The App dashboards are organized into logical groups, and could be accessed from the top navigation bar and drop-down menus.
Overview is the default dashboard showing high level traffic statistics, such as top talkers, top listeners, traffic by protocol, traffic by protocol and destination ports, and top devices and interfaces by traffic volume.
This is an alternative Overview dashboard built using Splunk
tstats command. Tstats requires some fields to be placed in Splunk index at ingestion time, so make sure you have upgraded Technology Add-on for NetFlow (TA-netflow) to version 4.2.4 or later.
Set this dashboard as your default dashboard in case you ingest large volume of NetFlow data for better performance. Go to Splunk Settings > User interface > Navigation menus, select
default and change it from:
<nav><collection label="Overview"><view name="overview" default="true"/><view name="overview_ts"/><view name="overview_si"/>
<nav><collection label="Overview"><view name="overview"/><view name="overview_ts" default="true"/><view name="overview_si"/>
This is another alternative Overview dashboard built using Splunk summary indexing.
For more information, see Summary Index for Large Volumes of Data.
Use this and other SI dashboards if you have extremely large volumes of data or running searches for a long time range.
Network Conversations group has dashboards to view traffic statistics reported by the NFO Module Network Conversations. This group includes the following dashboards:
Network Conversations Unidirectional
Network Conversations Bidirectional
Network Conversations Accepts-Rejects
To learn more about this Module, see Network Conversations Monitor in NFO User Guide.
Hosts group has dashboards to view traffic statistics from communicating peers point of view. For example, Traffic by Source IP dashboard shows top talkers, and the ability to drill down to communicating peers as well as seeing network devices that reported these network conversations. This group includes the following dashboards:
Traffic by Source IP
Traffic by Source IP with TCP Duration
Traffic by Destination IP
Traffic by Protocol and Port
Traffic by Host Pairs
Traffic by Protocol
Traffic by Subnets
Connection Details >
Interfaces group has dashboards to view traffic statistics starting from network devices and interfaces. These dashboards allow you to drill down and see network conversations traversing network devices and interfaces. This group includes the following dashboards:
Top Devices by Traffic
Top Devices by Packet Rate
Interfaces Utilization with Traffic by ports, source/destination, CBQOS
Watched Interfaces Utilization
Applications group has dashboards to view traffic statistics and usage of various applications and services. This group includes the following dashboards:
Traffic by Protocol and Port
Service Response Time
Palo Alto Networks Top Applications
Palo Alto Networks Top Applications and Users
Cisco AVC Top Applications
Cisco AVC Top Applications and Users
Cloud group has dashboards to view traffic reported by your public cloud such as Amazon AWS, Microsoft Azure, and Google GPC. This group includes the following dashboards:
AWS Traffic Overview
AWS Traffic Overview Accepts-Rejects
AWS Traffic by Source EC2 Instance
AWS Traffic by Destination EC2 Instance
AWS Traffic by Protocol and Port
AWS Traffic by Protocol
AWS Traffic by VPC
AWS Traffic by Region
AWS Traffic by Service
AWS Visitors by Country
AWS ENI Utilization
Azure Traffic Overview
Azure Traffic Overview Accepts-Rejects
Azure Inbound Traffic
Azure Outbound Traffic
Azure Traffic by Protocol and Port
Azure Traffic by Protocol
Azure Traffic by Virtual Network
Azure Traffic by Region
Azure Visitors by Country
GCP Traffic Overview
GCP Traffic by Source VM
GCP Traffic by Destination VM
GCP Traffic by Protocol and Port
GCP Traffic by Protocol
GCP Traffic by VPC
GCP Traffic by Zone
GCP Visitors by Country
Security group has dashboards to view malicious and unexpected traffic, as well as denied traffic reported by firewalls. This group includes the following dashboards:
Cyber Threat Statistics
Cisco ASA Top Violators
Palo Alto Networks Top Violators
NSX Distributed Firewall Top Violators
Protected Assets Access Monitor
Firewalls group has dashboards to view traffic reported by your firewalls:
Palo Alto Networks
VMware NSX Distributed Firewall
This group has various dashboards that don't belong to any groups mentioned above. They are:
Top Talkers and Destinations with City Geolocations
Visitors by Country
Traffic by Autonomous Systems
Network Traffic by CBQoS
Microsegmentation Analyzer and Planning
Traffic Analyzer and Planning (based on my-subnets.csv lookup)
Traffic by Subnet Groups
Traffic by Subnet Groups SI
These dashboards visualize SNMP polling feature of NetFlow Optimizer. They include:
Interface Errors and Discards (exporters-devices.csv lookup)
These dashboards enable you to look back in time: search through network traffic captured in NFO and sent to Splunk when NFO "Replay" is pressed.
This group contains dashboards to search through raw events during investigations, run online and scheduled reports, and configure alerts.
This group contains dashboards based on summary indexes. For more information, visit Summary Index for Large Volumes of Data.
This group contains dashboards based on Splunk
This group contains configuration dashboards and Splunk index usage statistics by NFO instances, by network devices, by NFO Modules.
Every dashboard has different filters at the top of the screen to enable further narrowing of the report. For example, the Traffic by Protocol and Port dashboard can be filtered by the NFO hostname, device group, device, source IP/mask, source port, destination IP/mask, destination port, protocol Advanced Filter and time range.
Please note that source and destination IP/mask filters could be specified as subnets (IP/mask), as full IP addresses (188.8.131.52), or as a partial IP address (199.45.1.*).
In Advanced Filter you can specify any SPL to be appended to your search criteria, for example
src_ip!=10.* and dest_ip=192.*
Starting with release 3.7.81 the timeline panel enables you to “pan and zoom” into specific time period. The selected time interval is propagated into all drilldown panels as shown below.