Root cause analysis for increased traffic from another country

With Sycope’s Trend Dashboards, you gain the power to analyze aggregated streams effortlessly, even over extended time spans. From customizing time frames to drilling down into unexpected traffic spikes, this guide will walk you through the steps to master your network insights. Let’s dive into the details and discover how to make smarter, data-driven decisions for your IT infrastructure.

Trend dashboards allow us to see how the network traffic is changing in a defined time frames. By default, it works on an aggregation streams and therefore is highly performant even with a wider timespan. More>>

We can access trends by clicking Dashboards from the menu on the left and choosing the desired trends view. In our case it will be Countries Trends. If we see a peak value for an unexpected country in a timeline widget for Countries by Sent Bytes, we can zoom in inside the chart, which will automatically change the time range that we want to review. 
Using other widgets, for example Countries as Server sorted by Sent Bytes, we can confirm our suspicions and investigate further by right clicking a bar and selecting Drilldown Group Countries and Country Details.

 We will be redirected to a dedicated dashboard, which is using a different data stream. By accepting the filter change, Sycope will convert the chosen field and analysis can be continued without interruptions.
Now, we are presented with detailed statistics per Country, including the widget for IPs as Client sorted by Bytes, where Servers are Public and Clients are Private. Thanks to the built-in dashboards and drilldowns, we can easily move between different objects such as IPs, Ports, Countries, Applications and others. In this case we want to continue the analysis by choosing the IP that is responsible for the discovered traffic peak.
We can do that by right clicking this IP and using Drilldown Group Clients and Client IP Details.

After finishing the analysis using our Client IP and Country filters, if we remove the second one, we can view the entire traffic for the selected IP. Such filter can be saved and used for other dashboards.

By leveraging Sycope’s Trend Dashboards, you can navigate through complex network data with ease, isolate critical insights, and streamline your analysis process. Whether it’s uncovering traffic anomalies or fine-tuning performance metrics, these tools equip you to take control of your network like never before.