Scribd
Upload
149 views11 pages

Vmware Vrealize Network Insight Search Query Posters: Get Deeper Insights From Your Infrastructure, Faster

Uploaded by

cisatom612
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
149 views11 pages

Vmware Vrealize Network Insight Search Query Posters: Get Deeper Insights From Your Infrastructure, Faster

Uploaded by

cisatom612
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

GET STARTED

VMware vRealize
Network Insight
Search Query
Posters
Get Deeper Insights from
Your Infrastructure, Faster
vRealize Network Insight | vRealize Network Insight Cloud

Introduction
As a VMware admin, you know VMware vRealize® Network
Insight™ provides a robust search for all of the entities in
your environment. It has property and entity terms, as well
as aggregate function terms you can tune for best-results
infrastructure to cloud to branch planning and analysis.

But we’re all busy. And with so little time and so many
questions, our team came up with a series of vRealize
Network Insight search query cheat sheets to inspire you
while getting to insights faster.

Download, view, and display one. Or download, view, and


display them all. As a go-to resource or simply an office
conversation starter, each guide includes everything you
need for results.

Search Guide Topics


1. Flows

2. PKS – Kubernetes

3. VMware NSX – T

4. VMware NSX® Data Center for vSphere®

5. VMware SD-WAN™ by VeloCloud®

6. Virtual machine
vRealize Network Insight | vRealize Network Insight Cloud

• Choose sample queries in grey


• View properties to search in green
Ready Queries • Find metrics delivered in blue

• View tables and graphs


Visual Results • Sort options
• Filter results
vRealize Network Insight | vRealize Network Insight Cloud

How to Get Started


When you need results fast, select the search feature in vRealize Network
Insight and start typing in the syntax highlighted on a poster.

These are sample searches:

• Discover which VMs have too many snapshots by entering this query:
Top 10 vms by snapshot count
• Identify the top talkers from this VM by entering the following: sum(-
bytes) of flows where Flow Type = ‘Src is VM’ and Flow Type = ‘Dst is
Internet’
• Find out which countries your customers are coming from by entering
this query: flow group by Destination Country
• Discover Kubernetes PODs that are failing due to image errors by en-
tering the following: Kubernetes events where Event code = ‘Image-
PullBackOff’ in last 24 hours
• Identify unstable internet connections in your SD-WAN by entering
this code: SD-WAN Link where Connectivity State != ‘Stable’
vRealize Network Insight | vRealize Network Insight Cloud

