List of collected metrics

DNS Insights collects a variety of DNS and network related metrics for DNS traffic monitoring and analysis.

DNS Insights collects and aggregates DNS traffic data from your Managed DNS and Dedicated DNS networks. The collected data is processed into metrics that can be visualized in the NS1 Connect dashboard based on your configured DNS Insights data sets. As a result, not all collected metrics might be represented in dashboard visualizations.You can configure custom data sets to collect and visualize additional metrics based on your observability requirements.

Refer to the following list for all metrics collected by DNS Insights agents.

Note: DNS Insights collects more than 170 DNS and network related metrics. The following tables list only the metrics collected and visualized through the default DNS Insights data sets. You can configure custom data sets to collect and visualize additional metrics based on your monitoring and analysis requirements. To configure custom data sets, contact IBM support.

Application layer metrics (DNS)

DNS protocol metrics collected at the application layer (OSI Layer 7).


Metric	Description
`dns_wire_packets_queries`	# DNS queries Total number of DNS packets identified as queries.
`dns_wire_packets_replies`	# DNS replies Total number of DNS packets identified as DNS replies (responses).
`dns_wire_packets_udp`	# DNS wire packets over UDP Total number of DNS packets received using UDP transport.
`dns_wire_packets_tcp`	# DNS wire packets over TCP Total number of DNS packets received using TCP transport.
`dns_wire_packets_ipv4`	# DNS wire packets over IPv4 Total number of DNS packets received using IPv4 addresses.
`dns_wire_packets_ipv6`	# DNS wire packets over IPv6 Total number of DNS packets received using IPv6 addresses.
`dns_wire_packets_nxdomain`	# DNS wire packets flagged as NXDOMAIN Total number of DNS response packets flagged as `reply with response code NXDOMAIN`.
`dns_wire_packets_refused`	# DNS wire packets flagged as REFUSED Total number of DNS response packets flagged as `reply with response code REFUSED`.
`dns_wire_packets_srvfail`	# DNS wire packets flagged as SRVFAIL Total number of DNS response packets flagged as `reply with response code SRVFAIL`.
`dns_wire_packets_noerror`	# DNS wire packets flagged as NOERROR Total number of DNS response packets flagged as `reply with response code NOERROR`.
`dns_wire_packets_nodata`	# DNS wire packets flagged as NOERROR (and not data in the response) Total number of DNS response packets flagged as `reply with response code NOERROR` and no data in the response (NODATA).
`dns_cardinality_qname`	# Unique QNames (ingress and egress) Total number of unique QNames in queries and responses.
`dns_top_qname2`	Top QNames (depth of 2 labels) Ordered list of top 10 QNames (summarized based on domain, and TLD; for example, `example.com`) arranged from highest to lowest packet count.
`dns_top_qname3`	Top QNames (depth of 3 labels) Ordered list of top 10 QNames (including subdomains; for example, `sub.example.com`) arranged from highest to lowest packet count.
`dns_top_geo_loc_ecs`	Top ECS GeoIP locations Ordered list of the top 10 ECS-based geographic location codes arranged from highest to lowest packet count.
`dns_top_asn_ecs`	Top ECS ASNs Ordered list of the top 10 ECS-based Autonomous System Numbers (ASNs) arranged from highest to lowest packet count.
`dns_top_qtype`	Top QTypes Ordered list of the top 10 query types (QTypes) — that is, the top 10 record types queried.
`dns_top_query_ecs`	Top EDNS client subnets Ordered list of the top 10 IPv4 subnets in `/24` notation (for example, `192.168.2.0`) based on the total number of packets observed.
`dns_top_rcode`	Top RCODEs Ordered list of the top 10 response codes observed.
`dns_rates_total`	Rate of all DNS packets (packets per second) Rate of DNS packets in packets per second (pps) for the 0.5, 0.9, 0.95, and 0.99 quantiles.
`dns_rates_events`	Rate of DNS events (events per second) Rate of DNS events in events per second for the 0.5, 0.9, 0.95, and 0.99 quantiles.
`dns_top_nodata`	Top QNames with response code NOERROR and no data (NODATA) Ordered list of QNames by the number of DNS packets observed with response code `NOERROR` and no data in the reply (NODATA).
`dns_top_nxdomain`	Top QNames with response code NXDOMAIN Ordered list of QNames by the number of DNS packets observed with response code `NXDOMAIN`.
`dns_top_refused`	# DNS wire packets flagged as REFUSED Number of DNS response packets for the specified QName with the response code `REFUSED`.
`dns_top_srvfail`	Top QNames with response code SRVFAIL Ordered list of QNames by the number of DNS packets observed with response code `SRVFAIL`.
`dns_wire_packets_events`	# DNS packets Total number of DNS packets sent to the DNS handler before filtering.
`dns_wire_packets_deep_samples`	# DNS packets sampled for deep inspection Total number of DNS packets analyzed for deep inspection.
`dns_wire_packets_filtered`	# DNS packets filtered Total number of DNS packets filtered out based on policy rules.
`dns_wire_packets_queries`	# DNS packets flagged as a query Total number of DNS packets identified as DNS queries.
`dns_wire_packets_query_ecs`	# DNS packets with ECS option enabled Number of DNS packets observed with the EDNS client subnet (ECS) option enabled.
`dns_wire_packets_total`	# Total DNS packets Total number of DNS packets observed on the wire.

