How reports work

Plixer Scrutinizer Reports automatically aggregate network metadata from any number of observation points based on a specified report type/template.

Reports in Plixer Scrutinizer are network metadata aggregations based on user-configured parameters and options. This allows reports to be tailored to support any network or security use case and refined to meet more precise visibility requirements.

Report settings

The output of a report in Plixer Scrutinizer is controlled by the following settings:

Network devices

When a report is run, Plixer Scrutinizer aggregates data collected from one or more user-specified network devices or interfaces. These function as the user’s “observation points” and determine the scope of the data to be included in the report.

Report types

The base type of a report determines how network metadata from the selected observation points is aggregated (i.e., by X).

When creating a new report configuration or refining report results, report types can be displayed by category for ease of navigation. These categories include:

Core

Client Server
Counts
Destination
FQDN
Firewall Events
Source
Top
Vitals
Volume
Summary

Integration-/vendor-specific

AWS
Azure
FlowPro Defender
FlowPro APM
Palo Alto Networks

To further simplify report type selection, types are also classified under the supplementary categories Recommended, Favorites, and Designed Reports.

Hint

Available report types vary based on the devices included in the Plixer Scrutinizer environment and those that have been selected as observation points for a report. Additional report types may also become available when certain integrations are configured/enabled for the Plixer Scrutinizer environment.

Time range/window

By default, reports are configured to aggregate data from the past 24 hours. However, this can be changed to a different last X window (e.g., last 5 minutes, last week, etc.) or a custom date and time range.

Hint

When a Last X time window is selected, clicking the up or down arrow will automatically shift the date/time period covered backward or forward.

Additional filters

The scope of the flow data aggregated by a report can be further limited or expanded through the use of additional filters, which can be defined both during the configuration of a new report and after any report has been run.

Graph type

The output of a report includes a graph or chart plotting the top ten aggregations. The user is able to switch between the available graphs or diagrams (based on the report type) to display a visualization that best suits their current objective.

Plixer Scrutinizer Reports can be set to use any of the following graph/chart types for visualization:

  • Line

  • Stacked line

  • Stacked bar

  • Step

  • Stacked step

  • Pie

  • Matrix

  • Connection

  • Sankey

  • Donut

Note

Graph options vary based on the report type.

Custom Reports

To learn more about creating custom Reports, see this subsection on the Report Designer.

Report results/output

The results/output view of a report is divided into two main sections: the graph and a paginated table where the complete data set can be reviewed.

Hint

The graph can be hidden by selecting Hidden when creating a new report configuration or using the Hide setting under Graphs in the Options tray.

After a report is run, the results can be continuously refined by modifying its settings from the output view. Report management tools and other auxiliary report functions can also be accessed from this page.

Additional options

The Options tray (gear button) can be used to access the following submenus related to the report:

Global

General display settings for the current report; can also be used to manually select the summary table/bucket to pull data from for the report

Graph

Show or hide the graph in the main output view (Hidden can also be selected from the main view dropdown to hide the graph)

Table

Show or hide the peak and/or 95th percentile columns in the results table

Threshold

Configure an alarm-generating threshold based on the column the report is currently sorted by

Details

View the report’s JSON output or additional details about the Exporters or Collectors used

Hint

Use the Copy to clipboard button to copy a report’s JSON output for reporting APIs.

Note

When the global Data Source setting is set to auto, Plixer Scrutinizer will automatically use the most suitable summary table to pull data from based on the time window of the current report.