Flows Search Poster


Sample Queries NSX-V Policy Firewall - NSX-V Security Group - NSX-V Policy Based VPN -
Configuration Properties Configuration Properties Configuration Properties
flow where bytes > 100 gb
flow group by vm Change All Direct Child Group Change
top 5 flow order by packets Event All Parents Enabled
flow group by Destination Country Exclusion Change Event
count of flow group by Destination IP Address Firewall Status Child Local Address
Internet traffic by source VM: sum(bytes) of flows where Flow Type = ‘Internet’ group by source vm order by Manager Direct Destination RuleSets Type Local Address
Model Direct Incoming Rules Local Endpoints
sum(bytes)
Name Direct Outgoing Rules Local Network
Internet traffic: flows where Flow Type = ‘Source is Internet’ and Flow Type = ‘Destination is VM’ order by bytes
Problem Direct Source RuleSets Type Local Network
Sum of bytes between VM & internet: Sum(bytes), sum(src bytes), sum(dest bytes) of flows where Flow Type = Published Version Event Manager
‘Source is VM’ and flow type = ‘Destination is Internet’ Rule Count Excluded Peer VPN Connection
Total VTEP traffic: sum(bytes) of flows where Flow Type = ‘Source is VTEP’ or Flow Type = ‘Destination is VTEP’ RuleSets Type IP Address Peer VPN Gateway
VTEP traffic grouped by VMKNIC: sum(bytes) of flows where Flow Type = ‘Source is VTEP’ or Flow Type = Rules IPSet Peer VPN Session
‘Destination is VTEP’ group by IP Serial Incoming Rule Count Problem
Top VM pair by total bytes: sum(bytes) of flows group by src vm, dest vm order by sum(bytes) Spoofguard Status Indirect Destination RuleSets Type Remote Endpoints
Vendor Indirect Incoming Rule Count Remote Network
Aggregated traffic series for matching flows: series( sum( byte rate )) of flows where host = ‘myhost.abccorp.com’
Vendor ID Indirect Incoming Rules Remote Network
and (flow type = ‘source is vm’ or flow type = ‘destination is vm’)
Version Indirect Outgoing Rule Count Remote Private Address
VM flow between hosts: Indirect Outgoing Rules Remote Private Address
• flow where Flow Type = ‘VM-VM’ and Flow Type = ‘Diff Host’ order by bytes Indirect Source RuleSets Type Remote Public Address
• sum(bytes) of flow where Flow Type = ‘VM-VM’ and Flow Type = ‘Diff Host’ group by vm order by sum(bytes) NSX-V Manager - Metrics Manager Remote Public Address
Manager Model Tier0
Manager Serial name
Incomplete tcp flow drop count
Manager Version
Outbound expire flow drop count
Member
NSX-V Firewall - Configuration Properties Wrong collector flow drop count
Member NSX-V IPSet -
NSX Manager
NSX Manager Flow Destination IPSet Configuration Properties
Name
Name HIP Profile Destination Negate All Parents
Outgoing Rule Count
Packet Type IP Address Destination Security Group NSX-V Controller - Change
Problem
Port Status Destination Vm Configuration Properties Event
Region
Port Range Target Destination Zone IP Address
Rule Count
Port Range Target Negation Device Group Activated IP Address
Security Tag
Port Range Display Vendor Direct Destination Address Change IP Range
Translated VM
Problem Vendor Direct Destination Address Group Enabled IP Address Range end
Vendor
Protocol vm series Direct Destination IPSet Event IP Address Range start
Vendor ID
Protocol Port Range Indirect Source IPSet Direct Destination Security Group ID Translated VM
Rule ID Indirect Source Security Group Direct Security Group IP Address Vendor ID
Rule Type Logging Enabled Direct Source Address Join Status Network Address
NSX-V Manager -
Scope Manager Direct Source Address Group Ldr Problem
Configuration Properties
Section ID Manager Model Direct Source IPSet Majority Status Scope
Section Name Manager Serial Direct Source Security Group Manager Scope
Direction Backup Enabled
Security Group Manager Version Master Tag
IPSet Change
Sequence ID Action NSX Manager Manager
Indirect Destination Address Event
Service Application Name NSX Manager
Indirect Destination Address Group IP Address
Service Application ID GUID Network Address Name
Indirect Destination IPSet Model
Service Any Appliedto Problem Netmask
Indirect Destination Security Group NTP Server Configured
Service Profile Category Role Name Indirect Incoming Rules
Indirect Security Group Name
Shared Change Scope Indirect Outgoing Rules
a Source Address Problem
Source Configured Destination Status Direct Destination RuleSets Type
Indirect Source Address Group Serial
Source Negate Configured Source Upgrade Available Direct Incoming Rules
Source Address Syslog Server Configured
Source Security Group Destination VM Direct Outgoing Rules
Source Address Group Transport Zone
Source User Destination Address VXLAN Direct Parent Security Group
Source Any VM
Source Vm Destination Address Group Vendor ID Direct Source RuleSets Type
Source IP Vendor
Source Zone Destination Any Version Indirect Destination RuleSets Type
Source IPSet Version
Event Destination IP Indirect Source RuleSets Type
vRealize Network Insight | vRealize Network Insight Cloud