Transport layer metrics

Transport protocol metrics collected at the transport layer (OSI Layer 4), including TCP and UDP statistics.


Metric	Description
`packets_udp`	# UDP packets Number of UDP network packets observed within 60 seconds.
`packets_tcp`	# TCP packets Number of TCP network packets observed within 60 seconds.
`packets_protocol_tcp_syn`	# TCP SYN packets Number of TCP packets with the SYN flag set, indicating connection initiation attempts.
`packets_other_l4`	# Other layer 4 packets Number of network packets using layer 4 protocols other than TCP or UDP.

Network layer metrics

Network-level metrics collected at the network layer (OSI Layer 3), including IP addressing, routing, and packet flow statistics.


Metric	Description
`packets_cardinality_src_ips_in`	# Unique source IPs Number of unique source IP addresses (for both IPv4 and IPv6).
`packets_cardinality_dst_ips_out`	# Unique destination IPs Number of unique destination IP addresses (for both IPv4 and IPv6).
`packets_events`	# Packets sent Number of packets received and evaluated by the selected policy, including packets that are filtered based on policy rules.
`packets_filtered`	# Packets filtered Number of packets filtered out based on policy rules.
`packets_top_geoLoc`	Top GeoIP locations Ordered list of the top geographic location codes of the source and destination IP addresses in the observed DNS packets, arranged from highest to lowest network packet count.
`packets_top_ASN`	Top ASNs Ordered list of the top Autonomous System Numbers (ASNs) of the source and destination IP addresses in the observed DNS packets, arranged from highest to lowest network packet count.
`packets_top_ipv4`	Top IPv4 addresses Ordered list of the top 10 IPv4 addresses observed, arranged from highest to lowest network packet count.
`packets_top_ipv6`	Top IPv6 addresses Ordered list of the top 10 IPv6 addresses observed arranged from highest to lowest network packet count.
`packets_ipv4`	# IPv4 packets Number of IPv4 network packets observed within 60 seconds.
`packets_ipv6`	# IPv6 packets Number of IPv6 network packets observed within 60 seconds.
`packets_in`	# Ingress packets Number of ingress (inbound) network packets ( IPv4 and IPv6) observed within 60 seconds.
`packets_out`	# Egress packets Number of egress (outbound) network packets (IPv4 and IPv6) observed within 60 seconds.
`packets_deep_samples`	# Packets sampled for deep inspection Total number of network packets (IPv4 and IPv6) analyzed for deep inspection. Under high traffic volume, the NS1 Connect agents will sample packets for deep inspection to avoid running behind. As it does, this metric will begin to drop to a value lower than the packets_total above.
`packets_payload_size`	Packet payload size distribution Distribution of packet payload sizes for the 0.5, 0.9, 0.95, and 0.99 quantiles.
`packets_rates_pps_events`	Rate of packet events (packets per second) Rate of packet events in packets per second (pps) for the 0.5, 0.9, 0.95, and 0.99 quantiles.
`packets_rates_pps_in`	Rate of ingress packets (packets per second) Rate of ingress network packets in packets per second (pps) for the 0.5, 0.9, 0.95, and 0.99 quantiles.
`packets_rates_pps_out`	Rate of egress packets (packets per second) Rate of egress network packets in packets per second (pps) for the 0.5, 0.9, 0.95, and 0.99 quantiles.
`packets_rates_pps_total`	Rate of all packets (packets per second) Rate of all network packets, in packets per second, for the 0.5, 0.9, 0.95, and 0.99 quantiles.
`packets_total`	# Total packets Total number of network packets observed.
`packets_unknown_dir`	# Packets with unknown direction Number of packets where the direction (ingress or egress) could not be determined.
`payload_rates_bytes_in`	Rate of ingress payload (bytes per second) Rate of ingress network payload in bytes per second for the 0.5, 0.9, 0.95, and 0.99 quantiles.
`payload_rates_bytes_out`	Rate of egress payload (bytes per second) Rate of egress network payload in bytes per second for the 0.5, 0.9, 0.95, and 0.99 quantiles.
`payload_rates_bytes_total`	Rate of total payload (bytes per second) Rate of total network payload in bytes per second for the 0.5, 0.9, 0.95, and 0.99 quantiles.