Search

Page tree

Contents

Infoblox provides reports that are named by core network service functions, such as DNS query and system utilization. Reports contain predefined search criteria that retrieve specific data from the reporting database. Each report is associated with a search. It is not recommended to modify predefined reports. However, when you run a search, you can save it as reports and share it with other users. You can also create a new report by cloning an existing report, and then modify the search criteria.
You can also create a personal report in two different ways:


Note: IDNs are not supported on the reporting server. The reporting server manages IDNs in punycode. The reports generated by collecting reporting data from the DNS server displays all the data in punycode only.


When you upgrade to 7.3.x, all NIOS Global reports are migrated to the Dashboards panel without filters. However, the filter conditions configured in NIOS are reflected in the Dashboards panel. All NIOS System and Global searches are migrated to the Reports panel.
You can do the following in the Reports tab:

  1. From the Reporting tab, select the Reports tab -> select a report.
  2. In the Reports panel, you can do the following:

Reporting Indexes and Update Time Intervals

Table 40.8 lists the search indexes that the reporting server uses to generate reports. It contains information about the frequency of the summary report updates for each report and the percentage of the total index space allocated for each report category. Use this information to plan your reporting strategy for the Grid so you can optimize the performance of the reporting server.
Each summary report or search has its own update frequency. For example, the DNS Top Requested Domain report updates its data every 30 minutes, starting at the 4th minute of each half hour. It collects report data during the first 30 minutes of the previous 60 minutes. For example, if the report starts an update at 6:04 a.m., the data it collects is from 5:04 a.m. to 5:34 a.m.
The reporting server also uses this information to generate alerts. For example, once configured, Top Devices Identified alerts are executed at the 17th and 47th minutes of each hour (one minute after each update), regardless of whether DHCP fingerprint detection is enabled or disabled. For information about alerts, see About Alerts.


Note: The maximum retention period for the reporting data is 136 years. However, the data is removed from the database if the data exceeds the maximum limit for a reporting index and when the data crosses the retention period (after 136 years).



Table 40.8 Reporting Indexes

Indexes

Reports/Searches

Summary Report Data Updates

Default Maximum Index Size (% of Total Index Storage)

Device (Discovery)








0%

Inactive IP Addresses

N/A


Port Capacity Utilization by Device

N/A


Port Capacity Trend

N/A


Port Capacity Delta by Device

N/A


End Host History

N/A

0%

IPAMv4







5%

IPAMv4 Network Usage Statistics (Detailed)

N/A


DNS Statistics per DNS View (Detailed)

N/A


DNS Statistics per Zone (Detailed)

N/A


IPAMv4 Top Utilized Networks (Detailed)

N/A


DNS Object Count Trend for Flex Grid License

Data is generated once every
24 hours


DNS











10%

DDNS Update Rate Trend

N/A


DNS Response Latency Trend (Summary)

N/A


DNS Cache Hit Rate Trend

N/A


DNS Query Rate by Query Type

N/A


DNS Query Rate by Server (Detailed)

N/A


DNS Replies Trend

N/A


DNS Query Trend Per IP Block Group

N/A


FireEye Alerts

N/A


DNS Summary













10%

DDNS Update Rate Trend (Summary)

Every 30 minutes, starting at the 6th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.


DNS Response Latency Trend (Summary)

Every 30 minutes, starting at the 20th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.


DNS Top Requested Domain Names (Summary)Every 30 minutes, starting at the 4th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.
DNS Cache Hit Rate Trend (Summary)Every 30 minutes, starting at the 8th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.
DNS Effective Peak Usage Trend for Flex Grid LicenseNA
DNS Top Clients (Summary)Threat Protection Event Count By Member Trend (Summary)Every 30 minutes, starting at the 2nd minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.
DNS Query Rate by Query Type (Summary)Every 30 minutes, starting at the 10th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.
DNS Query Rate by Member (Summary)Every 30 minutes, starting at the 12th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.
DNS Daily Query Rate by Member (Summary)Every day, starting at 00:32 each day. Data covers from 00:00 of yesterday to 00:00 of today.
DNS Daily Peak Hour Query Rate by Member (Summary)Every 60 minutes, starting at the 34th minute of each hour. Data covers from the top of last hour to the top of current hour.
DNS Replies Trend (Summary)Every 30 minutes, starting at the 18th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.
DNS Top Clients Per Domain (Summary)Every 30 minutes, starting at the 3rd minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.
DNS Top NXDOMAIN / NOERROR
(no data) (Summary)
Every 30 minutes, starting at the 5th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.
DNS Top SERVFAIL Errors Sent (Summary)Every 30 minutes, starting at the 6th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.
DNS Top SERVFAIL Errors Received (Summary)Every 30 minutes, starting at the 7th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.
DNS Top Timed-Out Recursive Queries (Summary)Every 30 minutes, starting at the 8th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.
DNS Top RPZ Hits (Summary)Every 10 minutes, starting at the 2nd minute of each 10 minute. Data covers from 20 minute ago to 10 minute ago.
DNS Top RPZ Hits by Clients (Summary)Every 10 minutes, starting at the 2nd minute of each 10 minute. Data covers from 20 minute ago to 10 minute ago.
DNS Scavenged Object Count TrendEvery 30 minutes, starting at every 21st and 51st minute of each hour.

DHCP









2 Months

DHCPv4 Usage Statistics (Detailed)

N/A


DHCPv4 Range Utilization Trend (Summary)

N/A


DHCP Message Rate Trend (Detailed)

N/A


DHCP Summary
























24 Months

Device Trend (Summary)Every 30 minutes, starting at every 16th and 46th minutes of each hour. Data covers the first 30 minutes of the previous 60 minutes.
Device Class Trend (Summary)Every 30 minutes, starting at every 16th and 46th minutes of each hour. Data covers the first 30 minutes of the previous 60 minutes.
Top Devices Identified (Summary)Every 30 minutes, starting at every 16th and 46th minutes of each hour. Data covers the first 30 minutes of the previous 60 minutes.

Top Devices Denied an IP Address (Summary)

Every 30 minutes, starting at every 19th and 49th minutes of each hour. Data covers the first 30 minutes of the previous 60 minutes.


Top Device Classes (Summary)

Every 30 minutes, starting at every 16th and 46th minutes of each hour. Data covers the first 30 minutes of the previous 60 minutes.


DHCP Top Lease Clients (Summary)

Every 30 minutes, starting at the 16th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.


DHCPv4 Range Utilization Trend (Summary)

Every 8 hours, starting at the 24th minute of each half hour. Data covers the first 8 hours of the previous 8.25 hours.


DHCPv4 Usage Trend (Summary)

Every 8 hours, starting at the 22nd minute of each half hour. Data covers the first 8 hours of the previous 8.25 hours.


DHCP Message Rate Trend (Summary)

Every 30 minutes, starting at the 14th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.


DHCP Lease History






39%

DHCP Lease History (Detailed)

N/A


Device Fingerprint Change

N/A


Detected (Detailed)



Security



1%

Threat Protection Event Count By Severity Trend (Summary)

N/A


Threat Protection Event Count By Member Trend (Summary)

N/A


Threat Protection Event Count By Rule (Summary)

N/A


Threat Protection Event Count By Category (Summary)

N/A





Threat Protection Event Count By Time (Summary)

N/A


Threat Protection Event Count By Member (Summary)

N/A


Threat Protection Top Rules Logged (Summary)

N/A


Threat Protection Top Rules Logged by IP (Summary)

N/A


DNS Top Tunneling Activity (Summary)

Every 30 minutes, starting at every 11th and 41st minute of each hour.


DNS Tunneling Traffic by Category (Summary)

Every 30 minutes, starting at every 11th and 41st minute of each hour.


Top Malware and DNS Tunneling Events by Client (Summary)

Every 30 minutes, starting at every 11th and 41st minute of each hour.


Cloud

VM Address History (Detailed)

N/A

0%

Audit Log

Audit Log Events (Detailed)

N/A

0%

Ecosystem

Ecosystem Subscription Ecosystem Publication

N/A


License

License Pool Utilization

N/A

1%

System Utilization








15%

Memory Utilization Trend (Summary)

Every 30 minutes, starting at the 26th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes


Memory Utilization Trend (Detailed)

N/A


Traffic Rate (Detailed)

N/A


Traffic Rate by Member (Summary)

Every 30 minutes, starting at the 28th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes.


CPU Utilization Trend (Summary)

Every 30 minutes, starting at the top of each half hour. Data covers the first 30 minutes of the previous 60 minutes.


Flex Grid Licensing Features Enabled

Every 24 hours for all IB-FLEX members in the Grid.




Note: When you filter a dashboard by a time frame that is larger than the maximum retention period, the reporting server returns data within the maximum retention period. For example, when you try to view data of the CPU Utilization Trend report for the past six months, the server only returns data up to the last two months.