PKS - Kubernetes Search Poster

Sample Queries Show <config Property> of kubernetes object Kubernetes Namespace


Supported properties for Configuration Queries
Common Queries Kubernetes events
Group by – Ex: kubernetes pods group by kuberentes services Annotations Key
Search Flows: flows where Kubernetes Object = Object name kubernetes events where Problem Entity = ‘<pod/namespace/ Aggregate Functions Annotations Key Value
Example: flows where Kubernetes Cluster = ‘Production’ node Name>’ max, min, sum, avg Change
View the service scale: kubernetes events where Event code = Creation Time
Ex: sum(MemoryPressure) of kubernetes node
‘ImagePullBackOff’ in last 24 hours Event
kubernetes pods group by Kubernetes Services
Kubernetes Cluster
View the node load: kubernetes events where problem entity.Kubernetes Cluster =
L2 Networks
kubernetes Pods group by Kubernetes Node ‘<cluster-a>’
Label
View the node health: View Application Configuration Properties
Label Key
MemoryPressure and PIDPressure and DiskPressure and application where virtual member = ‘service-a’ Manager
Kubernetes Service Kubernetes Node
Ready of Kubernetes Node application where virtual member = ‘service-a’ and virtual Name
View flow compliance: member.Kubernetes Namespace = ‘namespace-b’ Problem
Annotations Key Annotations Key
flows from Kubernetes Object name of the object to count of applications where Virtual Member in (kubernetes Router
Annotations Key Value Annotations Key Value
Vendor ID
Kubernetes Object name of the object services) Change Change
modelKey
Example: list (virtual member) of applications where Name = ‘app-1’ and Cluster IP Creation Time
status
flows from Kubernetes Namespace’PCI’ to Kubernetes virtual member.Kubernetes Cluster is set Cluster IPAddress DiskPressure
Cluster Netmask Event
Namespace’Non-PCI’ View Tier Information
Cluster Network Address HOST
View the Path topology: tier where virtual member = ‘service-a’ and virtual member.Kuber-
Creation Time IP Address Kubernetes Pod
Kubernetes service service name to Kubernetes service netes Namespace = ‘namespace-b’ Event IPAddress
service name Flows External IP Kube-Proxy Version Annotations
Kubernetes service service name to Kubernetes pod pod flows where firewall action = ‘DROP’ group by Kubernetes Service External IPAddresses Kubelet Version Annotations Key
name flows where firewall action = ‘DROP’ group by source Kubernetes External Netmask Kubernetes Cluster CIF
Kubernetes pod pod name to Kubernetes pod pod name Namespace External Network Address Label Change
flows where firewall action = ‘DROP’ and Flow Type = ‘Destination Kubernetes Cluster Label Key Containers
Kubernetes Namespace Logical Port Creation Time
is Internet’
Label Manager Event
Label Key MemoryPressure HOST
LoadBalancer IP Name IP Address
LoadBalancer IP Address Node Condition Status IPAddress
Kubernetes Objects Packet drops group by kubernetes pod LoadBalancer Netmask Node Condition Status Message Kubernetes Cluster
Nodes : nsx-t logical port where (ConnectedTo in (Kubernetes Pods where LoadBalancer Network Address Node Condition Status Type Kubernetes Namespace
kubernetes nodes where Ready != ‘True’ kubernetes cluster is set)) and Rx Packet Drops > 0 group by Manager OS Image Kubernetes Node
kubernetes node where Virtual Machine = ‘vm-a’ ConnectedTo order by max(Rx Packet Drops) Name OutOfDisk Kubernetes Services
Node Port PIDPressure Label
Flows: Packet drops group by kubernetes node
Port Problem Label Key
flows where kubernetes service is set nsx-t logical port where (ConnectedTo in (Kubernetes Nodes
Port Name Ready Logical Port
flows where source kubernetes node = ‘a’ where kubernetes cluster is set)) and Rx Packet Drops > 0 group Problem Roles Manager
Services: by ConnectedTo order by max(Rx Packet Drops) Protocol Vendor ID Name
kubernetes pods where kubernetes services is not set Packet drops by kubernetes namespace Selectors Virtual Machine Kubernetes Pod Name
kubernetes pods group by Kubernetes Services, Kubernetes nsx-t logical switch where Rx Packet Drops > 0 and Tag like ‘ncp/ Selectors Key modelKey
Cluster project:’ order by Rx Packet Drops Target Port
Packet drops group by kubernetes services Type
Namespace: PKS Data Source
Vendor ID
kubernetes namespace where L2 Networks = ‘a’ nsx-t logical port where (ConnectedTo in (Kubernetes Pods where Kubernetes Cluster
modelKey
list(Kubernetes Node) of Kubernetes Pod where kubernetes cluster is set)) and Rx Packet Drops > 0 group by Change
ConnectedTo.Kubernetes service order by max(Rx Packet Drops) Change Enabled
Kubernetes Namespace = ‘a’
Data Source Type Event
Kubernetes Service - Metrics Enabled NSX Manager
Pod: Event Problem
NSX-T Logical port where connectedto.modelKey in (modelKey of kubernetes nodes) order by Tx Packets desc Nodes count NI Collector URL
Pods count NSX Manager
NSX-T Logical port where connectedto.modelKey in (modelKey of kubernetes pods) and Rx Packet Drops > 0 new kubernetes pod
Name
in last 1 hour Problem
URL
vRealize Network Insight | vRealize Network Insight Cloud

NSX–T Search Poster


Sample Queries Build your own query NSX-T Service NSX-T Security Group NSX-T Firewall

