Understanding Flow details
Flow provides visibility of Applications running on the network, showing top sources and destinations, plus top conversations for each. Detail is shown for each completed hour.
Highlight can collect Flow data from compatible devices such as Cisco, Juniper, or Riverbed.
Once configured a Traffic Analysis (Flow) section will appear at the bottom of the Details page. The dialog displays the top 20 hosts/applications (plus others grouped together) with outbound traffic on the left, inbound on the right.
The settings in the side bar will be remembered when you next log in.
- Displays the top 20 applications (plus others grouped together) running across the selected link
- Displays the top 20 hosts (plus others grouped together) sending across the selected link
- Displays the top 20 conversations (plus others grouped together) either sending or receiving traffic (only data table view available, not graph)
Switch between graphical and text views of the information using the buttons provided. Display results for the current time period (as selected in the time bar at the top of the page). Show the top 20 hosts/applications (plus others grouped together) either sending or receiving traffic.
- Displays bar charts, as shown above, note: graphs are not available for conversations
- Data table
- Displays text and has the option to break the data down further (by hour on a day view, day on a week view and week on a month view)
- 24 hour
- Displays the full day
- Last hour
- Displays 6 segments of ten minutes each. If auto-refresh is on or the page is refreshed, the segments will shift to show the most recent with the oldest segment disappearing from the graph or data table. The times shown will adjust if the time zone is changed.
- Hover over each coloured section to see the percent of total traffic used by that host/application during the selected time period. The host/application name is also indicated in the list.
- Uncheck a host/application to remove it from the graph, check only those of interest
Data table only
Zoom in to display results for a specific time period. e.g on a day view, click 08 to display information accumulated for the hour from 8:00am to 9:00am.
- Last hour view
- Day view
- Week view
- Month view
Only users with permission Manage applications can make changes to an application or host name, which will be visible to all users.
Changes to an application name or host name will impact all locations in the same folder. To make name changes affect a wider range of locations, set the top level folder as an application domain in Edit Folder on the Features tab.
When Data table is selected, you can edit the name of an application or host/IP using
In the example GIF, the host name dcl6-dfw.viv-dfw.salesforce.com is changed to display as Salesforce.com
- Start the edit
- Store changes, both the OUT and IN name will be updated
- Cancel changes
Any change to Flow host or application names is recorded in Reporting, Audit Log
- This option displays the top 20 conversations (plus others grouped together) either sending or receiving traffic (only data table view available, not graph)
- With Data table selected for applications or hosts, there is a further option to view a list of the top ten conversations involved with the entry.
If you clicked when looking at an application such as email, you'll see the ten busiest pairs of hosts using this application - in each case one inside your network, one outside it - along with the volume and percent of traffic each has created.
If you clicked when looking at a particular host system, such as a server, you'll see the top ten other systems this host is talking to and the application being used in each case. Highlight also lists the volume of data and percent being generated by each.
If the name of the host has been edited, then the original name will appear in the top line of the Window as Host Name.
Highlight will normally keep top 20 information for 12 months and detailed conversation information for 45 days.
The only reporting for Flow in Highlight is a technical listing extracted from the Admin Watch report, which can be very useful as a means of identifying Flow watches that are no longer reporting.