Graph visualization - network packet tracing

Petr_Stepan · October 26, 2018, 9:51am

HI,

I'm starting with graph visualization in Kibana and I would like to known if it is possible to visualize following task.
I Have a network consisted of 10 servers, for example and one client which receives messages from all servers. Client can recognize the path from the received message (a message went trough servers 1,5 and 6 for example). So, I would like to visualize in Graph in Kibana all nodes (10 server + 1 client) and the path of the filtered packet. So I designed the following json data set.

[
{ "Device": 1}, {"Device: 2"},...,{"Device:11"},
{
"Packet": 1,
"Path": [2,1]
},
{
"Packet": 1,
"Path": [1, null]
}
]

Then I'm able to show the path without any problems. See the graph

But if I add to json another packet for example:
[
{ "Device": 1}, {"Device: 2"},...,{"Device:11"},
{
"Packet": 1,
"Path": [2,1]
},
{
"Packet": 1,
"Path": [1, null]
},
{
"Packet":2,
"Path": [1, 5]
},
{
"Packet": 2,
"Path": [5, null]
}
]

I will get the following graph:

There is one more connection with node 5 from packet 2. So I would like to show only connection within data of packet 1. So the question is how I can do this and if it is possible.
The goal is to visualize complete network topology in graph (display all nodes without any connection) and draw the path of filtered packets - draw connection of nodes which participated on the transmitting of the selected packet.

Thank's

thomasneirynck · October 31, 2018, 4:12pm

hi @Petr_Stepan,

I'm not 100% sure if that's possible, but I'm also not an expert in Graph.

Perhaps @Mark_Harwood knows? Does this use-case look familiar to you?

Mark_Harwood · October 31, 2018, 4:40pm

Sadly this is where the GUI doesn't easily expose a feature of the Graph API which is the idea of a "guiding query".
In the example shown the search term for "Packet:1" is the initial seed query for the exploration. By default the GUI does a "2 hop" exploration, first discovering vertices that match the seed query (devices 1 and 2) but then stepping out another hop to find the docs that reference these devices which is where the packet 2 docs are found. If you want the seed query to act as a guiding query beyond the scope of the initial hop then you have to use the richer JSON syntax and repeat the query expression in each hop.
This JSON syntax can be typed in the search bar or can be passed in as ?query= parameter in a saved workspace's URL. That allows you to save a template workspace UI with vertex icons and colours all setup and then create links that can open up this workspace for the chosen graph query to show a packet's path.

system · November 28, 2018, 4:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.