Filters: Change All Direct Child Group Destination Address Group Source Security Group Port Range Display
nsx-t logical switch where Tx Packet Drops > 0
• = , !=, like, not like Event All Parents Destination IPSet Action Problem
top 10 nsx-t firewall rules order by sum(bytes) • in, not in (membership) Location Change Destination NSGroup Application Protocol
top 10 router interfaces order by Total Tx bytes Manager Child Destination NSX-T IPSet Application ID GUID Protocol Port Range
• is set, is not set (existence)
Name Direct Destination RuleSets Type Destination Negate Appliedto Rule ID
nsx-t logical port where Rx Packer drops > 0 • >, < (numeric), AND, OR
Port Direct Incoming Rules Destination Security Group Category Rule Type
(logical) Problem Direct Outgoing Rules Direct Destination Address Change Scope
nsx-t controllers where Management Connection Status != ‘Connected’
Aggregation: Protocol Direct Source RuleSets Type Direct Destination Address Group Destination Section ID
nsx-t manager where VC Managers Count > 1 SUM(), MAX(), MIN(), AVG() Source Port Event Direct Destination IPSet Destination Address Section Name
nsx-t edge cluster where Deployment Type = ‘VIRTUAL_MACHINE’ Modifiers: GROUP BY, Vendor ID Incoming Rule Count Direct Destination NSGroup Destination Any Security Group
ORDER BY Indirect Destination RuleSets Type Direct Destination NSX-T IPSet Destination IP Sequence ID
Firewall Indirect Incoming Rule Count Direct Destination Security Group Destination Vm Service
Projection: LIST(), COUNT() NSX-T Firewall
top 10 nsx-t firewall rule order by Hit Count Indirect Incoming Rules Direct Source Address Group Destination Zone Service
Indirect Outgoing Rule Count Direct Source Address Device Group Service Any
flows where firewall rule is not set Change
NSX-T Data Source Indirect Outgoing Rules Direct Source IPSet Direct NSGroup Service Profile
nsx-t firewall rule where Flow Packets = 0 in last 30 days Event Indirect Source RuleSets Type Direct Source NSGroup Direct NSX-T IPSet Shared
Exclusion Linked SG Direct Source NSX-T IPSet Direct Security Group Source
new nsx-t firewall rule in last 30 days Change Firewall Status
Enabled Manager Direct Source Security Group Direction Source Address
Flows Manager Manager Model Indirect Destination Address Event Source Any
Event Model
flow where application = app1 IPFIX Enabled Manager Version Indirect Destination Address Group HIP Profile Source IP
Name Member Indirect Destination IPSet IP Address Source IPSet
flow where application = app1 and tier = Web Latency Enabled Problem
NI Collector Member Indirect Destination NSGroup IPSet Source NSGroup
flow where bytes > 100 gb Published Version Name Indirect Destination NSX-T IPSet Manager Source NSX-T IPSet
Name Rule Count
Problem Outgoing Rule Count Indirect Destination Security Group Manager Model Source Negate
flow group by vm RuleSets Type Problem Indirect NSGroup Manager Serial Source User
URL Rules
top 5 flow order by packets Region Indirect NSX-T IPSet Manager Version Source Vm
Serial Rule Count Indirect Security Group NSGroup Source Zone
flow group by Destination Country NSX-T Logical Switch Vendor Scope Indirect Source Address NSX Manager Status
count of flow group by Destination IP Address Vendor ID Tag Indirect Source Address Group NSX Policy Firewall Rule Target
Change Version Translated VM Indirect Source IPSet NSX-T IPSet Target Negation
Internet traffic by source VM
Creator Vendor Indirect Source NSGroup Name Vendor
sum(bytes) of flows where Flow Type = ‘Internet’ group by source vm Event NSX-T Layer2 Network Vendor ID Indirect Source NSX-T IPSet Packet Type Vendor
order by sum(bytes) NSX-T Logical Ports Indirect Source Security Group Port firewall type
