Corvil 9.7.2 User Guide
Uploaded by
quang.nguyen.itdnCorvil 9.7.2 User Guide
Uploaded by
quang.nguyen.itdnCorvil Analytics User Guide
Software Release Corvil Analytics (9.7.2)
Document Revision 1.0, August 2023
Copyright © 2023 Corvil Limited. All rights reserved.
This document contains confidential information of Corvil Limited ("Corvil") and is furnished in confidence.
The contents of this document are protected by copyright, trademark and other intellectual property laws,
under national laws and international treaties. No part of this document may be copied, reproduced,
stored or transmitted, in any form or by any means, electronic, mechanical or otherwise, for any purpose,
including without limitation the purposes of distribution to agents or third parties or use for tendering or
manufacturing purposes, without the express written agreement of Corvil and then only on the condition
that this notice is included in any such copy or reproduction.
The content of this document is furnished for technical information purposes only, and should not be
construed as any form of warranty or guarantee by Corvil. Corvil shall not be liable for technical, editorial
or other errors or omissions in this document, and this document and the information in it are provided "as
is". Unless expressly stated otherwise in a written agreement between the recipient of this document and
Corvil, which predates the recipient's receipt of this document and which expressly refers to this
document, and to the greatest extent permitted by applicable law, Corvil expressly disclaims all terms,
conditions and warranties, expressed or implied, statutory or otherwise, relating to this document and the
information in it, including without limitation any warranties as to merchantability, fitness for a particular
purpose or non-infringement.
Copyright © 2023 Corvil Ltd. Corvil, the Corvil logo (the Corvil spark) and Corvil product names are all
trademarks of Corvil Ltd.
Corvil Bandwidth is also a trademark of Corvil Ltd.
All other brand or product names are trademarks of their respective owners.
Corvil software and hardware products contain intellectual property protected by US and European
patents, including patent numbers US7787438, US7839861, US8493875 and EP1936867, EP1842332,
and EP0962079.
Corvil Limited is a wholly owned subsidiary of Pico Quantitative Trading Holdings LLC.
© 2023 Pico Quantitative Trading LLC. All rights reserved 2.
Preface 15
About the User Guide 15
Audience 15
Prerequisite Knowledge 15
Related Documentation 16
Conventions Used in This Guide 16
Contacting Corvil Technical Support 17
Introduction to the User Interface 18
User Interface Overview 19
Corvil Dashboards 26
Dashboards Overview 27
Switching Dashboards and Sessions 31
Performance Warning Banner 34
Dashboard Widgets 36
Displaying and Hiding Time Series Results 39
Displaying Logarithmic Time Series Results 41
Corvil Dashboard Reporting Periods 42
Selecting the Time Zone for the UI Display 47
Corvil Dashboard Live View 49
Selecting and Comparing Time Periods 50
Dashboard Widget Full-screen Mode 53
Dashboard Filtering 56
Custom Statistic and Session Naming 60
Data Filter 62
Exporting Dashboards and Widgets 65
Exporting a Dashboard in PDF Format 66
Exporting a Dashboard or Widget in CSV Format 68
Exporting a Dashboard in CSV and PDF Format 69
Navigation Between Dashboards and to the Inspect Data Screen 71
© 2023 Pico Quantitative Trading LLC. All rights reserved 3.
Time-series Charts and Bar Charts 71
Tables 76
Numbers 80
Pie Charts 81
Managing Images 84
Using an image in a Notes widget 85
Using an image as the Report Logo 86
Managing Corvil Dashboards 87
Re-ordering Dashboard Views 87
Hiding a Dashboard View 87
Copying a Dashboard View 88
Renaming a Dashboard View or Dashboard Group 89
Creating and Managing Dashboard Groups 89
Deleting Dashboards and Dashboard Groups 90
Creating and Editing Corvil Dashboards 92
Creating Grid-based Dashboards 94
Creating Canvas-based Dashboards 100
Working with Icons on Canvas-based Dashboards 104
Adding Widgets to a Canvas-based Layout Dashboard 109
Navigating a Canvas-based Dashboard 114
Creating Inspect Data Dashboards 116
Defining Widgets Using the Widget Editor 121
Deleting or Editing A Widget 126
Defining a Dashboard Using XML 127
Defining Custom Statistic Names - XML 135
Specifying Per-Session and Per-tag Dashboards - XML 139
Dashboard Context Settings - XML 143
Defining Widgets Using XML 149
Dashboard Layout Design 151
© 2023 Pico Quantitative Trading LLC. All rights reserved 4.
Defining a Big Number Using the Widget Editor 153
Defining a Big Number Using XML 161
Defining a Time Series Chart Using the Widget Editor 170
Defining a Time-series Chart Using XML 187
Defining a Bar Chart Using the Widget Editor 203
Defining a Bar Chart Using XML 214
Defining a Session Table Using the Widget Editor 228
Defining a Session Table Using XML 238
Defining a Note Using the Widget Editor 247
Defining a Note Using XML 259
Defining a TopN Table Using the Widget Editor 268
Defining a TopN Table Using XML 273
Defining a Pie Chart Using the Widget Editor 276
Defining a Pie Chart Using XML 284
Defining Recent Stream Events Using the Widget Editor 295
Defining Recent Stream Events Using XML 300
Defining a Message/Packet Table Using the Widget Editor 304
Defining a Message/Packet Table Using XML 307
Defining an Action Widget Using the Widget Editor 309
Defining an Action Widget Using XML 313
Specifying Statistics in Widgets Using XML 317
Dashboard Validation 323
Copying a Corvil Dashboard XML Configuration 325
Working with Corvil Dashboard XML Configuration Files 326
Managing Tagging 329
Viewing Tagging Information 331
Adding and Removing a Tag and Tag-Type 333
Filtering Tagging Information 335
Managing Tagging Using the CLI 335
© 2023 Pico Quantitative Trading LLC. All rights reserved 5.
Configuring UI Reporting Periods 338
UI Reporting Periods Overview 338
Reporting Period Budget 338
Checking the Status of UI Reporting Periods 341
Defining, Displaying and Suppressing UI Reporting Periods - Example 342
Displaying or Suppressing System-Defined UI Reporting Periods 343
Defining and Deleting User-Defined Reporting Periods 344
Setting the Default UI Reporting Period 348
IP Host Resolution 350
IP Host Resolution Overview 350
Enabling IP Host Resolution 350
Configuring the IP Host Resolver to shorten displayed FQDNs 351
Corvil Discovery 353
Discovery Overview 354
Viewing the Application Session Discovery Screen 356
Application Session Discovery Screen Information 357
Monitoring Sessions 359
Promoting Discovered Sessions to Monitored Sessions 360
Deleting and Blacklisting Sessions 361
Configuring Automatic Session Monitoring 362
Disabling Automatic Session Monitoring 363
Filtering Discovery Information 364
Viewing Tagging Information From Discovery 365
Corvil Lens 366
What is Corvil Lens 367
Viewing Lens 368
Viewing Results By Group 376
Including and Excluding Sessions from Aggregated Results 377
Re-ordering Lens Table Columns 378
© 2023 Pico Quantitative Trading LLC. All rights reserved 6.
Sorting Lens Table Columns 378
Adding and Hiding Lens Columns 380
Adding Latency Measurement Percentiles 381
Filtering Lens Results 382
Defining Lens Views 384
Setting the Lens Table Reporting Period 386
Setting the Default Units for Displaying Corvil Lens Latency Results 388
Lens Live View 389
Viewing Latency Histogram Charts 390
Cumulative Distributions 391
Zoom Controls 391
Exporting Session Results 393
Navigating to Inspect Data and Event Inspection 394
Lens Errors and Measurement Warnings 396
Errors 396
Measurement Warnings 396
Lens Alerting 398
Setting the Alert History 398
Current Session Alerts 399
Recent Session Alerts 401
Session Alerts Combined with Measurement Warnings 402
Corvil Data Search 403
Data Search Overview 404
Performing a Search 407
Data Search Results 409
Switching to Inspect Data From the Search Results Page 411
Constructing an External Data Search URL 413
Indexing Message Fields - UI 414
Indexing Message Fields – CLI 415
© 2023 Pico Quantitative Trading LLC. All rights reserved 7.
Enabling and Disabling Data Search 417
Configuring the Data Search Capture Disk Quota 418
Checking the Data Search Capture Quota and Amount of Captured Data 419
Analyzing Corvil Data 420
Using Inspect Data 421
Fast and Full Scan in Inspect Data 423
Selecting a Time Period On Inspect Data UI 426
Selecting and Switching Sessions on Inspect Data 427
Inspect Data Tools 428
Filtering Inspect Data Results 428
Viewing Message and Packet Table Results in Inspect Data Dashboards 443
Exporting an Inspect Data PDF Report 454
Configuring Inspect Data Dashboard Views 454
Using Event Inspection 455
Analyzing an Event 455
Impacted Measurements 460
Navigating Timeline History 461
Viewing Fullscreen Layout 461
Selecting Graphs for Event Inspection Drilldown Results 462
Defining Time Periods for Displaying Event Inspection Results 469
Selecting Sessions for Event Inspection Drilldown Results 470
Viewing Decode Details for Network Sessions 471
Viewing Decode Details for Application Sessions 478
Filtering Event Inspection Results 488
Duplicating Event Inspection Screens to Compare Results 498
Exporting Message Results 498
Legacy Corvil Screens 507
Selecting a Report Period 507
Reporting PDF Results 509
© 2023 Pico Quantitative Trading LLC. All rights reserved 8.
