-
Show current problems within the monitored environment
problem
-
Show list of changes within the monitored environment
change
-
See which Controller is responsible for each VNI
controller of vxlan group by controller
-
Show Top N dashboards - net usage, CPU usage, IOPs etc
topn
-
Show path a Virtual Machine takes to get to Internet
vm '<vmname>' to internet
-
Show overall storage dashboard - Performance, # of datastores, # of snapshots etc
storage
-
Plan security for a single VM and only show internet bound traffic
plan flows where vm = '<vmname>' and traffic type = 'INTERNET_TRAFFIC'
-
Use the plan security view on a subset of VMs, can use Folder Name, Resource Pool etc
plan vm where folder = '<foldername>'
-
View the PCI Compliance dashboard
Note: This feature requires vRealize Network Insight 3.5 or later and an Enterprise license
pci compliance of VC Manager '192.168.10.10'
- Review Checklist items/failures
NSX Manager '<nsxmanager>'
- Show Security Group Membership Changes
security group membership change
-
Show Firewall Rule Membership Changes
firewall rule membership change
-
Show Virtual Machines Not Protected by DFW
vm where firewall status = 'Excluded'
-
Show all Virtual Machines that are part of a firewall rule
vm where firewall rule = '<firewallrulename>'
-
Show applicable firewall rules between 2 Virtual Machines
firewall rule between vm '<vmname1>' to vm '<vmname2>'
-
Show masked firewall rules
On the results screen, click the alarm/bell icon in the top right corner to create alert for any new warnings
firewall rule masked event
-
Show rules using any/any/any to find candidates for further segmentation. This will display across NSX and 3rd party partner solutions as well.
firewall rule where source = any and destination = any and service = any and action = allow
-
Show VMs with incoming traffic on a specific port, can click on the VM in the search results and then click on Configured Firewall Rules to view the applicable firewall rules for that vm
vm where incoming port = <portnumber>
These queries take advantage of the new functionality in vR NI 3.5 that includes IPFix data from NSX
-
Show blocked flows for a NSX Rule ID
flow where firewall ruleid = '1010' and firewall action = 'DENY'
-
Show all blocked flows
flow where firewall action = 'DENY'
- Show ESXi hosts sorted by max network rate
network rate of host order by Max Network Rate
-
Show VMs by top talkers
vm by network rate
-
Another query to show top talkers, limiting to top 10
flows group by src vm order by sum(bytes) limit 10
-
Show network info for virtual machines
l2 network, vlan, ip address, default gateway of vms
-
Search for a known MAC address to find the machine it belongs to
00:50:56:a6:c9:6a
-
Show sum of traffic between 2 NSX Security Groups sorted by source ESXi host
sum(bytes rate) of flow where src sg = '<sourcesecuritygroup>' and dst sg = '<destinationsecuritygroup>' group by src host
-
Show sum and average of traffic by port
sum(bytes), avg(bytes) of flows group by port
-
Similar to above, but also shows the endpoint the traffic was communicating to
sum(bytes), avg(bytes) of flows group by service endpoint
-
Show Datacenter Interconnect link traffic (2 sites, vCenter Server at each site)
sum(bytes) of flows where (Dst Manager = 'site2' AND src manager = 'site1') OR (Dst Manager = 'site1' AND src manager = 'site2')
-
Show total internet traffic by source IP
sum(bytes) of flows where Flow Type = Internet' group by src ip
- Show events for delays in updating Palo Alto Networks Dynamic Address Groups
On the results screen, click the alarm/bell icon in the top right corner to create alert for any new warnings
Palo Alto Nsx Dynamic Update Event
-
Show all switches
switches
-
Show all Cisco switches
switches where vendor = Cisco
-
Show all traffic going to physical sorted by top talkers
flows where flow type = 'VM-Physical' by bytes
-
Show packet drops in the monitored environment sorted by highest packet drop switchports
switchport where vendor = '<switchvendor>' order by total packet drops desc