Flow Support

Horizon supports receiving, decoding, and persisting flow information sent from your network devices. A list of currently supported protocols is available in the Telemetry section. While flows offer a great breadth of information, the current focus of the support in Horizon is aimed at:

  • Network diagnostic: viewing the top protocols and top talkers within the context of a particular network interface.

  • Forensic analysis: persisting the flows for long-term storage.

How it works

At a high level:

  • Telemetryd receives and decodes flows on both Horizon and Minion.

  • Telemetryd adapters convert the flows to a canonical flow model.

  • Flows are enriched:

    • Flows are tagged with an application name via the classification engine.

    • Metadata related to associated nodes (such as IDs and categories) are also added to the flows.

  • Enriched flows are persisted in Elasticsearch and/or forwarded to Kafka.

  • You can use Nephron to aggregate flows and output aggregates to Elasticsearch, Cortex, or Kafka.

  • The REST API supports generating both summaries and time series data from the flows or flow aggregates stored in Elasticsearch.

  • Use OpenNMS Helm to visualize flows and/or flow aggregates:

    • Use the "Flow Deep Dive" dashboard to visualize flows and flow aggregates that are stored in Elasticsearch using the flow datasource that interfaces with the Horizon REST API.

    • Use the "Cortex Flow Deep Dive" dashboard that uses a Prometheus datasource to access flow aggregates stored in Cortex.