Insight Analytics Flow Custom Tags
Selecting Overview → Analytics → Insight Analytics Flow → Custom Tags displays the Custom Tags dashboard. The Custom Tags tab is highlighted.
Usage Note: Before any analytics are collected, add a Fabric and install and activate a valid license.
The UNUM Insight Analytics Flow Tags module provides a convenient method of adding business and application context to flows using user edited custom defined tags.
Clicking on custom Tags in the dashboard interface launches the Tags functionality and displays the following information:
Insight Analytics Flow Custom Tags Dashboard
The Custom Tags module also supports global filters by clicking on any of the chart items. You drilldown into the data by selecting any chart item in the dashboard and clicking on an area of interest.
Search and Filtering functions work in an identical manner as described under the Insight Analytics Flow Search & Filtering section.
Customizing Project Tags
Clicking on the option links: Upload Tags, Clear Tags and Customize Dashboard allows you to customize pie chart labels and upload tags from a spreadsheet and re-map fields.
Insight Analytics Flow Custom Tags Customize Project Tags
The options are Upload, Clear Tags and Customize Dashboard.
Clicking on the Upload Tags link displays an Upload Project Tags File window by which you select your own tagging file (see Creating Project Tags) in CSV or XML format to change the fields using the meta data you supply.
Browse for the location of the files or drag-and-drop the file containing the specified data and click Upload.
To exit the Upload Tags menu, click Close.
Insight Analytics Flow Upload Project Tags File Menu
Clicking on the Clear Tags link immediately deletes all tag entries. You must re-enter ALL tag information following this action.
Custom Tags Customize Dashboard
Clicking on the Customize Dashboard link displays a customize window by which you edit the Title fields, select the data type for the Field and the type of data Aggregate desired for the customized display.
Clicking Update! saves the new customization.
Insight Analytics Flow Customize Fields Menu
You create customized dashboards using Project Tags.
This feature allows you to view multiple projects using customized tags that you either select from a drop down list or import as a *.csv file. This is useful if you want to monitor specific sections of your network such as a cluster storage configuration.
To create customized tags using UNUM Insight Analytics Flow, click Options on the Project Tags page, and then Customize Dashboard.
You create up to six customized pie charts by entering titles for each pie chart and selecting the field to appear in the pie chart. Each pie chart aggregates data by Total Bytes or # of Connections.
Once you have created the pie charts, click Update!
To create a custom *.csv, use any spreadsheet application to create a new project file. Use the columns A through H to set up the fields, and each column must start with item_ and then the field name such as srcip, dstip, etc.
Insight Analytics Flow Custom Tags Template Spreadsheet
As the information is collected, each individual connection record is tagged at the time it is stored in UNUM Insight Analytics Flow with system defined tags such as hostname and geo-coordinates. The figure above shows an Excel spreadsheet used to generate a CSV (Comma Separated Values) file. The CSV file is then uploaded into UNUM Insight Analytics Flow to start the custom tagging. Tagging (setting the attributes in column J and above) occurs when the connection record matches the conditions expressed in columns A to I (item_* columns). UNUM Insight Analytics Flow processes the conditions from top to bottom with the first match determining the tagging. Columns H and I match on the srcip OR dstip and on the srcmac OR the dstmac, and are mutually exclusive with the columns A/B or C/D.
You map a source IP address to all destination IP addresses or to a specific IP address. If a cell is left blank (highlighted in orange in the example spreadsheet), then it has the value of all as default. Once you have completed your spreadsheet and saved it as a *.csv file, you upload it to UNUM Insight Analytics Flow by clicking Options, and then Upload. Locate your CSV file and upload it to UNUM Insight Analytics Flow. You use the format <ip>/<netmask> for these fields as well.
In the example spreadsheet above, line 2 has the highest priority and line 27 the lowest priority when collecting data. A security whitelist is represented on lines 20 – 22 and lines 23 – 27 show how specific application server information is collected.
Wildcard Subnet for IP Address Fields
This feature adds functionality to custom tagging. With the current custom tagging implementation, exact matches are performed for source IP addresses and destination IP addresses. You specify an IP Address range in the format <ip>/<netmask>. An example tag entry may have this format:
and return the following information:
,10.9.34.159,98:e0:d9:8b:60:4f,,,,,,User,MacBookAir,Product_Mgmt,Big Bets,Work Laptop,Not_Authorized
,10.34.15.0/24,,,,,,,Test User,IPhone,Product_Mgmt,Big Bets,Mobile Phone,Not_Authorized
In the tag file, there are samples with both a single IP Address, first entry, and a range of IP Addresses, second entry. When you upload a tag file with entries in <ip>/<netmask> format, during the flow and PCAP tagging, a check is performed to see if the specified IP address from the flow is part of the subnet range, rather than performing an exact match. In the example, any flow with a destination IP address within the range 10.34.15.1 - 10.34.15.254 is considered a match and tagged with the custom tagging attributes. Specificy the IP address in subnet format for the fields item_srcip, item_dstip and item_ipv4address.
Insight Analytics Flow Custom Tags using Subnet Mask Example