The following sections describe various ways that Flow Analyzer can help you.
Scenario: Understand client-server traffic
As a network administrator, you want to understand who initiated the connection and visualize the traffic flow data in the form of client-server dependency.
Access Flow Analyzer
You access Google Cloud console and go to Flow Analyzer. If Log Analytics isn't enabled on the subnet, you'll see no data.
VPC Flow Logs must be enabled on the relevant subnet. The logs must be stored in the log bucket that you're using to view Flow Analyzer. Also note that this log bucket must be upgraded to use Log Analytics.
Follow the instructions on the Flow Analyzer page to enable Log Analytics.
Build and run the query using the selected properties
- On the Flow Analyzer page, select the traffic aggregation and the time range for which you need to view the data.
- Because you want to know who initiated the connection, in the Source pane, select the following fields in the Organize Flows by box: VPC subnetwork, IP, and Port.
The Highest data flows chart and the All data flows table display the query results.
View the details to understand the client-server traffic
The chart displays the top five highest traffic flows over time, when compared with the rest of the traffic. Spot trends such as traffic spikes using this chart.
You can use the time selector to specify the required time range. Decrease the value of the alignment period to get the required details.
If there are specific spikes in the traffic, learn more about any specific flow using the Flow details page.
View specific traffic flow details
In the All data flows table, click Show details for the flow you'd like to investigate. The Flow details page that appears shows all the resources matching the selected filters and the traffic of these resources.
You can further drill down the query results using the remaining fields or properties available in VPC Flow Logs. On the Flow details page, the drill down panel provides details about the selected traffic flow including information such as the source, destination, traffic, and possible drill down options.
You can drill down further by splitting a selected traffic flow using any available extra field.