Problem Logging Enabled Port Range vm series
Internet traffic Change
Scope Source Address Group Port Range
Creator NSX-T IPSet
flows where Flow Type = ‘Source is Internet’ and Flow Type = Tag
Default Gateway
Traffic Type
‘Destination is VM’ order by bytes Event All Parents
Transport Zone NSX-T Policy Based VPN NSX-T Transport Node NSX-T Service Group
Host Count Change
Top VM pair by total bytes VM Count
Hosts Direct Destination RuleSets Type Change
VNI Change Change
sum(bytes) of flows group by src vm, dest vm order by sum(bytes) Manager Direct Incoming Rules Enabled
Vendor ID Control Status Manager
NSX Policy Segment Direct Outgoing Rules Event
manager Deployment Type Name
NSX-T Logical Switch Direct Parent Security Group Local Address Edge Cluster Problem
Name Direct Source RuleSets Type Local Address Event
NSX-T Logical Port NSX-T Logical Switch NSX-T Manager Network Event Local Endpoints Fabric Node
Problem IP Address Local Network Maintenance Mode NSX-T Router
Change Scope IP Range Local Network
Multicast Broadcast Rx Bytes Multicast Broadcast Rx Bytes Management Status
Event Tag Indirect Destination RuleSets Type Manager
Multicast Broadcast Rx Packets Multicast Broadcast Rx Packets Name Advertise NAT Routes
FQDN Traffic Type Indirect Incoming Rules Peer VPN Connection
Multicast Broadcast Tx Bytes Multicast Broadcast Tx Bytes Netmask Advertise NSX Connected
Host Name VLAN Indirect Outgoing Rules Peer VPN Gateway
Multicast Broadcast Tx Packets Multicast Broadcast Tx Packets Network Address Routes
IP Address VM Count Indirect Source RuleSets Type Peer VPN Session
Network Rate Rx Packet Drops Node Type Advertise Static Routes
Kernel version VNI Manager Problem
Network Rx Rate Rx Packets Pnic Status Change
Manager Vendor ID NSX Manager Remote Endpoints
Network Tx Rate Total Rx Bytes Problem Distributed Router
NSX-T IP Address Vlan ID Name Remote Network
Rx Packet Drop Ratio Total Tx Bytes Roll-up status ECMP
Rx Packet Drops Tx Packet Drops Name Netmask Remote Network Transport Zones
Network Address Edge Cluster
Rx Packets Tx Packets Problem NSX-T Logical Port Remote Private Address Tunnel Status
Problem Event
Total Rx Bytes Unicast Packets Rx VC Managers Remote Private Address Vendor ID
Scope Failover Mode
Total Tx Bytes Unicast Packets Tx Version Remote Public Address manager
Administrative Status Scope HA Mode
Tx Packet Drop Ratio Unicast Rx Bytes Remote Public Address
Attachment Type Tag Linked Routers
Tx Packet Drops Unicast Tx Bytes NSX-T Distributed Tier0 NSX-T Fabric Node
Change Translated VM Manager
Tx Packets name
Router ConnectedTo Vendor ID Name
Unicast Packets Rx Event Change OSPF
Unicast Packets Tx Manager Deployment Type OSPF Area ID
Unicast Rx Bytes NSX-T Firewall Metrics Change
NSX-T L2 Network Event OSPF Area Type
Unicast Tx Bytes Event NSX-T Transport Zone NSX-T Edge Cluster
NSX-T Logical Switch IP Addresses Problem
Flow Bytes Logical Router Name IP Source Router Interface
Flow Packets Manager Numbered Network Change Change Name Router Interface Count
NSX-T Manager Hit Count Name Interface Event Deployment Type Netmask Routing Advertisement
Session Count Operational Status Host Switch Mode Event Network Enabled
Problem
Incomplete tcp flow drop count Problem Host Switch Name Member Node Type Node Type Scope
Outbound expire flow drop count Router Interface
Scope Manager Members OS Type Service Router
Wrong collector flow drop count Router Interface Count
Tag Name Name OS Version Tag
Tier Router Type VM Problem Problem Problem Tier Router Type
VRF Vendor ID Type Vendor ID Transport Node VRF
Vendor ID Vnic Vendor ID manager Vendor ID Vendor ID
vRealize Network Insight | vRealize Network Insight Cloud

