no-1.5 integration with main

no-1.5 integration with main

OSDOCS-7593: Netobserv RTT

OSDOCS-8465: Updates to Network Traffic Overview

OSDOCS-8253: Improved LokiStack integration

OSDOCS-8253: API version updates

Dashboard enhancements for lokiless use

OCPBUGS-22397: clarify netobserv network policy

OSDOCS-9419: Adding zones to Overview

Re-adding removed RTT overview info

OSDOCS-8701: Update resource considerations table

Network Observability API documentation updates

Update to JSON flows format

Network Observability 1.5 release notes

no-1.5 integration with main

Author: skrthomas

_topic_maps/_topic_map.yml

@@ -2857,6 +2857,8 @@ Topics:
   File: network-observability-network-policy
 - Name: Observing the network traffic
   File: observing-network-traffic
+- Name: Using metrics with dashboards and alerts
+  File: metrics-alerts-dashboards
 - Name: Monitoring the Network Observability Operator
   File: network-observability-operator-monitoring
 - Name: API reference

modules/network-observability-RTT-overview.adoc

@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// network_observability/observing-network-traffic.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="network-observability-RTT-overview_{context}"]
+= Round-Trip Time
+You can use TCP handshake Round-Trip Time (RTT) to analyze network flows. You can use RTT captured from the `fentry/tcp_rcv_established` eBPF hookpoint to read SRTT from the TCP socket to help with the following:
+
+
+* Network Monitoring: Gain insights into TCP handshakes, helping
+  network administrators identify unusual patterns, potential bottlenecks, or
+  performance issues.
+* Troubleshooting: Debug TCP-related issues by tracking latency and identifying
+  misconfigurations.
+
+By default, when RTT is enabled, you can see the following TCP handshake RTT metrics represented in the *Overview*:
+
+* Top X 90th percentile TCP handshake Round Trip Time with overall
+* Top X average TCP handshake Round Trip Time with overall
+* Bottom X minimum TCP handshake Round Trip Time with overall
+
+Other RTT panels can be added in *Manage panels*:
+
+* Top X maximum TCP handshake Round Trip Time with overall
+* Top X 99th percentile TCP handshake Round Trip Time with overall
+
+See the _Additional Resources_ in this section for more information about enabling and working with this view.

modules/network-observability-RTT.adoc

@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+//
+// * network_observability/observing-network-traffic.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-RTT_{context}"]
+= Working with RTT tracing
+You can track RTT by editing the `FlowCollector` to the specifications in the following YAML example.
+
+.Procedure
+. In the web console, navigate to *Operators* -> *Installed Operators*.
+. In the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
+. Select *cluster*, and then select the *YAML* tab.
+. Configure the `FlowCollector` custom resource for RTT tracing, for example:
++
+[id="network-observability-flowcollector-configuring-RTT_{context}"]
+.Example `FlowCollector` configuration
+[source, yaml]
+----
+apiVersion: flows.netobserv.io/v1beta2
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
+  namespace: netobserv
+  deploymentModel: Direct
+  agent:
+    type: eBPF
+    ebpf:
+      features:
+       - FlowRTT   <1>
+----
+<1> You can start tracing RTT network flows by listing the `FlowRTT` parameter in the `spec.agent.ebpf.features` specification list.
+ 
+.Verification
+When you refresh the *Network Traffic* page, the *Overview*, *Traffic Flow*, and *Topology* views display new information about RTT:
+
+.. In the *Overview*, select new choices in *Manage panels* to choose which graphical visualizations of RTT to display.
+.. In the *Traffic flows* table, the *Flow RTT* column can be seen, and you can manage display in *Manage columns*.
+.. In the *Traffic Flows* view, you can also expand the side panel to view more information about RTT.
++
+.Example filtering
+... Click the *Common* filters -> *Protocol*. 
+... Filter the network flow data based on *TCP*, *Ingress* direction, and look for *FlowRTT* values greater than 10,000,000 nanoseconds (10ms).
+... Remove the *Protocol* filter. 
+... Filter for *Flow RTT* values greater than 0 in the *Common* filters.
+
+.. In the *Topology* view, click the Display option dropdown. Then click *RTT* in the *edge labels* drop-down list.

modules/network-observability-SRIOV-configuration.adoc

@@ -16,20 +16,19 @@ In order to collect traffic from a cluster with a Single Root I/O Virtualization
 . Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
 . Select *cluster* and then select the *YAML* tab.
 . Configure the `FlowCollector` custom resource. A sample configuration is as follows:
-+
-[id="network-observability-flowcollector-configuring-SRIOV-monitoring{context}"]
+
 .Configure `FlowCollector` for SR-IOV monitoring
 [source,yaml]
 ----
-apiVersion: flows.netobserv.io/v1alpha1
+apiVersion: flows.netobserv.io/v1beta2
 kind: FlowCollector
 metadata:
   name: cluster
 spec:
   namespace: netobserv
-  deploymentModel: DIRECT
+  deploymentModel: Direct
   agent:
-    type: EBPF
+    type: eBPF
     ebpf:
       privileged: true   <1>
 ----

modules/network-observability-auth-multi-tenancy.adoc

@@ -5,12 +5,23 @@
 :_mod-docs-content-type: REFERENCE
 [id="network-observability-configuring-options-overview_{context}"]
 = Configuring advanced options for the Overview view
-You can customize the graphical view by using advanced options. To access the advanced options, click *Show advanced options*.You can configure the details in the graph by using the *Display options* drop-down menu. The options available are:
+You can customize the graphical view by using advanced options. To access the advanced options, click *Show advanced options*. You can configure the details in the graph by using the *Display options* drop-down menu. The options available are as follows:
 
-* *Metric type*: The metrics to be shown in *Bytes* or *Packets*. The default value is *Bytes*.
-* *Scope*: To select the detail of components between which the network traffic flows. You can set the scope to *Node*, *Namespace*, *Owner*, or *Resource*. *Owner* is an aggregation of resources. *Resource* can be a pod, service, node, in case of host-network traffic, or an unknown IP address. The default value is *Namespace*.
+* *Scope*: Select to view the components that network traffic flows between. You can set the scope to *Node*, *Namespace*, *Owner*, *Zones*, *Cluster* or *Resource*. *Owner* is an aggregation of resources. *Resource* can be a pod, service, node, in case of host-network traffic, or an unknown IP address. The default value is *Namespace*.
 * *Truncate labels*: Select the required width of the label from the drop-down list. The default value is *M*.
 
 [id="network-observability-cao-managing-panels-overview_{context}"]
-== Managing panels
-You can select the required statistics to be displayed, and reorder them. To manage columns, click *Manage panels*.
+== Managing panels and display
+You can select the required panels to be displayed, reorder them, and focus on a specific panel. To add or remove panels, click *Manage panels*.
+
+The following panels are shown by default: 
+
+* *Top X average bytes rates*
+* *Top X bytes rates stacked with total*
+
+Other panels can be added in *Manage panels*:
+
+* *Top X average packets rates*
+* *Top X packets rates stacked with total*
+
+*Query options* allows you to choose whether to show the *Top 5*, *Top 10*, or *Top 15* rates.

modules/network-observability-configuring-options-overview.adoc

@@ -10,12 +10,14 @@ You can customize and export the view by using *Show advanced options*. The adva
 * *Find in view*: To search the required components in the view.
 * *Display options*: To configure the following options:
 +
-** *Layout*: To select the layout of the graphical representation. The default value is *ColaNoForce*.
+** *Edge labels*: To show the specified measurements as edge labels. The default is to show the *Average rate* in *Bytes*. 
 ** *Scope*: To select the scope of components between which the network traffic flows. The default value is *Namespace*.
-** *Groups*: To enchance the understanding of ownership by grouping the components. The default value is *None*.
-** *Collapse groups*: To expand or collapse the groups. The groups are expanded by default. This option is disabled if *Groups* has value *None*.
+** *Groups*: To enhance the understanding of ownership by grouping the components. The default value is *None*.
+
+** *Layout*: To select the layout of the graphical representation. The default value is *ColaNoForce*.
 ** *Show*: To select the details that need to be displayed. All the options are checked by default. The options available are: *Edges*, *Edges label*, and *Badges*.
 ** *Truncate labels*: To select the required width of the label from the drop-down list. The default value is *M*.
+** *Collapse groups*: To expand or collapse the groups. The groups are expanded by default. This option is disabled if *Groups* has the value of *None*.
 