Cloning Reports

  1. From the Reporting tab, select the Reports tab.
  2. Select the report you want to modify, click Edit -> Clone.
  3. Enter a new title and description.
  4. Set its permissions. Select Private if you do not want to share the cloned report with other users. Select Clone if you want the cloned report to have the same permissions as the original report.
  5. Click Clone Report.
  6. Optionally, you can do the following:
    • Edit the permissions as described in Editing Permissions.
    • Click View to view the cloned report.
    • Click Add to Dashboard to add the cloned report to the dashboard.

Click Open in Search to open the cloned report in the Search page.

Deleting Reporting Data

To selectively delete reporting data from NIOS, you must first enable the delete permission for the local admin with superuser permission by using the set reporting_user_capabilities command in the NIOS CLI. Then complete the following:

  1. From the Reporting tab, select the Search tab.
  2. Enter the search criteria in the search bar that returns the events you want to delete and click the Search icon.

  3. After you confirm that the search results contain only those events that you want to delete, pipe the search to the delete command.

    Example: 
    <Splunk_Query> | delete

    For more information, see the Splunk documentation.



Notes: 

  • You cannot retrieve the data once it is deleted.
  • You cannot visualize the deleted data. 
  • The deleted data does not reduce any disk space.
  • Frequent deletion of data may affect the search performance.
  • You must not delete any of the ib_threatdb* index files as it results in loss of threat events data.

Scheduling Reports

You can schedule a report to run on a scheduled interval and trigger an action each time it runs. When scheduling a report, you can set up an action to send an email to receive report results. In addition, you can export results in CSV (comma separated value) or XML format.
To schedule a report:

  1. From the Reporting tab, select the Reports tab.
  2. Select the report you want to schedule, click Edit -> Edit Schedule.

Note: You can schedule a report when you save search results as reports. When you set the paper size to A5, the logo image and report name may overlap in the footer of the downloaded reports or reports sent through email.


3. In the Edit Schedule dialog box, select the Schedule Report check box.

4. Enter the Schedule and Timerange. For more information about how to use the Schedule and Timerange options, refer to the Splunk documentation.

5. Click Next and do the following to set an action for the scheduled reports:

    • Send Email: Select this to send an email to a set of recipients to receive report results in text format, or as CSV or PDF attachments.
      • Enter the email address in the To text box. To send the email message to multiple recipients, type a comma between email addresses.

Figure 40.12 Edit Schedule

      • In the Include section, select one of the following: Inline Table, Attach CSV, Attach PDF. Selecting Attach PDF or Attach CSV attaches the results of the report in the form of a CSV file or a PDF. Make sure that you specify this information.

Note: Infoblox recommends not to select Link to Report, Link to Results, Search String in the Include section. These links might not work in our environment. Do not select the Run a Script option because there is no script to run.


6. Click Save.

Configuring Logo Image in PDF Reports

All reports display the Infoblox logo by default. You can customize reports by removing the Infoblox logo, or by replacing it with your own company logo. The reporting server uses the latest image file that you have uploaded. Make sure that you upload a logo file that is in PNG format and has a file size that is smaller than 500 KB. Note that the image file name must be pdf_logo_image.png. Do not change the logo image file name. You can configure your PDF reports and schedule to send them through emails. For information about scheduling the delivery of reports, see Scheduling Reports.


Note: In the footer of the report, you can view the logo image (if uploaded), panel name, and the timestamp when the report was downloaded. When there is no data in a single panel report, the downloaded PDF displays "No Results Found" along with "Last Updated" information. However, a report with multiple panels displays only the panel name for the panel that does not have any data.


To upload logo image:

  1. From the Administration tab, select the Reporting tab -> expand the Toolbar and click Grid Reporting Properties.
    or
    From the Grid tab, select the Grid Manager tab and click the Services tab. In the Services tab, select the Reporting tab and click Edit -> Grid Reporting Properties from the Toolbar.
  2.  In the Grid Reporting Properties editor, select the PDF tab and complete the following:
    • Logo Image: Click Upload to open the Upload dialog box. Click Select to navigate to where the image file is located and click Open. Click Upload to upload the file. The appliance displays a preview of how it will appear on reports after you successfully upload the logo file. You can click Clear to remove the logo and upload a new one. Make sure that the file format and size meet the requirements; otherwise, the appliance displays an error message. You can click Clear to remove the uploaded image file.

3. Click Save & Close.

This page has no comments.