Dashboard
A dashboard displays a set of saved visualizations in groups that you can arrange freely. You can save a dashboard to reload at a later time.
The Analyze tab of the Web Management interface contains preloaded dashboards and your custom dashboards (after you create them).
Automatically Refresh the Page
You can configure a refresh interval to automatically refresh the page with the latest index data. This periodically resubmits the search query.
When a refresh interval is set, it appears in the time filter.
To set the refresh interval:
- Click the Time Filter
icon. - Under the Quick select header, set a refresh interval.
- Click Apply.
To automatically refresh the data:
- Under the Refresh every header, select an auto-refresh interval.
- Click Start.
When auto-refresh is enabled, the time filter icon changes to a clock:
- To stop auto-refresh, click Stop.
Create a New Dashboard
- Click the Dashboard
icon on the Kibana sidebar. - Click Create new dashboard.
- Follow the prompts in the NetMon UI.
Add Visualizations to a Dashboard
- Click Add on the toolbar panel and select one or more saved visualization from the list. You can filter the list of visualizations by typing a filter string into the Add panels search bar.
- Click Create new visualization.
- Select a visualization. For more information, see Visualize.
Select an area or source to apply to the visualization.
The visualization you select appears in a container on your dashboard.
If you see a message about the container's height or width being too small, resize the container.
Save Dashboards
- Click Edit on the toolbar panel, and then click Save.
- Enter a name for the dashboard in the Title field, and then click Confirm save.
- (Optional) By default, dashboards store the time period specified in the time filter when you save a dashboard. To disable this behavior, clear the Store time with dashboard box before saving.
Load a Saved Dashboard
To load a saved dashboard, either click Analyze on the top navigation bar of the Web Management interface and select a dashboard, or click the Dashboard icon on the Kibana sidebar to display a list of existing dashboards. The saved dashboard selector includes a text field to filter by dashboard name and a link to edit each dashboard.
The following system dashboards are available in NetMon:
| Dashboard | |
|---|---|
| Alarm Trend | Detailed information about number of alarms fired and which applications triggered alarms, useful for viewing alarm metrics at a glance. |
Alarms | Alarms that have triggered during the selected time interval. |
Analyze | Top application flows during the selected time interval. |
Application Exploration | Top application flows during the selected time interval, sorted by application family and application tag. For more information, see Application Families and Tags. |
Capture | Sessions captured during the selected time interval. |
Destination Port | Top destination ports identified during the selected time interval. |
File Reconstruction | Metadata from file attachments downloaded from captured sessions. |
Ingress Egress Traffic | Ingress and egress traffic identified during the selected time interval.
This dashboard requires the Flow_IdentifyTrafficDirection system DPA rule.
|
| Network Analysis | Visualizations that present bandwidth of various applications, overall bandwidth, traffic direction, and system intercommunication. |
| Network Node Link | Information about the traffic between source and dest IPs on the network, including a Node Link Graph visualization of the top endpoints by bandwidth. |
Replayed Traffic | PCAPs uploaded to NetMon and replayed. |
| SMB | Visualizations containing detailed information about the SMB traffic profile, including metadata fields such as SMB versions, paths, command strings, and operating systems, as well as which systems are involved in SMB sessions. |
SMTP Trends | Metadata around email use during the selected time interval. |
Top Level Domain | Metadata around top-level, second-level, and Fully Qualified Domain Name (FQDN) traffic identified during the selected time interval.
This dashboard requires the Flow_TopLevelDomain system DPA rule.
|
Traffic Endpoints | Source and destination IP addresses identified during the selected time interval, sorted by metadata impact. |
Traffic Profile | Application-centric view of metadata impact during the selected time interval. |
Customize Dashboard Elements
The visualizations in your dashboard are stored in resizable containers that you can arrange on the dashboard. This section discusses customizing these containers.
Move Containers
Click and hold a container’s header to move the container around the dashboard. Other containers shift as needed to make room for the moving container. Release the mouse button to confirm the container’s new location.
Resize Containers
Move the cursor to the bottom right corner of the container until the cursor changes to point at the corner. After the cursor changes, click and drag the corner of the container to change the container’s size. Release the mouse button to confirm the new container size.
Delete Containers
Click the Settings 
icon at the top-right corner of a container, and then click Delete from dashboard.
View Detailed Information
To display the raw data behind the visualization, click the Settings icon at the top-right corner of a container, and then click Inspect. Detailed information about the raw data replaces the visualization.
To see a representation of the underlying data, presented as a paginated data grid, click View: Data in the top-right corner of the Inspect screen. You can sort the items in the table by clicking on the table headers at the top of each column.
To export the raw data behind the visualization as a comma-separated-values (.csv) file, click Download CSV, and then select either the Formatted CSV or Raw CSV. A raw export contains the data as it is stored in Elasticsearch. A formatted export contains the results of any applicable field formatters.
To view Requests, click View: Requests in the top-right corner of the Inspect screen. A request that queries Elasticsearch to fetch the data for the visualization.
Statistics
A summary of the statistics related to the request and the response, presented as a data grid. The data grid includes the query duration, the request duration, the total number of records found on the server, and the index pattern used to make the query.
To see this data, click the Statistics header.
Request
The raw request used to query the server, presented in JSON format.
To see this data, click the Request header.
Response
The raw response from the server, presented in JSON format.
To see this data, click the Response header.
Change the Visualization
From the menu above the search bar, click Edit and make your changes.
Work with Filters
When you create a filter anywhere in NetMon, the filter conditions display in a box under the search bar. The number of active filters appears on the right side of the Filters box.
Clicking on a filter box displays the following options:
Pin across all apps
Click this option to pin the filter across all tabs in NetMon, ensuring they remain in place for different visualizations and dashboards. You can unpin the filter by clicking the icon (which now says "Unpin") again.
Edit filter
Click this option to edit a filter. For more information, see Filter by Field.
Exclude results
Click this option to exclude results from the current view. You can toggle this setting back to include by clicking the icon (which now says "Include filters") again.
Temporarily disable
Click this option to disable the filter without removing it. You can enable a disabled filter by clicking the icon (which now says "Re-enable") again.
Delete
Click this option to remove a filter entirely.
Preview Canvas
The preview canvas displays a preview of the visualization you’ve defined in the aggregation builder. To refresh the visualization preview, click the Refresh button on the toolbar.