Introduction

The Savvius Network Dashboards provide the user interface to view the long term monitoring of your network and the applications running on them. They are built on the ELK platform, which is an open source software stack consisting of Elasticsearch, Logstash, and Kibana (ELK). Kibana is the user interface displayed when viewing the Savvius Network Dashboards. For more detailed information about ELK, please refer to the documentation on the Elasticsearch website, and the many forums discussing it.

Network Dashboard Controls

Each of the Savvius Network dashboards (listed in ‘Savvius Network Dashboards’ below) display different information about the network; however, they all have the following common controls:

Navigation Pane – The navigation pane to the left lets you select the Discover, Visualize, Dashboard, Timelion, Dev Tools, and Management options:

  • Discover – Review raw event data, and create searches.
  • Visualize – Create visualizations (or panels).
  • Dashboard – Create, manage, and navigate through the Savvius network dashboards. Each of the dashboards are described in ‘Savvius Network Dashboards’ below.
  • Timelion – Create time series data visualizations that analyze data in time order. Timelion is driven by a simple expression language used to retrieve time series data, perform calculations to tease out the answers to complex questions, and visualize the results.
  • Dev Tools – Enter arbitrary queries to Elasticsearch.
  • Management – Perform a variety of administration tasks.

Filter bar – The filter bar lets you filter the content of the panels in the dashboard. The type of filter to use is dependent on the data in the panels. The filter bar is a powerful feature in the dashboards. To learn more about using the Filter bar, refer to the documentation on the Elasticsearch website.

Dashboards bar – The dashboards bar contains links to all of the dashboards. A description of each dashboard is provided below. If new dashboards are created they will not be added to this bar automatically, but can be added manually.

Savvius Network Dashboards

General

Overview– The Overview dashboard is a collection of statistics about different aspects of the network. Some of the panels in the Overview dashboard can be found in other dashboards that have more information about that specific aspect of the network.

Applications – The Applications dashboard focuses on statistics about the applications running on the network. It includes panels for Worst Application Response Times, Average Application Response Times, Average Productivity, Average Risk, Application Response Time Table, and Application Category Table. Clicking on an application in the chart or the table will filter the whole dashboard for that application.

Conversations – The Conversations dashboard provides different statistics about the conversations. There are single value metrics at the top for the number of conversations and response times. The Conversations dashboard includes panels for Top Conversations by Bytes, Conversation Status, Conversation Response Times, Conversations Table Description, and Conversations Table. The Conversation Table lists the conversations and displays metrics about each one. There is a link to a Conversations Detail Dashboard, which has a Conversation Table that includes the ConversationID, and some other extra columns. The workflow is to filter appropriately in the Conversations Dashboard, pin the filters, then go to the Conversations Details Dashboard to see extra information about the filtered conversations.

Protocols – The Protocols dashboard includes panels for Top Protocols by Utilization and a Top Protocols table with byte and packet counts for each protocol.

Nodes – The Nodes dashboard includes panels for Node Statistics, Node Volume, and Top Nodes.

Network – The Network dashboard focuses on statistics about the network. It includes panels for TCP Stats, ARP Stats, Error Stats, QoS Stats, Packet Size Distribution Over Time, ICMP Stats, Address Types, and Broadcast and Multicast Packets.

VoIP

VoIP Calls – The VoIP Calls dashboard lists the VoIP calls, and provides many different statistics about the VoIP Calls, as well as the media flows for each.

VoIP Media – The VoIP Media dashboard lists the VoIP Media flows for each VoIP call, and provides detailed information about the media flows for the VoIP calls, including many different quality measurements for each.

Expert

Expert Events – The Expert Events dashboard includes panels for Total Events, Events Over Time, Top Events, Expert Events Table, and Flows by Event Count.

Expert Trends – The Expert Trends dashboard separates categories of expert events into different pie charts and time chart graphs. The Expert Trends dashboard includes panels for Slow Response Time Events, Slow Response Time Events Trend, TCP Events, TCP Events Trend, IP Events, IP Events Trend, ICMP Expert Counts, and ICMP Events Trend.

Web Events – The Web Events dashboard lists all of the Web URLs, and includes panels for URL Count Over Time, HTTP Client Errors Over Time, HTTP Server Errors Over Time.

Security Events – The Security Events dashboard includes various panels that show activity of events over time that may be considered related to security. The Security Events dashboards includes panels for Storm Events, Too Many Physical Error Events, ICMP Events, MAC Flooding Events, and Spanning Tree Topology Change Events.

Maps

Utilization Map – The Utilization Map dashboard includes geo-location data about the network traffic. The Utilization Map dashboard includes panels for Utilization Map, Nodes by Country and City, Bytes Sent by Country, Packets Sent by Country, Bytes Received by Country, Packets Received by Country, and Country by Bytes and Packets. This dashboard also has a multi-layer pie chart, where each layer zooms further into the location of the traffic. This dashboard can be used to better understand where traffic is coming from and going to.

Event Map – The Event Map dashboard includes geo-location information about flow based Expert Events. The Event Map dashboard includes panels for Event Map, Events by Country and City, Events by Country, and Country by Bytes and Packets. This dashboard also has a multi-layer pie chart, where each layer zooms further into the location where the problems are occurring. This dashboard can be used to better understand where network problems are.

Important Note: The Map dashboards only map public IP addresses.

Baseline

Compare Days – The Compare Days dashboard contains time series graphs of some common statistics that overlay the current days statistics with the previous two days. The Compare Days dashboard includes ‘Compare Days’ panels for Flows, Nodes, Avg Utilization, Max Utilization, Avg App Latency, Worst App Latency, Avg Net Latency, and Worst Net Latency.

Compare Weeks – The Compare Weeks dashboard contains time series graphs of some common statistics that overlay the current weeks statistics with the previous two weeks. The Compare Weeks dashboard includes ‘Compare Weeks’ panels for Flows, Nodes, Avg Utilization, Max Utilization, Avg App Latency, Worst App Latency, Avg Net Latency, and Worst Net Latency.

Health

The Health dashboard provides health status on other devices that are configured to send SNMP Traps. The Health dashboard supports the following SNMP OIDS:

  • UCD-SNMP-MIB::ssCpuSystem
  • UCD-SNMP-MIB::ssCpuIdle
  • UCD-SNMP-MIB::memTotalReal
  • UCD-SNMP-MIB::memTotalSwap
  • RFC1213-MIB::ifInOctets
  • RFC1213-MIB::ifOutOctets
  • RFC1213-MIB::ifInErrors
  • RFC1213-MIB::ifOutErrors
  • LM-SENSORS-MIB::lmTempSensorsValue
  • SAVVIUS-MIB::wpNotifySeverity
  • SAVVIUS-MIB::wpNotifyDescription

The Health dashboard includes panels for SNMP Events Count by Device, CPU Usage (%) History, CPU Usage, Memory Usage (%) History, Memory Usage, Network Traffic History, Network Interfaces, Temperature Reading History, Temperature Reading, Savvius Notifications History, and Savvius Notifications.

Note: For data to appear in the ‘Health’ dashboard, SNMPTrap listener needs to be enabled on the  unit.