicking on bars, pie segments or legend items in trend charts will add a filter in the Where box that selects traffic matching the indicatated category. A quick way to drill-down through traffic and construct a filter is to select a Category, click on a value, switch Category and click on another value. The filter in the Where box can be altered manually at any point (see How do I create a custom filter?). At any point the filter can be removed by clicking on the Clear button.

Back to Top

How do I create a custom filter?

The Where box is used to filter traffic queries so that only selected traffic is shown. A filter expression can be entered directly into the input box. Clicking on the OK button applies the filter. Clicking on the Clear button will remove the filter.

An easier way to construct filters is to click on the Edit button to display additional inputs used to construct the filter expression. The first input consists of a selection box containing attributes that can be compared, a selection box containing comparison operators and an input area to specify that values to be compared to the selected attribute. Clicking the Add button appends the comparison to the current filter. There are also boolean operator buttons (& and |) and bracket buttons that can be used to combine comparison expressions to form more complex filters. The filter builder only enables buttons and inputs when they are allowed in the filter expression that is being constructed. Once the desired filter has been constructed, click on the OK button to apply it.

Note: If you just want to filter on a Host or Protocol then it is easier to set the Host and Protocol filters, rather than constructing a Where filter.

A basic filter expression consists of the name of an attribute, an operator and a set of comma separated values. The allowed operators are:

Expressions can be combined using brackets and the boolean operators:

The following examples illustrate typical where filters:

Note: The special zone EXTERNAL refers to addresses that aren't contained in any of the CIDRs specified using File > Configure.

WARNING Care should be taken if a value in a filter expression contains any of the following special characters: (, ), &, |, !, =, ~, ",', \, comma or space. If the value contains any of these characters then the whole value string can be enclosed in single or double quotes, or the special characters can be individually escaped with a \. The following examples show different ways of using the value "Research & Development" in filters:

Note: Special characters typically occur because they are used in Zone or Group names when configuring Traffic Sentinel (see File>Configure). Care should be taken when filtering on zone, group or path attributes.

Back to Top

How do I include a chart in a report?

The Copy to Editor button will be enabled if you have a report open in the Sentinel:Report>Edit page. Clicking on the button will switch to the Edit page and add a section matching the current query results. The new section can be modified to add a title and description (see How do I change section settings?).

Note: If the Copy to Editor button is disabled, click on the Edit tab and open an existing report, or create a new report. Return to your query results and the button will be enabled.

Back to Top