Top Endpoints
Top Endpoints reveals top endpoint devices with the greatest traffic volumes for the selected interval.
: The same bytes can be counted twice where a byte total is noted arriving from a sender and the same bytes are counted when relayed to the receiver.
- . Name of the source or destination endpoint device.
- . Field composed of top combined with and identifiers included.
- . Traffic volume received from the endpoint.
- . Total bytes transmitted to the endpoint.
- . Combined (incoming/outgoing) number of bytes transferred. (Use Report Settings option to rank the list by packet or flow count, not bytes.) Red () indicates fraction received. Blue () indicates fraction sent. (Mouse hover to display in/out summary.)
- . Average bit rate, in total bits per second (bps).
- . Percentage of the total traffic.
To display Flow and Packet measurements, click a column heading () for column selection list (). You can also include:
- . Endpoint's IP address.
- . Endpoint's hostname.
- . Top endpoint's previous hostnames.
- . Endpoint's domain.
- . Top endpoint city.
- . Subdivision for the endpoint's city.
- . Country for the endpoint's city.
- . Degrees latitude associated with the endpoint's city.
- . Degrees longitude associated with the endpoint's city.
- . Flows received from the Flow Sources (switch or router NetFlow observation points).
More...
- . The total number of packets sent/received for the current city and the selected date range.
- . The average packet rate for the current city, in packets per second (pps), for the selected date range.
- . Percentage of sent/received packets for the current city.
- . The average flow rate generated for the current city, in multiples of flows per second (fps) for the selected date range.
- . Percentage of received flows for the current city.
- . Fraction of total bandwidth capacity used. "N/A" denotes the measurement cannot be calculated because the bandwidth capability is unknown for the current interface.
: To show reports in full screen with most if not all possible columns, click on report options ( ) menu and choose ().
Generate a report
. , Choose a networking device or single physical or virtual interface you want to see Top Endpoints measurements for. Choose traffic direction across an interface.
Use the Select Device dialog for one of the following:
Control
|
Description
|
Device.
|
Browse and choose a networking device that is a Network Traffic Analyzer monitoring source. (For example, wireless router, router, and more)
|
Network Interface.
|
- Choose a single physical or virtual interface Network Traffic Analyzer you want traffic statistics for.
- Choose direction of traffic over the network interface (, , , or for invalid traffic.).
|
Network.
|
Network devices known to NTA.
|
. Choose times for the Top Endpoints. (Subject to NTA collection interval and retention policies.)
Choose time constraints for your NTA data view
Date Range . Choose or define an overall window of time network activity data.
: Detail rendered in graphs depends on the time window you choose (Date Range) along with how long your system retains raw, hourly, and daily time-series data (NTA data collection and Data Retention settings). NTA graphs network activity as time-series averaged over daily intervals, hourly intervals, or over shorter periods (raw). Raw data interval is defined by the data collection interval in NTA settings.
: If you choose a time window outside of your NTA default data retention limits (8 hours for Raw and 10 days for Hourly, for example) your graph will default to an interval detail of Daily.
Detail Revealed with Default Retention Settings
Over time, the NTA collector cleans up older data. Eventually, collected data is combined into daily totals at the rates shown in the following table. If your site's mission and database capacity allow for more detailed data be retained for longer periods, increase the default retention settings in the NTA Settings dialog ( menu ).
Report Time Window Selection
|
Data Interval Shown in Graph (default retention settings)
|
Example
|
0 – 7 hours
|
Raw
- Data interval = every two minutes.
- Default data retention = 7 hours plus the current fraction of an hour (unless extended in NTA Settings).
|
Top Applications observed over the last 30 minutes (raw)
|
more than 8 hours within the past 9 days
|
Hourly
- Data interval = every hour.
- Default data retention = 9 days plus the current fraction of a day (unless extended in NTA Settings).
|
Top Senders over the last day (hourly)
|
10 days or more
|
Daily
Data interval = every 24 hours.
Daily is also the Archive data interval.
|
Top Protocols over the last 10 days (daily)
|
. Choose and hide columns, reorder columns, and apply advanced filters to customize your data view.
Filter and pick by column
Click a report heading () and use the "column picker" () from the drop down list.
Control
|
Purpose
|
Columns.
|
Click a check box to display the column. Clear the check box to hide it.
|
Move Column.
|
Click on a column heading and drag it to reorder your table's columns.
|
Advanced Filtering.
|
Apply category, pattern, and keyword filtering to column data.
|
. Fine tune report presentation and range of values displayed using the Report Settings dialog (optional).
Specify threshold and top n:
Control
|
Purpose
|
Show Top n Items
|
Limit items to the samples with the highest values.
|
Sort by Field
|
Select a column to sort by (if applicable).
|
Chart and view options
Control
|
Purpose
|
View Options
|
Select/clear the checkboxes to display/hide
- Totals. Display totals for each column.
- Others. Remainder values that do not make the top n.
- Chart. Display the selected Chart Type
- Legend. Include legend and grid lines for readability.
- Trend Lines. Present data a smoothed average to show trend.
|
Chart Type
|
Select a chart type and associated options:
- Pie. Pie distribution chart.
- Line/Area. Scatter graph that connects adjacent measurements with straight lines.
- Spline/Area Spline. Choose a graph with a smoothed appearance where adjacent samples exhibit a gradual slope.
- Vertical Bar/Horizontal Bar. Vertical or horizontal bar chart/histogram.
: The magnitudes of incoming and outgoing bandwidth utilization per interface are summed when presented in plotted graphs and charted distributions .
|
Y-Axis Scale
|
Scale Y-axis (chart and graph height) automatically or choose a fixed size.
|
Share, export, and save as PDF
Most generated Top Endpoints report data can be printed, shared, and exported when selecting () from the Dashboard Options () menu. After the report has been expanded, select export () to access the following options: