Network view
Last updated
Last updated
Connection issues can occur across different devices, users, binaries and destinations. Network view accelerates troubleshooting and helps you identify the appropriate team or vendor to fix network-related issues by providing an interactive visualization of connection.events
data.
Network view is available in various modules and features to simplify troubleshooting network-related issues.
This enables application owners to troubleshoot network connectivity issues for their desktop or network application.
To access Network view in Applications
Open up either a desktop or a network app in the Applications module.
For applications that are both web and desktop, click on the Desktop tab
View the Network tab
Refer to the Applications documentation page for more information.
Device view continues to allowing troubleshooting a particular device To access Network view in Device view, open the Network tab. Refer to the Device View documentation page for more information.
Investigations allows you to investigate issues by writing and updating a query and visualizing it in Network view. To see Network view in Investigations:
From the Visual editor on the Investigation page, select Connection Events in the Display dropdown.
From the NQL editor on the Investigation page, run a query with connection.events
table.
Refer to the Investigations documentation page for more information.
Search enables you to quickly troubleshoot a particular binary, user, destination domain or port by getting to investigations prefiltered.
To troubleshoot a destination domain or port:
Type in a specific destination domain or port whether configured or not in Nexthink, click on Connections to the destination in the pop-up search window and open the Network tab on the loaded page.
To troubleshoot a binary, user or device:
select Retrieve all > (Connection) Events from the binary action menu in the pop-up search window and open the Network tab on the loaded page. See the image below.
The system will filter the Network view visualization based on the entry point you use. For instance, display Network view with pre-filtered connection events for a particular binary.
Refer to the Search documentation page for more information.
To prevent users from seeing sensitive data in Network view or investigations, define Data privacy:
Destinations and domains: Set to Hidden to hide destinations and domains of connectivity events from the user.
Devices: Set to Hidden to hide device names from the user.
Users: Set to Hidden to hide user names from the user.
Data privacy restrictions apply to the connection.events
data used by Network view.
Refer to the Roles documentation for more information.
To see the Network view in Investigations, the query must use the Connection events table.
In the Visual editor, choose Connection Events in the Display dropdown.
In the NQL editor, ensure the query starts with connection.events
.
To troubleshoot specific network-related issues using queries, refer to the Application Connectivity troubleshooting documentation.
Network view breaks down the selected metrics for connection.events
into multiple properties and shows on the connection paths how properties relate. Nodes and lines represent these relationships.
The Network view connection paths display four columns by default, allowing you to click on nodes or lines to drill down lower levels of breakdowns.
To switch from the displayed metrics and begin troubleshooting issues:
Click the Display dropdown above the Network view visualization.
Select one of the available metrics for the particular connection data set.
Sort the connection.events
data displayed in Network view according to the transport protocol.
Find the following options above the Network view visualization:
Click TCP only for Transmission Control Protocol (TCP) connections established by a device.
Click UDP only for User Datagram Packages (UDP).
Click Any for both TCP and UDP.
The thickness of a line, which connects two nodes, is proportional to the metric value between those respective nodes when compared to the same metric values between different nodes in the same two columns.
The screenshot below shows the metric value between the columns Application → name and Destination type, which in this case represents failed_connections_ratio
values.
The thin line between the Excel application node and the intranet destination, considering the metric value for this case, represents a smaller failed_connections_ratio
when compared to the Microsoft Office application node.