Report output

The output of a report will mainly consist of two classes of data: the grouping criteria/entities(sources/destinations, IP groups, users, etc.) and their aggregated activity data.

After a report completes running, the results are displayed in both graph and table formats in the output view, where the reports original settings can continuously be refined to create the visibility required for the current task.

Graph details and functions

Each report type supports multiple interactive graph options to visualize the data for the top ten grouping entities based on their activity. An Others entity, which combines the aggregated activity data for all entities outside the top ten, is also included.

The Graph dropdown allows the user to quickly switch between the available visualizations directly from the output view. Additional details for any entity or activity can be viewed by hovering over the corresponding graph element.

Table/list details

The output view table functions as both a summary of the report results and a legend for the graph. The columns to the left (without the sorting arrows) list report type’s grouping entities, while the right-hand columns are used for the aggregated activity details. Traffic values can be displayed as average rates or totals (for the entire time range) by selecting the corresponding global setting in the Options tray.

Clicking on an entity in any grouping criteria column (e.g., source, application, or destination in a Conversations App report) opens a tray from where any supported report type can be run.

Hint

  • Timeline graphs (line, step, stacked bar, etc.) can be used to apply a new time range to the current report. To do this, click on the graph once, and then click and drag to highlight the new range to use.

  • To hide the graph for the current report, click the Hide button in the header.

  • Individual cells in the grouping criteria columns of the table can be dragged to the left into inclusion and exclusion dropzones to configure additional filters for the current report (click the Apply button in the tray when done).

Filters tray

Clicking the Report Filters button in the output view opens a tray where the filters for the current report can be redefined.

To add a new filter, do the following:

  1. Click the Filters button to open the tray.

  2. In the tray, click the + button.

  3. Select a filter type for the new filter.

  4. Configure the required details for the filter (varies by filter type).

  5. Click the Add button.

  6. In the primary tray, click the Apply button to re-run the report with the new filter(s) applied.

Existing filters can be modified by clicking the edit (pencil) button or removed by clicking the delete (trash bin) button.

Note

The data sources/devices that were initially selected for the report can also be modified via the filters tray.

Additional options

Clicking the Options button in the header opens a tray containing the following option submenus:

Global
Data: Toggle between rates or totals in report results.
Data Source: Specify an aggregation/roll-up table to use for reports.
Data Units: Toggle between bits or bytes in report results.
Interfaces: Enable/disable grouping report results by interface.
Data Mode: Toggle between summary and forensic flow data to run reports.
Show Others: Enable/disable including the Others grouping entity in report results.
Show Host Names: Toggle between host IP addresses and hostnames in report results.
Rows: Select the number of grouping categories to include in report results.

Table
Peak: Show/hide additional column for peak activity details.
95th: Show/hide additional column for 95th percentile activity details.
Values: Toggle between formatted/rounded and raw calculated activity data in the report table.

Threshold

Configure a custom threshold for the current report.

Details
Collectors: View expanded details for the collectors associated with the data sources of the current report.
Exporters: View expanded details for the exporters/data sources used for the current report.
Report JSON: View the report JSON (for reporting API calls)

Note

  • Toggle on Display Advanced Options in the tray to access the Data Mode and Values settings.

  • If the Rows setting is increased beyond 10, additional grouping criteria/entities will be displayed in gray in the graph.

  • Use the Copy to clipboard button to quickly copy the report JSON to your clipboard.