To refine your search to traffic between particular endpoints, aggregate and filter your network flows with tags. You can select tags for the source and destination by using the search bar at the top of the page.
The following screenshot shows the default view, which aggregates the source and destination by the
service tag. Accordingly, each row in the table represents service-to-service flows when aggregated over a one hour time period.
The next example shows all flows from IP addresses representing services in region
us-east-1 to availability zones:
You can set the timeframe over which traffic is aggregated using the time selector at the top right of the page:
Facet panels mirror the tags in your search bar query. Switch between the facet panels with the Source and Destination tabs on top:
Aggregate and filter your traffic data by any tags in Datadog network page. A whitelist of tags is provided by default, which you can find in the search bar dropdown menu:
Whitelisted tags include
port, among others. If you want to aggregate or filter traffic by a tag that is not already in the menu, add it as a custom Facet:
+button on the top right of the facet panels.
Once the custom facet is created, use this tag to filter and aggregate traffic in the network page and map. All custom facets can be viewed in the bottom
Custom section of the facet panels.
Your network metrics are displayed through the graphs and the associated table. All sent and received metrics are displayed from the perspective of the source :
Values displayed might be different for
sent_metric(source to destination) and
received_metric(destination to source) if there is a large number of packet drops. In this case, if the
destination sends a lot of bytes to the
source, the flows that originate at
destination include those bytes, but the flows that originate at
source do not see them as received.
Note: The default collection interval is five minutes and retention is seven days.
The following network load metrics are available:
|Volume||The number of bytes sent or received over a period. Measured in bytes (or orders of magnitude thereof) bidirectional.|
|Throughput||The rate of bytes sent or received over a period. Measured in bytes per second, bidirectional.|
TCP is a connection-oriented protocol that guarantees in-order delivery of packets. The following TCP metrics are available:
|Retransmits||Retransmits represent detected failures that are retransmitted to ensure delivery. Measured in count of retransmits from the |
|Round-trip Time (RTT)||Round-trip time is a proxy for latency. Measured as the time between a TCP frame being sent and acknowledged.|
|RTT Variance||RTT is a proxy for jitter.|
Starting with Agent 7.17+, the Agent resolves IP’s to human-readable domain names for external and internal traffic. DNS allows you to monitor cloud provider endpoints where a Datadog Agent cannot be installed, such as S3 buckets, application load balancers, and API’s. Unrecognizable domain names such as DGA domains from C&C servers may point to network security threats. DNS is encoded as a tag in Datadog, so you can use it in search bar queries and the facet panel to aggregate and filter traffic.
Note: DNS resolution is supported for hosts where the system probe is running on the root network namespace, which is usually caused by running the system-probe in a container without using the host network.
The Network Address Translation (NAT) is a tool used by Kubernetes and other systems to route traffic between containers. When investigating a specific dependency (for example, service to service), you can use the presence or absence of pre-NAT IPs to distinguish between Kubernetes-native services, which do their own routing, and services that rely on external clients for routing. This feature does not currently include resolution of NAT gateways.
To view pre-NAT and post-NAT IPs, use the Show pre-NAT IPs toggle in the table settings. When this setting is toggled off, IPs shown in the Source IP and Dest IP columns are by default post-NAT IPs. In cases where you have multiple pre-NAT IPs for one post-NAT IP, the top 5 most common pre-NAT IPs will be displayed.
pre_nat.ip is a tag like any other in the product, so you can use it to aggregate and filter traffic.
The network table breaks down the Volume, Throughput, TCP Retransmits, Round-trip Time (RTT), and RTT variance metrics between each source and destination defined by your query.
You can configure the columns in your table using the
Customize button at the top right of the table.
Congifure the traffic shown with the
Filter Traffic button.
Datadog Agent traffic is shown by default. To narrow down your view to non-Datadog traffic only, toggle off
Show Datadog Traffic.
Unresolved source and destination tags are marked as
N/A. A traffic source or destination endpoint may be unresolved because:
Use the Show Unresolved Flows toggle in the upper right corner of the data table to filter out flows with unresolved (
N/A) sources or destinations.
Select any row from the data table to see associated logs, traces, and processes for a given source <=> destination flow:
Additional helpful documentation, links, and articles: