vRealize Network Insight Searches

Share on:

Overview

This blog post will list a few of the searches that I’ve found useful when working with customers and vRealize Network Insight. The search expressions listed below are not exhaustive, and, the following links has more information as well:

Flow Searches

Below are a couple of queries which are great to showcase, but there are of course many variations, grouping structure etc. that can be applied to make them more meaninful for your environments.

Show me all the flows with the destination as the Internet and order is by bytes in descending order

1flow where Flow Type = 'Internet' order by Bytes

Show me all flows with the destination country as Australia, order by bytes and in descending order

1flow where Flow Type = 'Internet' and destination country = 'Australia' order by bytes

Show all flows where the destination port is RDP (3389), group by destination VM and source IP address

1flow where Destination Port == 3389 group by Destination VM, Source IP Address

Show all flows in a specific AWS VPC and order it by bytes

1flow where AWS VPC = '<VPC_NAME>' order by bytes

Show all flows to port name of DNS (TCP/53 and UDP/53) and group it by the destination virtual machine

1flow where destination port name = 'dns' group by Destination VM

Networking focused

Show me the Layer 2 network segment by VMware Count and in descending order

1l2 network order by VM Count desc

The following query will showcase the math (avg/min/max/sum)functionality available in vRNI, specifically the sum of in the following query.

1sum(VM Count) of l2 network order by VM Count

Show the top 10 VLANs over the last seven days by virtual machines and total network traffic

1top 10 vlan group by Vlan id, vm count order by sum(Total Network Traffic) in last 7 days

Show the sum of switched flows, group by subnet and order by the average

1sum(bytes) of flows where Flow Type = 'Routed' group by Source Subnet, Destination Subnet order by avg(Bytes Rate)

Show the sum of switch flows, group by subnet and order by the average

1sum(bytes) of flows where Flow Type = 'Switched' group by Source Subnet, Destination Subnet order by avg(Bytes Rate)

Security focused

Show me all vulnerable operating systems in my environment

1vm where Operating System like 'Microsoft Windows Server 2003' or Operating System like 'Microsoft Windows Server 2008' or Operating System like 'Red Hat Enterprise Linux 6' or Operating System like 'Red Hat Enterprise Linux 5' or Operating System like 'SUSE Linux Enterprise 10' group by vlan, Operating System

Show all flows where the firewall rule is set to Allow

1flows where firewall action = 'ALLOW'

Show all events where a firewall rule has changed in the last 2 days

1Firewall Rule Membership Changes in last 2 days

Infrastructure focused

Show the top five datastores based on the read/write (R/W) by input/output operations by second (IOPS)

1Top 5 Datastore by RW IOPS

Show virtual machines where the R/W IOPS is greater than 90

1vm by Read Latency where RW IOPS > 90