VMware NSX® Data Center for vSphere® Search Poster


Sample Queries NSX-V IPSet - Configuration Properties NSX-V Firewall - Configuration Properties

top 10 nsx-v firewall rules order by connection count All Parents Problem NSX Manager Target
sum(bytes) of flows where Flow Type = ‘Src is VM’ and Flow Type = ‘Dst is Internet’ Change Scope Name Target Negation
sum(Session Count) of flows group by firewall rule order by sum(session count) where Event Scope Packet Type Vendor
firewall ruleid = 1032 IP Address Tag Port Vendor
IP Address Manager Port Range vm series
host group by Firewall Status
IP Range NSX Manager Port Range Indirect Source IPSet
host group by Hostprep Feature Status
IP Address Range Name Port Range Display Indirect Source Security Group
host group by Hostprep Feature Version Netmask
end Problem Logging Enabled
vmware vm group by Firewall Rule IP Address Range Indirect Incoming Protocol Manager
NSX-V Controller group by Ldr Count start Rules Protocol Port Range Manager Model
NSX-V Controller group by Upgrade Available Translated VM Indirect Outgoing Rule ID Manager Serial
Security group where Indirect Incoming Rules is not set and Indirect Outgoing Rules is not Vendor ID Rules Rule Type Manager Version
set and Direct Incoming Rules is not set and Direct Outgoing Rules is not set Network Address Direct Destination RuleSets Scope Action
Type Direct Incoming Rules Section ID Application
Un-Protected Flows
Direct Outgoing Rules Section Name Application ID GUID
Flows where firewall rule is not set
Direct Parent Security Group Security Group Appliedto
List of firewall rules which are not hit by any flow in last 30 days Direct Source RuleSets Type
NSX-V Security Group - Sequence ID Category
NSX firewall rule where flows is not set in last 30 days Configuration Properties Indirect Destination RuleSets Service Change
Flows hitting specific rule id’s / firewall rules/specific security group/specific application Type Indirect Source RuleSets Service Configured Destination
Flow where rule id in (1011, 1012, 1013) All Direct Child Group Type Service Any Configured Source
Flow where firewall rule like rule1 All Parents Service Profile Destination
Flow where security group like sg1 Change Shared Destination Address
Child Source Destination Address Group
Flows hitting on an application. NSX-V Policy Based VPN -
Direct Destination RuleSets Source Negate Destination Any
Flow where application = app1 Configuration Properties
Type Source Security Group Destination IP
Flow where application = app1 and tier = TierName Direct Incoming Rules Source User Destination IPSet
Change
New Firewall rules Direct Outgoing Rules Source Vm Destination Negate
Enabled
New firewall rules in last 24 hours Direct Source RuleSets Source Zone Destination Security Group
Event
New firewall rules in last 30 days Type Event Event Destination Vm
Local Address
Excluded Flow Destination Zone
Local Address
IP Address HIP Profile Device Group
Local Endpoints
IPSet IP Address Direct Destination Address
Local Network
NSX-V Controller - Configuration Properties Incoming Rule Count Status Direct Destination Address Group
Local Network
Indirect Destination RuleSets Direct Destination IPSet
Manager
Activated Version Type Direct Destination Security Group
Peer VPN Connection
Change Indirect Incoming Rule Count Direct Security Group
Peer VPN Gateway
Enabled Indirect Incoming Rules
Peer VPN Session NSX-V Policy Firewall - Direct Source Address
Event Indirect Outgoing Rule Count Configuration Properties Direct Source Address Group
Problem
ID Indirect Outgoing Rules Direct Source IPSet
Remote Endpoints
IP Address NSX-V Manager - Configuration Indirect Source RuleSets Type
Remote Network
Change Direct Source Security Group
Join Status Properties Manager Event Direction
Remote Network
Ldr Manager Model Exclusion IPSet
Remote Private Address
Majority Status Backup Enabled Manager Serial Firewall Status Indirect Destination Address
Remote Private Address
Manager Change Manager Version Manager Indirect Destination Address Group
Remote Public Address
Master Event Member Model Indirect Destination IPSet
Remote Public Address
NSX Manager IP Address Member Name Indirect Destination Security Group
Tier0
Name Model NSX Manager Problem Indirect Security Group
name
Network Address NTP Server Configured Name Published Version Indirect Source Address
Problem Name Outgoing Rule Count Rule Count Indirect Source Address Group
Role Name Problem Problem RuleSets Type Source Address
Scope Serial Region Rules Source Address Group
Status Syslog Server Configured Rule Count NSX-V Manager - Metrics Serial Source Any
Upgrade Available Transport Zone Security Tag Spoofguard Source IP
VM VM Translated VM Incomplete tcp flow drop count Status Vendor Source IPSet
VXLAN Vendor Vendor Outbound expire flow drop count Vendor ID
Vendor ID Version Vendor ID Wrong collector flow drop count Version
vRealize Network Insight | vRealize Network Insight Cloud

