Device Detail
The Device Detail view is the drill-down page for an individual device, accessible by clicking on any device from the Site Cards view. It provides real-time and historical metrics, interface status with traffic trends, device configuration, and flow-level traffic analysis.
Device Header
The header bar displays key identification details for the selected device:
- ← Back — Returns to the previous site-level view.
- Device name — The hostname or device name (e.g.,
probe-192-168-100-142). - Model — The device model or vendor detected from sysDescr, shown as a badge (e.g.,
Net-SNMP). Color-coded by vendor — Cisco devices show a different badge color than Arista, Juniper, etc. - OS Version — The detected OS version, shown as a badge. Displays
Unknownif the version could not be parsed from sysDescr. - Last Updated — Timestamp of the most recent SNMP poll for this device.
Tabs
The Device Detail view has three tabs:
Statistics
The default tab showing real-time metrics, historical charts, and interface status.
Configuration
Displays the device configuration retrieved via SSH or SNMP. This tab shows the running configuration text for supported device types.
Flow Analysis
Provides flow-level traffic analysis for this device with interactive filtering, time-series charts, GeoIP/ASN breakdowns, and a detailed top talkers table. Flow data is sourced from ClickHouse's flows_all table, filtered to flows where the device's sampler address matches.
Time Range and Auto-Refresh
The top bar contains time range buttons (15m, 1h, 6h, 24h, 7d, 30d) and an auto-refresh dropdown. Auto-refresh options include Off, 30s, 1m, and 5m. When auto-refresh is active, the refresh icon turns green and all charts and tables reload on the configured interval.
Filter Builder
The filter bar lets you build multi-condition queries to narrow down flow data. Each condition consists of:
- Logic operator —
ANDorOR(selectable dropdown, blue badge). The first condition has no logic operator. - Field — The flow field to filter on: Source IP, Destination IP, Application, Protocol, Source Port, Destination Port, Incoming Interface, or Outgoing Interface.
- Operator — Comparison type:
=,!=,contains, orstarts with. - Value — The value to match against. Type a value and press Enter to apply immediately, or click the green Apply button.
- ✕ — Remove this condition.
Click + Add condition to add another filter row. Click Clear (red) to remove all conditions and reset the view. Multiple conditions are combined — AND requires all conditions to match, OR requires any to match.
Filters are applied server-side as ClickHouse WHERE clauses, so even complex multi-condition filters execute quickly against large datasets.
Zoom to Time
All time-series charts on the Flow Analysis tab support drag-to-zoom. Click and drag horizontally across any chart to select a time window. A purple overlay shows the selection area as you drag. On release:
- The selected start and end timestamps are extracted from the chart.
- A new API call is made with the custom time range, and ClickHouse returns data bucketed at the appropriate granularity for the zoomed window (e.g., 10-second buckets for a 5-minute zoom vs. 1-minute buckets for a 1-hour view).
- All charts and the top talkers table update to reflect the zoomed time range.
- A custom time range indicator appears showing the selected window. Click Reset to return to the preset time range.
This works like Kibana-style chart zoom — the data is re-queried from the backend at the correct resolution, not just filtered client-side, so you always get accurate visualizations even at narrow time windows.
Point-and-Click Filtering
Any clickable value in the Flow Analysis view can be used to instantly add a filter condition. Clickable elements are styled in blue with an underline on hover:
- Top Talkers table — Click any cell (Source IP, Source Port, Dest IP, Dest Port, Protocol, App, Source Interface, Dest Interface) to add it as an
= valuefilter condition. - Chart legends — Click an IP address in the Top Source IPs or Top Destination IPs chart legend to filter to that IP.
- Pie chart slices — Click a slice in the Top Source ASNs or Top Source Countries donut charts to filter by that ASN or country.
When you click a value, it is added as a new AND condition in the filter bar, and the view refreshes automatically. This lets you progressively drill down — for example, click a source IP in the top talkers table, then click a destination port to see only that IP's traffic to a specific service.
Summary Statistics
Six summary cards display aggregate metrics for the current time range and filters:
| Metric | Description |
|---|---|
| PPS | Packets per second. |
| BPS | Bits per second (displayed as Kbps, Mbps, or Gbps). |
| FPS | Flows per second. |
| Source IPs | Count of unique source IP addresses. |
| Src Ports | Count of unique source ports. |
| Dst IPs | Count of unique destination IP addresses. |
| Dst Ports | Count of unique destination ports. |
Top Source IPs / Top Destination IPs
Two side-by-side time-series line charts showing traffic volume (Y-axis in bps) over time for the top IP addresses. Each IP gets a distinct color in the legend. Both charts support drag-to-zoom and legend click-to-filter.
Top Source ASNs / Top Source Countries
Two donut charts showing traffic distribution by Autonomous System Number and country, enriched via GeoIP (MaxMind). Click any slice to add it as a filter. Hover to see the exact byte count and percentage.
