Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Network Activity Monitoring

 

Using the Network Activity tab, you can monitor and investigate network activity (flows) in real time or conduct advanced searches.

You must have permission to view the Network Activity tab. For more information about permissions and assigning roles, see the Juniper Secure Analytics Administration Guide.

Select the Network Activity tab to visually monitor and investigate flow data in real time, or conduct advanced searches to filter the displayed flows. A flow is a communication session between two hosts. You can view flow information to determine how the traffic is communicated, and what was communicated (if the content capture option is enabled). Flow information can also include details such as protocols, autonomous system number (ASN) values, or Interface Index (IFIndex) values. By default, the Network Activity tab displays flows in streaming mode.

If you previously configured a saved search as the default, the results of that search are automatically displayed when you access the Network Activity tab. For more information about saving search criteria, see Event and Flow Searches.

Viewing Streaming Flows

Streaming mode enables you to view flow data entering your system in real time. This mode provides you with a real-time view of your current flow activity by displaying the last 50 flows.

If you apply any filters on the Network Activity tab or in your search criteria before you enable streaming mode, the filters are maintained in streaming mode. However, streaming mode does not support searches that include grouped flows. If you enable streaming mode on grouped flows or grouped search criteria, the Network Activity tab displays the normalized flows.

  1. Click the Network Activity tab.
  2. From the View list box, select Real Time (streaming).
  3. Optional. Pause or play the streaming flows. When streaming is paused, the last 1,000 flows are displayed.Note

    When you are streaming flows, the status bar displays the average number of results that are received per second. This display is the number of results that the Console successfully received from the Flow processors. If this number is greater than 40 results per second, only 40 results are displayed. The remainder is accumulated in the result buffer. To view more status information, hover over the status bar.

    Note

    When flows are not streaming, the status bar displays the number of search results that are currently displayed and the amount of time that is required to process the search results.

Viewing Normalized Flows

Data flow is collected, normalized and then displayed on the Network Activity tab.

Normalization involves preparing flow data to display readable information about the tab.

Note

If you select a time frame to display, a time series chart is displayed. For more information about using the time series charts, see Time Series Chart Overview.

The Network Activity tab displays the following parameters when you view normalized flows:

  1. Click the Network Activity tab.
  2. From the Display list box, select Normalized (With IPv6 Columns) or Default (Normalized). The Normalized (With IPv6 Columns) display shows source and destination IPv6 addresses for IPv6 flows.
  3. From the View list box, select the time frame that you want to display.
  4. Click the Pause icon to pause streaming.
  5. Optional: Click Hide Charts to remove the charts from your display.

    The Charts parameter in the Network Activity tab displays configurable charts that represent the records that are matched by the time interval and grouping option. The charts are only displayed after you select a time frame of Last Interval (auto refresh) or above, and a grouping option to display. For more information about Configuring Charts.

    If you use Mozilla Firefox as your browser and an ad blocker browser extension is installed, charts do not display. To display charts, you must remove the ad blocker browser extension. For more information, see your browser documentation.

  6. Double-click the flow that you want to view in greater detail.

Viewing Grouped Flows

View flows that are grouped by various options.

The Display list box is not displayed in streaming mode because streaming mode does not support grouped flows. If you entered streaming mode by using non-grouped search criteria, this option is displayed.

After you select an option from the Display list box, the column layout of the data depends on the chosen group option. Each row in the flows table represents a flow group.

  1. Click the Network Activity tab.
  2. From the View list box, select the time frame that you want to display.
  3. From the Display list box, choose which parameter you want to group flows on.
  4. To view the List of Flows page for a group, double-click the flow group that you want to investigate.

    The List of Flows page does not retain chart configurations that you might define on the Network Activity tab.

  5. To view the details of a flow, double-click the flow that you want to investigate.