Analytics

The Analytics page of allows you to analyze the data throughput of your pipeline using Sankey and Sunburst diagrams. You can analyze the throughput of a single host on the Hosts > <host-to-analyze> > Analytics page.

Host analytics Sankey diagram

The analytics charts

You can select what is displayed and how using the top bar and the Filter labels bar.

Diagram settings

  • Time period: Select the calendar_month icon to change the time period that’s displayed on the charts. You can use absolute (calendar) time, or relative time (for example, the last 2 days).
  • Select insights to switch between Sankey and Sunburst diagrams.
  • You can display the data throughput based on:
    • Output bytes
    • Output events
    • Input bytes
    • Input events
  • Add and clear filters (filter_alt / filter_alt_off ).

In the Filter labels bar, you can:

  • Reorder the labels to adjust the diagram. On Sunburst diagrams, the left-most label is on the inside of the diagram.

  • Add new labels to get more details about the data flow.

    • Labels added to AxoRouter hosts get the axo_host_ prefix.
    • Labels added to data sources get the host_ prefix. For example, if you add a rack label to an edge host, it’ll be added to the data received from the host as host_rack.

    On other pages, like the Host Overview page, the labels are displayed without the prefixes.

  • Remove unneeded labels from the diagram.

Click a segment of the diagram to drill-down into the data. That’s equivalent with selecting filter_alt and adding the label to the Analytics filters. To clear the filters, select filter_alt_off .

Hover over a segment displays more details about it.

Sunburst diagrams

Sunburst diagrams (also known as ring charts or radial treemaps) visualize your data pipeline as a hierarchical dataset. It organizes the data according to the labels displayed in the Filter labels field into concentric rings, where each ring corresponds to a level in the hierarchy. The left-most label is on the inside of the diagram.

Host analytics Sunburst diagram

For example, sunburst diagrams are great for visualizing:

  • top talkers (the data sources that are sending the most data), or
  • if you’ve added custom labels that show the owner to your data sources, you can see which team is sending the most data to the destination.

The following example groups the data sources that sned data into a Splunk destination based on their custom host_label_team labels.

Top talking teams

Sankey diagrams

The Sankey diagram of your data pipeline shows the flow of data between the elements of the pipeline, for example, from the source (host) to the destination. Sankey diagrams are especially suited to visualize the flow of data, and show how that flow is subdivided at each stage. That way, they help highlight bottlenecks, and show where and how much data is flowing.

Host analytics Sankey diagram

The diagram consists of nodes (also called segments) that represent the different attributes or labels of the data flowing through the host. Nodes are shown as labeled columns, for example, the sender application (app), or a host. The thickness of the links between the nodes of the diagram shows the amount of data.

  • Hover over a link to show the data throughput of this link between the edges of the diagram.
  • Click on a link to show the details of the link: the labels that the link connects, and their data throughput. You can also tap into the log flow.
  • Click on a node to drill-down into the diagram. (To undo, use the Back button of your browser, or the clear filters icon filter_alt_off .)

The following example shows a custom label that shows the owner of the source host, thereby visualizing which team is sending the most data to the destination.

Host analytics Sankey diagram example

Sankey diagrams are a great way to:

  • Visualize flows: add the flow label to the Filter labels field.
  • Find unclassified messages that weren’t recognized by the Axoflow database: add the app label to the Filter labels field, and look for the axo_fallback link. You can tap into the log flow to check these messages. Feel free to send us sample so we can add them to the classification database.
  • Visualize custom labels and their relation to data flows.

Tapping into the log flow

  1. On the Sankey diagram, click on a link to show the details of the link.

    Tapping into the log flow

  2. Tap into the data traffic:

    • Select Tap with this label to tap into the log flow at either end of the link.
    • Select Tap both to tap into the data flowing through the link.
  3. Select the host where you want to tap into the logs.

  4. Select Start.

  5. When the logs you’re interested in show up, click Stop Log Tap, then click a log message to see its details.

    Details of the log message

  6. If you don’t know what the message means, select AI Analytics to ask our AI to interpret it.

    AI interpretation of the log message