NTAInsights
Traffic Analytics insights are provided for flow data which shows anomalies in data pattern.
Table attributes
| Attribute | Value |
|---|---|
| Resource types | - |
| Categories | Network |
| Solutions | LogManagement |
| Basic log | No |
| Ingestion-time transformation | No |
| Sample Queries | - |
Columns
| Column | Type | Description |
|---|---|---|
| AdFlag | real | A ternary series containing (+1, -1, 0) marking up/down/no anomaly respectively. |
| AdScore | real | Anomaly score. |
| AggregationType | string | Type of data aggregation - 1 for short aggregation and 2 for long aggregation. |
| _BilledSize | real | The record size in bytes |
| DataPoints | string | Data points for aggregated data. |
| FlowStatus | string | The considered traffic is Allowed/Denied/All. |
| InsightsResourceId | string | Resource ID for the resource for which data is aggregated |
| IntervalEnd | datetime | End time of the data insights processing interval. |
| IntervalStart | datetime | Start time of the data insights processing interval. |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| Periodicity | real | The number of hours after whichthe data repeats itself. |
| PivotType | string | Pivot type for insights aggregation. |
| ProcessingTime | datetime | The time when periodicty is calculated. |
| Region | string | Region of Vnet flow logs. |
| SchemaVersion | string | Schema version. |
| SeriesNumber | real | An incremental value to represent the last aggregated series. |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| SubType | string | Subtype for the insights logs. |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The time when the data gets ingested into the Log Analytics Workspace. |
| TrafficTime | datetime | Time when the anomaly has occured in data pattern. |
| TrafficVolumeActual | real | The actual traffic volume in the time period. |
| TrafficVolumeBaseline | real | The predicted value of the series, according to the decomposition per the anomaly calculation algorithm. |
| TrafficVolumeUnit | string | The aggregated values represent Flows/Bytes/Packets. |
| Type | string | The name of the table |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for