 [id="network-observability-cao-export-topology_{context}"]
 == Exporting the topology view

modules/network-observability-configuring-options-topology.adoc

@@ -11,9 +11,10 @@ You can opt out of health alerting by editing the `FlowCollector` resource:
 . Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
 . Select *cluster* then select the *YAML* tab.
 . Add `spec.processor.metrics.disableAlerts` to disable health alerts, as in the following YAML sample:
++
 [source,yaml]
 ----
-apiVersion: flows.netobserv.io/v1alpha1
+apiVersion: flows.netobserv.io/v1beta2
 kind: FlowCollector
 metadata:
   name: cluster

modules/network-observability-disabling-health-alerts.adoc

@@ -13,10 +13,18 @@ You can configure graphical representation of Domain Name System (DNS) tracking
 
 * Troubleshooting: Debug DNS-related issues by tracing DNS resolution steps, tracking latency, and identifying misconfigurations.
 
-When DNS tracking is enabled, you can see the following metrics represented in a chart in the *Overview*. See the _Additional Resources_ in this section for more information about enabling and working with this view.
+By default, when DNS tracking is enabled, you can see the following non-empty metrics represented in a donut or line chart in the *Overview*:
 
-* Top 5 average DNS latencies
-* Top 5 DNS response code
-* Top 5 DNS response code stacked with total
+* Top X DNS Response Code
+* Top X average DNS latencies with overall
+* Top X 90th percentile DNS latencies
 
-This feature is supported for IPv4 and IPv6 UDP protocol.
+Other DNS tracking panels can be added in *Manage panels*:
+
+* Bottom X minimum DNS latencies
+* Top X maximum DNS latencies
+* Top X 99th percentile DNS latencies
+
+This feature is supported for IPv4 and IPv6 UDP and TCP protocols.
+
+See the _Additional Resources_ in this section for more information about enabling and working with this view.

modules/network-observability-dns-overview.adoc

@@ -13,32 +13,37 @@ CPU and memory usage increases are observed in the eBPF agent when this feature
 ====
 .Procedure
 . In the web console, navigate to *Operators* -> *Installed Operators*.
-. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
+. Under the *Provided APIs* heading for *Network Observability*, select *Flow Collector*.
 . Select *cluster* then select the *YAML* tab.
 . Configure the `FlowCollector` custom resource. A sample configuration is as follows:
 +
 [id="network-observability-flowcollector-configuring-dns_{context}"]
 .Configure `FlowCollector` for DNS tracking
 [source, yaml]
 ----
-apiVersion: flows.netobserv.io/v1alpha1
+apiVersion: flows.netobserv.io/v1beta2
 kind: FlowCollector
 metadata:
   name: cluster
 spec:
   namespace: netobserv
-  deploymentModel: DIRECT
+  deploymentModel: Direct
   agent:
-    type: EBPF
+    type: eBPF
     ebpf:
       features:
        - DNSTracking           <1>
-      privileged: true         <2>
+      sampling: 1              <2>
 ----
 <1> You can set the `spec.agent.ebpf.features` parameter list to enable DNS tracking of each network flow in the web console.
-<2> Note that the `spec.agent.ebpf.privileged` specification value must be `true` for DNS tracking to be enabled.
+<2> You can set `sampling` to a value of `1` for more accurate metrics.
 
 . When you refresh the *Network Traffic* page, there are new DNS representations you can choose to view in the *Overview* and *Traffic Flow* views and new filters you can apply.
 .. Select new DNS choices in *Manage panels* to display graphical visualizations and DNS metrics in the *Overview*.
 .. Select new choices in *Manage columns* to add DNS columns to the *Traffic Flows* view.
-.. Filter on specific DNS metrics, such as *DNS Id*, *DNS Latency* and *DNS Response Code*, and see more information from the side panel.
+.. Filter on specific DNS metrics, such as *DNS Id*, *DNS Error* *DNS Latency* and *DNS Response Code*, and see more information from the side panel. The *DNS Latency* and *DNS Response Code* columns are shown by default.
+
+[NOTE]
+====
+TCP handshake packets do not have DNS headers. TCP protocol flows without DNS headers are shown in the traffic flow data with *DNS Latency*, *ID*, and *Response code* values of "n/a". You can filter out flow data to view only flows that have DNS headers using the *Common* filter "DNSError" equal to "0". 
+====