SD-WAN by VeloCloud® Search Poster


TM

Sample Queries Show <Config Property> of <VeloCloud Object> – show Show <Metric> of <VeloCloud Object> – show Sys Uptime VeloCloud Link - Metrics
primary gateway of VeloCloud Edge of VeloCloud Edge
VeloCloud Link VeloCloud Edge
<VeloCloud Object> where <config property> = value Supported properties for VM metric Queries Link Uptime
VeloCloud Profile VeloCloud Cluster Supported properties for VM Configuration Queries VeloCloud Link State UP
Group by is not available for metrics
VeloCloud Segment VeloCloud Event Group by – Ex: VeloCloud Cluster group by edge Order by – Ex: <VeloCloud Object> order by cores Velocloud Bytes Received
Order by – Ex: VeloCloud Gateway order by city Aggregate Functions Velocloud Bytes Sent
VeloCloud Datasoure VeloCloud Enterprise Aggregate Functions max, min, sum, avg Velocloud Link Downstream Average Throughput
VeloCloud Layer2 Network SDWAN Application max, min, sum, avg Ex: sum(cpu usage mhz), sum(active memory) of Velocloud Link Downstream Bandwidth
VeloCloud Gateway SDWAN Edges Ex: sum(memory), sum(cpu cores) of <VeloCloud Object> <VeloCloud Object> Velocloud Link Downstream Jitter
Velocloud Link Downstream Latency
Velocloud Link Downstream Packet Loss
Total packets, Lost Packet Ratio , Retransmitted Packet Ratio of SDWAN Edge Velocloud Link Transactional Quality Score
Total packets, Lost Packet Ratio , Retransmitted Packet Ratio of SDWAN Edge Application where edge = ‘Hillsboro, CA Hub’ Velocloud Link Upstream Average Throughput
Velocloud Link Upstream Bandwidth
Sd-wan edge where segment = ‘Global’
Velocloud Link Upstream Jitter
Velocloud Link Upstream Latency
Velocloud Link Upstream Packet Loss
SD-WAN Application - VeloCloud Enterprise - VeloCloud Edge - VeloCloud Layer2 Network - VeloCloud Link - Velocloud Link Video Quality Score
Configuration Properties Configuration Properties Configuration Properties Configuration Properties Configuration Properties Velocloud Link Voice Quality Score
Velocloud Packets Received
Category Change Activation State Change Backup State Velocloud Packets Sent
Change Event Build Number Default Gateway Change Velocloud Total Bytes
Description Name Change Event Connectivity State Velocloud Total Packets
Enterprise Problem Device Family Host Count Edge
Event Profiles Edge State Interface Event
Name Segments Enterprise Name Internet Service - Provider VeloCloud Edge - Metrics
Problem Vendor ID Event Network Interface
Vendor ID Hub Network Address Name Bytes
Vendor ID Latitude End Network Side Bytes Rate
Links Network Address Network Type Destination Bytes
VeloCloud Segment -
Longitude Start Problem Edge Uptime
Configuration Properties
Model Number Problem Service State Lost Packet Ratio
VeloCloud Cluster Name SDWAN Edge Vendor ID Packets
Configuration Properties Change
Primary Gateway Segment ip address Retransmitted Packet Ratio
Description
Problem VM Count Source Bytes
Change Enterprise
Profile Vendor ID VeloCloud Edge State UP
Description Event
Router Interface Vlan ID Velocloud Link Transactional Quality Score
Edge Name
Secondary Gateway Velocloud Link Video Quality Score
Enterprise Problem SD-WAN Edge Application -
Segment Velocloud Link Voice Quality Score
Event ProfileCount Configuration Properties
Software Version
Name Type Velocloud Logical Router -
Vendor
Problem Vendor ID Configuration Properties Application
Vendor ID SD-WAN Edge Application - Metrics
Vendor ID wan Change
Change Event
Event Bytes
Name
VeloCloud Gateway - Problem Bytes Rate
Problem
VeloCloud Wan - Configuration Properties Destination Bytes
SDWAN Edge
Configuration Properties VeloCloud Profile - Lost Packet Ratio
Change Configuration Properties Packets
discovery City VeloCloud Manager - Retransmitted Packet Ratio
edge Continent Change Configuration Properties VeloCloud Data Source - Source Bytes
edgeInterface Country Description Configuration Properties
isp Event Edge Count Change
logicalId IP Address Enterprise Enterprises Change VeloCloud Site - Configuration Properties
mode Name Event Event Enabled
mtu Problem Name Name Event edges
publicIpAddress Region Problem Problem Problem name
type Vendor ID Vendor ID Vendor ID URL vendorId
vRealize Network Insight | vRealize Network Insight Cloud

