--- title: Tags Reference description: Reference guide for default tags available in Cloud Network Monitoring. breadcrumbs: Docs > Network Monitoring > Cloud Network Monitoring > Tags Reference --- # Tags Reference ## Overview{% #overview %} Cloud Network Monitoring provides a comprehensive set of default tags for querying and analyzing network traffic. These tags are available out-of-the-box and can be used in search queries, filters, and groupings across the [Network Analytics](https://docs.datadoghq.com/network_monitoring/cloud_network_monitoring/network_analytics.md) page, [Network Map](https://docs.datadoghq.com/network_monitoring/cloud_network_monitoring/network_map.md), and other CNM views. ## Default tags{% #default-tags %} The following is a list of default `server` and `client` tags available for querying and analyzing network traffic: | server | client | | ------------------------------- | -------------------------- | | server_team | client_team | | server_role | client_role | | server_env | client_env | | server_environment | client_environment | | server_app | client_app | | server_domain | client_datacenter | | server_dns_server | client_instance-id | | server_datacenter | client_instance-type | | server_instance-id | client_security-group-name | | server_instance-type | client_security-group | | server_security-group-name | client_name | | server_security-group | client_image | | server_name | client_account | | server_image | client_kernel_version | | server_account | client_autoscaling_group | | server_kernel_version | client_region | | server_autoscaling_group | client_terraform.module | | server_region | client_site | | server_terraform.module | client_image_name | | server_site | client_pod_name | | server_image_name | client_kube_deployment | | server_pod_name | client_kube_replica_set | | server_kube_deployment | client_kube_job | | server_kube_replica_set | client_kube_cronjob | | server_kube_job | client_kube_daemon_set | | server_kube_cronjob | client_kube_stateful_set | | server_kube_daemon_set | client_kube_cluster_name | | server_kube_stateful_set | client_kube_service | | server_kube_cluster_name | client_kube_namespace | | server_kube_service | client_kubernetes_cluster | | server_kube_namespace | client_cluster-name | | server_kubernetes_cluster | client_kube_container_name | | server_cluster-name | client_kube-labels | | server_kube_container_name | client_task_name | | server_kube-labels | client_task_version | | server_task_name | client_task_family | | server_task_version | client_ecs_cluster | | server_task_family | client_loadbalancer | | server_ecs_cluster | client_mesos_task | | server_loadbalancer | client_marathon_app | | server_cacheclusterid | client_chronos_job | | server_mesos_task | client_chronos_job_owner | | server_marathon_app | client_nomad_task | | server_chronos_job | client_nomad_group | | server_chronos_job_owner | client_nomad_job | | server_nomad_task | client_rancher_container | | server_nomad_group | client_rancher_service | | server_nomad_job | client_rancher_stack | | server_rancher_container | client_swarm_service | | server_rancher_service | client_swarm_namespace | | server_rancher_stack | client_container_id | | server_swarm_service | client_container_name | | server_swarm_namespace | client_image_tag | | server_container_id | client_short_image | | server_container_name | client_docker_image | | server_image_tag | client_kubernetescluster | | server_short_image | client_kube_cluster | | server_cluster | client_protocol | | server_docker_image | | server_kubernetescluster | | server_kube_cluster | | server_s3_bucket | | server_rds_instance_id | | server_cloud_endpoint_detection | | server_gateway_id | | server_protocol | ## Neutral tags{% #neutral-tags %} Neutral tags are tags that are not specific to a client or server, and instead apply to an entire flow. You can search for and filter on traffic with these neutral tags. For example, you can use these tags to filter for traffic that is TLS encrypted. {% image source="https://docs.dd-static.net/images/network_performance_monitoring/network_analytics/cnm_using_neutral_tags_2.242c454bfbc39754548a2ad28e41ada4.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/network_performance_monitoring/network_analytics/cnm_using_neutral_tags_2.242c454bfbc39754548a2ad28e41ada4.png?auto=format&fit=max&w=850&dpr=2 2x" alt="Screenshot showing how to search for neutral tags, with an example on searching for 'tls_encrypted' traffic" /%} The following is the list of neutral tags available for use: | Tag | Description | | ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `gateway_availability-zone` | Availability zone hosting the gateway (for example, `us-east-1a`). | | `gateway_id` | Unique identifier for the AWS gateway resource. | | `gateway_public_ip` | Public IP address assigned to the NAT gateway. | | `gateway_region` | AWS region of the gateway (for example, `us-east-1`). | | `gateway_type` | Type of AWS gateway (internet, NAT, or Transit). | | `intra_availability_zone` | Indicates whether network flows are within an availability zone (`true`), cross-availability zone (`false`), or undetermined (`unknown`). **Note**: Not applicable for Azure. | | `intra_region` | Indicates whether network flows are within a region (`true`), cross-region (`false`), or undetermined (`unknown`). | | `is_agent_traffic` | Indicates if the traffic was generated by the Datadog Agent. | | `tgw_attachment_id` | Unique identifier for the AWS Transit Gateway attachment. | | `tgw_attachment_type` | Type of Transit Gateway attachment (for example, VPC, VPN, Direct Connect). | | `tls_cipher_insecure` | Indicates if the cipher used is considered secure. | | `tls_cipher_suite` | Identifies the TLS cipher suite used (for example, `tls_ecdhe_rsa_with_aes_128_gcm_sha256`). | | `tls_client_version` | The TLS version supported by the client (`tls_1.2` or `tls_1.3`). | | `tls_encrypted` | Specifies if the connection is encrypted using TLS. | | `tls_version` | The TLS version used (`tls_1.2` or `tls_1.3`). | | `vpc_endpoint_id` | Unique identifier for the VPC endpoint. | | `security_group_evaluation` | Indicates whether the connection was evaluated by security group rules. Values: `unknown` (unable to evaluate), `allowed` (connection was allowed), `denied` (connection was denied). | | `security_group_denial_reason` | Specifies the reason for connection denial. Only present when `security_group_evaluation: denied`. Current values include `client_egress`. | ## Tag categories{% #tag-categories %} ### Infrastructure tags{% #infrastructure-tags %} Tags related to infrastructure components such as hosts, instances, and availability zones: - `server_instance-id` / `client_instance-id` - `server_instance-type` / `client_instance-type` - `server_datacenter` / `client_datacenter` - `server_region` / `client_region` ### Kubernetes tags{% #kubernetes-tags %} Tags for Kubernetes resources and orchestration: - `server_pod_name` / `client_pod_name` - `server_kube_deployment` / `client_kube_deployment` - `server_kube_namespace` / `client_kube_namespace` - `server_kube_cluster_name` / `client_kube_cluster_name` - `server_kube_service` / `client_kube_service` ### Container tags{% #container-tags %} Tags for containerized workloads: - `server_container_id` / `client_container_id` - `server_container_name` / `client_container_name` - `server_docker_image` / `client_docker_image` - `server_short_image` / `client_short_image` - `server_image_tag` / `client_image_tag` ### Cloud provider tags{% #cloud-provider-tags %} Tags specific to cloud resources: - `server_s3_bucket` - `server_rds_instance_id` - `server_loadbalancer` / `client_loadbalancer` - `server_autoscaling_group` / `client_autoscaling_group` - `server_security-group` / `client_security-group` ### Application tags{% #application-tags %} Tags for application-level grouping: - `server_app` / `client_app` - `server_env` / `client_env` - `server_environment` / `client_environment` - `server_team` / `client_team` - `server_role` / `client_role` ### Orchestration platform tags{% #orchestration-platform-tags %} Tags for various orchestration platforms: - **ECS**: `server_ecs_cluster` / `client_ecs_cluster`, `server_task_name` / `client_task_name` - **Mesos**: `server_mesos_task` / `client_mesos_task`, `server_marathon_app` / `client_marathon_app` - **Nomad**: `server_nomad_task` / `client_nomad_task`, `server_nomad_job` / `client_nomad_job` - **Rancher**: `server_rancher_service` / `client_rancher_service`, `server_rancher_stack` / `client_rancher_stack` ## Using tags{% #using-tags %} ### In search queries{% #in-search-queries %} Use tags in the search bar to filter traffic: ``` client_service:web-store server_region:us-east-1 ``` ### In groupings{% #in-groupings %} Use tags in the **Group By** dropdown to aggregate traffic: - Group by `client_kube_namespace` and `server_availability-zone` to see cross-AZ traffic by namespace - Group by `client_env` and `server_env` to identify cross-environment dependencies ### In facet panels{% #in-facet-panels %} Browse available tag values in the facet panels on the left side of the Network Analytics page. Switch between **Client** and **Server** tabs to see respective tags. ## Custom tags{% #custom-tags %} In addition to these default tags, you can use any custom tags applied to your infrastructure through integrations or the Datadog Agent. To add custom tags to the facet panels for filtering, see [Custom facets](https://docs.datadoghq.com/network_monitoring/cloud_network_monitoring/network_analytics.md#custom-facets) in the Network Analytics documentation. ## Further Reading{% #further-reading %} - [Network Analytics](https://docs.datadoghq.com/network_monitoring/cloud_network_monitoring/network_analytics.md) - [Getting Started with Tags](https://docs.datadoghq.com/getting_started/tagging.md) - [Unified Service Tagging](https://docs.datadoghq.com/getting_started/tagging/unified_service_tagging.md)