Introduction

Pie charts that display information by the production switch have an inner and outer ring, as shown in the following example.

For example, in the Tracked Hosts by Production Device & IF pie chart,

the detailed behavior of the pie charts in the Arista Analytics Fabric view, specifically those displaying information related to production switches, is shown. The key feature is the dual-ring structure:

• Inner Ring: Represents a broader category, "Production Device" (switches).
• Outer Ring: Provides a more granular breakdown, such as "Interface" (IF) details selected inner ring segment.

The interactive functionality is crucial, as clicking a segment in the inner ring filters the outer ring to display only the data relevant to that selected inner ring segment.

It allows for a hierarchical view of the data, enabling users to quickly drill down from a general overview (switch level) to specific details (interface level) within that overview. It is a good design for exploring relationships within the network data.

To restrict the current content to events occurring in a specific period, click and drag it to surround the area on a time visualization, such as the Flows Over Time.

To select the time range or to change the default refresh rate, click the Time Range control in the upper right corner. The system displays the following dashboard.

Select the range from the options provided, and the panels and displays update to reflect the new date and time range. To change the auto-refresh rate, click the Auto-refresh control. The system displays the following dashboard.

Select the refresh interval from the options provided. Click Start to turn off the auto-refresh function.

The search field at the top of the dashboard filters the current displays by any text or numbers typed into the field.

The Action option in the upper right corner applies these actions to all the currently applied filters.

Click a segment on a pie chart for the appropriate filter; it automatically inserts into the Search field. To undo the filter, click the Remove filter icon.

To define complex queries using field names, which can be seen by scrolling and clicking on an event row. For example, on the sFlow^®* dashboard, the query proto : TCP AND tags : ext displays all externally bound TCP traffic. OR NOT ( ) are also permitted in the expression. For more details about the supported search syntax, refer to the following URL:https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#query-string-syntax.

Select the Discover option in the left panel of the Analytics window; the system will display the following page.

Use Discover mode to see the indices in the ElasticSearch database and identify the available data.

Refrain from executing general queries for a wide time range. For example, suppose you want to query for 7 or 30 days. In that case, do a specific query flow, filter interface, specific source or destination IP address, and specific source or port number as it eases the query load.

To query NetFlow or sFlow^® for more extended periods, use the FLOW Dashboard to determine the trend and then do a specific query, such as querying a specific flow or time, on the Netflow or sFlow^® dashboard.

Periodically monitor the AN Load Dashboard for index and query load and scale up the Analytics Node if the Load is Yellow/Red.

These recommendations aim to optimize query performance and prevent system overload, especially when dealing with large datasets and extended timeframes.

Select the Dashboards option from the left panel on the Analytics window to manage Dashboards. The system displays the following page.

Refer to the Kibana documentation for details about creating and managing dashboards.https://www.elastic.co/guide/en/kibana/8.15/index.html

Following are the best practices for managing dashboards and saved objects within Arista Analytics, focusing on organization, maintainability, and upgrade compatibility:

• Consistent Naming Conventions: Employ a naming convention that aligns with your environment.
  • Use prefixes to categorize dashboard content (for example, "ARISTA").
  • Include descriptive terms in the dashboard name to specify its type.
  • It improves organization and simplifies selection.
• Simplified Management: Consistent naming allows for easier individual selection and bulk operations.
  • Exporting dashboards based on their type facilitates tracking and management of modifications.
• Upgrade Compatibility: Build dashboards using custom visualizations and searches created for your environment.
  • Avoid relying on default objects, which might change during upgrades, potentially breaking your dashboards.

In summary, the best practices advocate for a structured and organized approach to dashboard management, ensuring maintainability, traceability, and resilience to system upgrades.

• GeoIP Database: Arista Analytics uses the MaxMind GeoIP database to associate public network IP addresses with geographic locations.
• Map Visualization: This association displays a heat map on the sFlow^® dashboard.
• Geographic Filtering: It filters the traffic shown on the map by selecting specific regions:
  • Square Tool: Draw a square to select a rectangular area.
  • Polygon Tool: Draw an irregular shape to select a more complex region.
  • Zoom and Detail: Selecting a region will zoom in on that area and provide more detailed information about the traffic flowing to or from it.

This process enables users to visually analyze network traffic patterns based on geographic location and focus on specific areas of interest for deeper investigation.

Click an IP address, then click the Magnifying Glass icon (+) to pin the address to the dashboard.

The selected IP address is added to the filters on the dashboard.

Each dashboard has a bar chart depicting traffic on the y-axis and time on the x-axis. To add a time filter, click and drag an area in the All Flows Over Time bar chart.