Virtual Machine Search Guide


Sample VM Queries Security & Firewall Virtual Disk / VM Datastore - Show <config Property> of VM – show vxlan of vm VM where Show <Metric> of VM – show Sys Uptime of vm VM where
Config Properties <config property> = value <Metric> = value
vms group by Operating System FirewallRule Supported properties for VM Configuration Queries Supported properties for VM metric Queries
Vms group by l2 network FirewallStatus Change Group by – Ex: vms group by host Group by is not available for metrics
Vms group by VMTools Status IncomingRules Datastore Order by – Ex: vms order by cores Order by – Ex: vms order by cores
L2Network Event Aggregate Functions Aggregate Functions
Top 10 vms by snapshot count
L2NetworkCount Problem max, min, sum, avg max, min, sum, avg
Top 10 vms by CPU usage
MacAddress VM Ex: sum(memory), sum(cpu cores) of vms Ex: sum(cpu usage mhz), sum(active memory) of vms
Top 10 vms by memory usage L2 Network Backing Disk
Top 10 vms by CPU Wait Rate IP Address Capacity
Top 10 vms by Max Packet Drops IPSet Change Virtual Machine Configuration Properties Virtual Machine Metrics
vms where memory > 4096 mb IPSet Count Datastore
Vms where Max Latency > 5ms Security Group Device Name Tools Version Host Sys Uptime Rx Broadcast Packets
vms where cpu usage rate < 70% Security Group Count Disk Format VMTools Config Status Tag CPU Costop Rate Rx Broadcast Ratio
Security Tag Disk Mode VMTools Status Tag Key CPU Costop Rate vCPU Rx Packet Drop Ratio
vms where cpu usage rate <= 70%
Outgoing Port Event Vcenter ACI Application Profile CPU Costop Time Rx Packet Drops
vms where memory >= 4096 mb
Outgoing Rules File Name Vnic Address CPU Ready Rate Rx Packets
vms where name like ‘app’ Incoming Port Vnic Count Address Group CPU Ready Rate vCPU Tx Broadcast Packets
Name
vms where name not like ‘app’ Incoming Rules Name Vxlan Address Range CPU Ready Time Tx Broadcast Ratio
vms where firewall rule is set Nsx Problem Datacenter Application CPU Run Rate Tx Packet Drop Ratio
vms where firewall rule is not set NSGroup Thin Provisioned Datastore Change CPU Run Rate vCPU Tx Packet Drops
vm where name matches ‘.*’ checkpoint host VM Datastore Count Dns Server CPU Run Time Tx Packets
vm where name matches ‘a.*’ nat device Vcenter Disconnected Vnic Count Domain Name CPU Usage Mhz Total Network Traffic
Vlan Vendor Endpoint Group CPU Usage Rate Total Packet Drop Ratio
vm where Outgoing Port = 443
End Vlan Vendor ID Event CPU Wait Rate Total Packet Drops
vm by vlan where vlan = “xyz”
Version Fqdn CPU Wait Rate vCPU Total Packets
show Max Network Rate of VM Network Snapshots Config Properties Standard Switch Operating System CPU Wait Time Unicast Rx Packets
show CPU Ready Rate of VM StandardPortgroup Other Names Memory Consumed Unicast Tx Packets
show Memory Balloon of VM Default Gateway RW IOPS Virtual Disk Capacity Policy Group Memory Overhead Max Latency
show Memory Overhead of VM Default Gateway Router RW Throughput Virtual Disks Problem Memory Swapin Rate Max Network Rate
Default Gateway Router - Read IOPS Power State Region Memory Swapout Rate Max Network Rx Rate
Interface Read Latency Resource Pool Search Domain Memory Swapped Max Network Tx Rate
Network Read Throughput SDDC Type Serial Memory Usage Rate Max Packet Drop Ratio
Network Address Used Space Snapshot Count Service Nodes Memory Balloon Max Packet Drops
Network Address Count Write IOPS Snapshot Create Time Static IP Active Memory Multicast Rx Packets
Network Group Write Latency Snapshots Tier Multicast Tx Packets
NSGroupCount Write Throughput Switch Ports Role Provisioned Space Network Rate
NSXPolicyGroup Switches CPU Allocation Limit RW IOPS Network Rx Rate
NSXPolicyGroupCount Cluster CPU Cores RW Throughput Network Tx Rate
NSX-TIPSet Connected Vnics CPU Reservation Read IOPS
NSX-TIPSetCount Snapshot - Metrics Connection State Memory Read Latency
NSX-TLogicalPort Dvpg Memory Allocation Snapshot Size Uncommitted Space
NSX-TLogicalPortCount Snapshot Size Dvs Limit Committed Space Write IOPS
Folder Memory Reservation Read Throughput Write Latency
Write Throughput
vm where name matches ‘[a-z]vm-delta[0-9]’
vm where host in (host of vm where name = ‘x’)
vm where ip address in (192.168.91.11, 192.168.91.10)
series(sum(network usage)) of vms where name like ‘app’ VM Datastore Metrics Virtual Disk - Metrics
series(sum(memory usage)) of vms where name like ‘db’
Committed Space Read Throughput Change Event
series(avg(cpu usage)), series(avg(memory usage)) of vms
RW IOPS Uncommitted Space Child Snapshot Count File Name
vm where not in (vm where Power State = ‘POWEREDON’ in last 30 days)
RW Throughput Write IOPS Child Snapshots Manager
L2 Network , vlan, ip address, default gateway of vms
Read IOPS Write Latency Create Time Name
flows where VM = ‘Win2016-AD’
Read Latency Write Throughput Current Problem
flows where Flow Type = ‘Src is VM’ and Flow Type = ‘Dst is Internet’ by bytes
flows where flow type = ‘Source is VM’
sum(bytes) of flows where Flow Type = ‘Src is VM’ and Flow Type = ‘Dst is Internet’
RETURN TO FRONT

Want to do more with


VMware networking?
Try a quick introduction to vRealize
Network Insight – Lightening Lab

Save time.
Collaborate more.
Find answers faster.
VMware vRealize Network Insight Cloud

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com
Copyright © 2020 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark
of VMware, Inc. and its subsidiaries in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of
their respective companies. Item No: vmw-toolkit-vmware-vrealize-network-insight-uslet-v5 0320

You might also like