Tags Reference

Overview

Cloud Network Monitoring provides a comprehensive set of default tags for querying and analyzing network traffic. These tags are available out-of-the-box and can be used in search queries, filters, and groupings across the Network Analytics page, Network Map, and other CNM views.

Default tags

The following is a list of default server and client tags available for querying and analyzing network traffic:

serverclient
server_teamclient_team
server_roleclient_role
server_envclient_env
server_environmentclient_environment
server_appclient_app
server_domainclient_datacenter
server_dns_serverclient_instance-id
server_datacenterclient_instance-type
server_instance-idclient_security-group-name
server_instance-typeclient_security-group
server_security-group-nameclient_name
server_security-groupclient_image
server_nameclient_account
server_imageclient_kernel_version
server_accountclient_autoscaling_group
server_kernel_versionclient_region
server_autoscaling_groupclient_terraform.module
server_regionclient_site
server_terraform.moduleclient_image_name
server_siteclient_pod_name
server_image_nameclient_kube_deployment
server_pod_nameclient_kube_replica_set
server_kube_deploymentclient_kube_job
server_kube_replica_setclient_kube_cronjob
server_kube_jobclient_kube_daemon_set
server_kube_cronjobclient_kube_stateful_set
server_kube_daemon_setclient_kube_cluster_name
server_kube_stateful_setclient_kube_service
server_kube_cluster_nameclient_kube_namespace
server_kube_serviceclient_kubernetes_cluster
server_kube_namespaceclient_cluster-name
server_kubernetes_clusterclient_kube_container_name
server_cluster-nameclient_kube-labels
server_kube_container_nameclient_task_name
server_kube-labelsclient_task_version
server_task_nameclient_task_family
server_task_versionclient_ecs_cluster
server_task_familyclient_loadbalancer
server_ecs_clusterclient_mesos_task
server_loadbalancerclient_marathon_app
server_cacheclusteridclient_chronos_job
server_mesos_taskclient_chronos_job_owner
server_marathon_appclient_nomad_task
server_chronos_jobclient_nomad_group
server_chronos_job_ownerclient_nomad_job
server_nomad_taskclient_rancher_container
server_nomad_groupclient_rancher_service
server_nomad_jobclient_rancher_stack
server_rancher_containerclient_swarm_service
server_rancher_serviceclient_swarm_namespace
server_rancher_stackclient_container_id
server_swarm_serviceclient_container_name
server_swarm_namespaceclient_image_tag
server_container_idclient_short_image
server_container_nameclient_docker_image
server_image_tagclient_kubernetescluster
server_short_imageclient_kube_cluster
server_clusterclient_protocol
server_docker_image
server_kubernetescluster
server_kube_cluster
server_s3_bucket
server_rds_instance_id
server_cloud_endpoint_detection
server_gateway_id
server_protocol

Neutral tags

Neutral tags are tags that are not specific to a client or server, and instead apply to an entire flow. You can search for and filter on traffic with these neutral tags. For example, you can use these tags to filter for traffic that is TLS encrypted.

Screenshot showing how to search for neutral tags, with an example on searching for 'tls_encrypted' traffic

The following is the list of neutral tags available for use:

TagDescription
gateway_availability-zoneAvailability zone hosting the gateway (for example, us-east-1a).
gateway_idUnique identifier for the AWS gateway resource.
gateway_public_ipPublic IP address assigned to the NAT gateway.
gateway_regionAWS region of the gateway (for example, us-east-1).
gateway_typeType of AWS gateway (internet, NAT, or Transit).
intra_availability_zoneIndicates whether network flows are within an availability zone (true), cross-availability zone (false), or undetermined (unknown). Note: Not applicable for Azure.
intra_regionIndicates whether network flows are within a region (true), cross-region (false), or undetermined (unknown).
is_agent_trafficIndicates if the traffic was generated by the Datadog Agent.
tgw_attachment_idUnique identifier for the AWS Transit Gateway attachment.
tgw_attachment_typeType of Transit Gateway attachment (for example, VPC, VPN, Direct Connect).
tls_cipher_insecureIndicates if the cipher used is considered secure.
tls_cipher_suiteIdentifies the TLS cipher suite used (for example, tls_ecdhe_rsa_with_aes_128_gcm_sha256).
tls_client_versionThe TLS version supported by the client (tls_1.2 or tls_1.3).
tls_encryptedSpecifies if the connection is encrypted using TLS.
tls_versionThe TLS version used (tls_1.2 or tls_1.3).
vpc_endpoint_idUnique identifier for the VPC endpoint.
security_group_evaluationIndicates whether the connection was evaluated by security group rules. Values: unknown (unable to evaluate), allowed (connection was allowed), denied (connection was denied).
security_group_denial_reasonSpecifies the reason for connection denial. Only present when security_group_evaluation: denied. Current values include client_egress.

Tag categories

Infrastructure tags

Tags related to infrastructure components such as hosts, instances, and availability zones:

  • server_instance-id / client_instance-id
  • server_instance-type / client_instance-type
  • server_datacenter / client_datacenter
  • server_region / client_region

Kubernetes tags

Tags for Kubernetes resources and orchestration:

  • server_pod_name / client_pod_name
  • server_kube_deployment / client_kube_deployment
  • server_kube_namespace / client_kube_namespace
  • server_kube_cluster_name / client_kube_cluster_name
  • server_kube_service / client_kube_service

Container tags

Tags for containerized workloads:

  • server_container_id / client_container_id
  • server_container_name / client_container_name
  • server_docker_image / client_docker_image
  • server_short_image / client_short_image
  • server_image_tag / client_image_tag

Cloud provider tags

Tags specific to cloud resources:

  • server_s3_bucket
  • server_rds_instance_id
  • server_loadbalancer / client_loadbalancer
  • server_autoscaling_group / client_autoscaling_group
  • server_security-group / client_security-group

Application tags

Tags for application-level grouping:

  • server_app / client_app
  • server_env / client_env
  • server_environment / client_environment
  • server_team / client_team
  • server_role / client_role

Orchestration platform tags

Tags for various orchestration platforms:

  • ECS: server_ecs_cluster / client_ecs_cluster, server_task_name / client_task_name
  • Mesos: server_mesos_task / client_mesos_task, server_marathon_app / client_marathon_app
  • Nomad: server_nomad_task / client_nomad_task, server_nomad_job / client_nomad_job
  • Rancher: server_rancher_service / client_rancher_service, server_rancher_stack / client_rancher_stack

Using tags

In search queries

Use tags in the search bar to filter traffic:

client_service:web-store server_region:us-east-1

In groupings

Use tags in the Group By dropdown to aggregate traffic:

  • Group by client_kube_namespace and server_availability-zone to see cross-AZ traffic by namespace
  • Group by client_env and server_env to identify cross-environment dependencies

In facet panels

Browse available tag values in the facet panels on the left side of the Network Analytics page. Switch between Client and Server tabs to see respective tags.

Custom tags

In addition to these default tags, you can use any custom tags applied to your infrastructure through integrations or the Datadog Agent. To add custom tags to the facet panels for filtering, see Custom facets in the Network Analytics documentation.

Further Reading

Additional helpful documentation, links, and articles:

Network AnalyticsDOCUMENTATION more more Getting Started with TagsDOCUMENTATION more more Unified Service TaggingDOCUMENTATION more more