Top Talkers Table
A detailed table of individual flow records sorted by bytes (descending):
| Column | Description | Clickable |
|---|---|---|
| Source IP | Flow source address | ✓ filters to src_addr |
| Source Port | Source port number | ✓ filters to src_port |
| Dest IP | Flow destination address | ✓ filters to dst_addr |
| Dest Port | Destination port number | ✓ filters to dst_port |
| Protocol | Transport protocol (TCP, UDP, ICMP) | ✓ filters to proto |
| App | Application name from port mapping dictionary | ✓ filters to appid |
| Source Int | Ingress interface name | ✓ filters to in_interface |
| Dest Int | Egress interface name | ✓ filters to out_interface |
| Bytes | Total bytes for this flow (auto-formatted KB, MB, GB) | — |
Device Metrics
The Device Metrics card on the Statistics tab shows current utilization gauges:
| Metric | Description |
|---|---|
| CPU Usage | Current CPU utilization percentage with a progress bar. The peak value observed within the selected time range is shown in parentheses (e.g., "2.7% (peak: 5.0%)"). The bar color shifts from green to yellow above 70% and red above 90%. |
| Memory Usage | Current memory utilization percentage with a progress bar and peak value. Same color thresholds as CPU. |
| Avg Bandwidth | Average bandwidth utilization across all interfaces in Mbps, with the peak value shown. |
These values are computed from the most recent SNMP poll stored in ClickHouse's snmp_metrics table.
Metrics History
The Metrics History chart displays CPU and memory utilization over time as a line chart with two series:
- CPU % (blue line) — CPU utilization over time.
- Memory % (green/teal line) — Memory utilization over time.
Time Range Selector
Buttons above the chart control the time window:
| Button | Time Range | Typical Granularity |
|---|---|---|
| 15m | Last 15 minutes | Raw poll interval |
| 1h | Last 1 hour | Raw poll interval |
| 6h | Last 6 hours | 1-minute aggregation |
| 24h | Last 24 hours | 5-minute aggregation |
| 7d | Last 7 days | 15-minute aggregation |
The selected time range also controls the time window for peak values in the Device Metrics card and for interface traffic trend charts.
Interface Status
The Interface Status section lists all interfaces discovered on the device via SNMP. Each interface is displayed as an expandable row showing:
| Field | Description |
|---|---|
| Interface name | The interface name and description (e.g., ens18, docker0, br-77ae54a6db12). The name is shown in bold with the description below. |
| Speed badge | Interface speed displayed as a color-coded badge — 1G (green), 10G (blue), 100M (yellow), etc. |
| Utilization % | Current bandwidth utilization as a percentage of interface speed (e.g., 0.01%). |
| Admin status | Administrative state: Up (green) or Down (gray). Indicates whether the interface is intentionally enabled or disabled. |
| Oper status | Operational state: Up (green dot) or Down (red dot). Indicates whether the interface is actually passing traffic. |
Interface Health Logic
Interface health is determined by the combination of admin and operational status:
| Admin Status | Oper Status | Meaning | Indicator |
|---|---|---|---|
| Up | Up | Normal operation | Green dot |
| Up | Down | Problem — interface is enabled but not operational | Red dot |
| Down | Down | Intentionally disabled | Gray (not flagged) |
| Down | Up | Unusual but not critical | Yellow |
An interface that is admin up but operationally down (Up/Down) is flagged as a problem. This status propagates upward — if any interface on a device is in this state, the device shows as critical, and the parent site inherits that critical status.
Expanded Interface Detail
Click the chevron (▸) on any interface row to expand it and reveal:
- Traffic Trend chart — A time-series area chart showing inbound (blue, "In") and outbound (green, "Out") traffic over the selected time range. The Y-axis shows bytes (B, KB, MB, GB auto-scaled) and the X-axis shows timestamps matching the metrics time range selector.
- Traffic counters — Summary statistics below the chart:
| Counter | Description |
|---|---|
| In Octets | Total bytes received on this interface within the time range. |
| Out Octets | Total bytes transmitted on this interface within the time range. |
| In Packets | Total packets received. |
| Out Packets | Total packets transmitted. |
| In Errors | Number of inbound errors (CRC, framing, etc.). |
| Out Errors | Number of outbound errors. |
| In Discards | Number of inbound packets discarded (queue drops). |
| Out Discards | Number of outbound packets discarded. |
Data Sources
The Device Detail view pulls data from multiple sources:
| Data | Source | Table/Endpoint |
|---|---|---|
| CPU, memory, interface metrics | ClickHouse | snmp_metrics |
| Interface traffic timeseries | ClickHouse | snmp_metrics (per-interface) |
| Device metadata (name, type, role) | PostgreSQL | devices |
| Device configuration | SSH via backend | /api/devices/:id/config |
| Flow analysis | ClickHouse | flows_all |
| LLDP neighbors | ClickHouse | lldp_neighbors |
Navigation Context
The Device Detail view maintains navigation context, allowing you to return to the site view via the Back button. The drill-down path is:
Network State → Site Cards → [select site] → Site Detail → [select device] → Device Detail
The time range selection in the Device Detail view is independent from other pages — changing it here does not affect dashboard or flow analysis time ranges elsewhere.