PNQM and GPS/PPS Status and Warnings 509
SPAN Congestion 511
Warning of Impacted Measurements 512
Service Compliance 514
Event Analysis 515
Traffic Insight 520
Legacy Live View 523
Bandwidth Sizing 526
Corvil Multihop Analysis 534
Example Multihop Configuration 534
Using Multihop Analysis 543
Defining a Multihop Group 547
Packet Capture Data Settings 551
Disabling and Re-enabling Capture 551
Setting Disk Space Quota for Capture Files 555
Checking the Capture Quota and Amount of Captured Data 558
Setting a Packet Capture Password 559
Packet Capture Compression 560
PCAP Export Using the UI 562
Selecting a Time Period for PCAP Export 562
Selecting a Data Source 563
Applying a Filter 564
Setting a Snaplength Limit 571
Exporting a Packet Capture 572
PCAP Export Using the CLI 574
Defining a Capture Export Job 578
Defining the CNE Ports Providing Measurements – Network Capture and Analysis Mode 579
Defining the Sessions Providing Measurements – Full Analytics Mode 579
Defining the Amount of Packet Content to Export 580
© 2023 Pico Quantitative Trading LLC. All rights reserved 9.
Defining the Time Period To Export 581
Defining a Packet Filter (Optional) 583
Defining the Target Destination for the Capture Export 584
Exporting the Capture File 586
Using tshark 586
Allocating Additional Memory to tshark 590
PCAP Analysis 592
PCAP Analysis Operation 593
Using Stored Data Analysis 600
Sources of Stored Data Analysis Files 600
Stored Data Analysis Operation 601
Performing Stored Data Analysis Using the UI 603
Managing Stored Data Analysis Jobs Using the UI 608
Managing Stored Data Analysis Files Using the UI 617
Stored Data Analysis Using the CLI - Example 619
Configuring Stored Data Analysis Using the CLI 626
Working with Manual Packet Captures 634
Exporting Always-On, Event and Manual Captures Using the CLI 641
Volume Based PCAP Indexing 644
Volume Based PCAP Indexing Overview 644
Should I Enable Volume Based PCAP Indexing? 644
Configuring Volume Based PCAP Indexing 644
How to enable Volume Based PCAP Indexing 646
Corvil Actions 656
Actions Overview 657
Accessing an Action - Examples 658
Corvil Flow Query 663
Flow Query Overview 664
Enabling Flow Indexing 665
© 2023 Pico Quantitative Trading LLC. All rights reserved 10 .
Connecting to the Web Services API 667
Running Flow Queries 668
UTC Clock Synchronization Reporting 674
UTC Clock Synchronization Reporting Overview 675
Enabling UTC Clock Synchronization Reporting 677
Viewing UTC Clock Sync Reporting Results 678
UTC Clock Sync Report 678
Viewing Clock Sync of Streams Events 683
API Requests for UTC Clock Sync Results 684
Corvil Streams 685
Streams Overview 686
Monitoring Corvil Streams Using the Corvil UI 688
Selecting a Time Period For Streams 689
Using the Timeline 690
Analytics Stream Results View 693
Filtering Corvil Stream Results 696
Streams Filter Query Language 698
Filtering Streams Events 704
Configuring Corvil Streams 707
Example Corvil Stream Configurations 720
Connecting to an Analytics Stream - Example 729
Unique Event IDs 729
Stream Drops 729
Displaying the Analytics Stream Schema 730
Streams Type Conversion 738
Statistic Types 738
Basic Type Conversion 738
Network Field Conversion 739
Streams Limits 740
© 2023 Pico Quantitative Trading LLC. All rights reserved 11 .
Corvil Giga+ Mode 742
Giga+ Mode Overview 743
Accessing Giga+ Mode 744
Giga+ Mode Service Compliance 746
Giga+ Mode Event Analysis 747
Giga+ Mode Traffic Insight 749
Giga+ Mode Bandwidth Sizing 750
Corvil Graphs and Charts 751
Viewing Congestion Graphs 752
What is Expected Queuing? 752
What is Corvil Bandwidth? 752
Expected Queuing Latency 752
Expected Queue Length 754
Expected Queuing Loss 755
Corvil Bandwidth – Delay 755
Corvil Bandwidth – Queue Length 757
Viewing Priority Class Results 758
Viewing Latency Graphs 761
End-to-End Latency 761
End-to-End Jitter 763
End-to-End Loss 764
Viewing Message Statistics 766
Message Sequence Gap Graph 766
Message Sequence Count Graph 767
Message Rate 767
Message Count 768
Top Message Types 768
Message Bit Rate Microburst 768
Message Rate Microburst 769
© 2023 Pico Quantitative Trading LLC. All rights reserved 12 .
Viewing TCP Results 771
TCP Statistics Overview 771
Goodput Rate 773
Goodput byte count 774
Left RTT 775
Right RTT 776
Connection Setup RTT 776
Local ART 777
Remote ART 778
Out of Sequence Packets 778
Out-of-Sequence Packet Count 779
TCP Packet Count 779
TCP Zero Window Packet Count Graph 780
Out of Sequence Packets: Retransmitted 780
Out-of-Sequence Packets: Reordered 781
Syn Packet Count 782
Fin Packet Count 782
Rst Packet Count 782
Viewing Top N Traffic Leader Results 784
Top Applications 784
Top Talkers 785
Top Listeners 785
Top Conversations 786
Viewing Traffic Patterns 788
What is Microburst? 788
Packet Bit Rate Microburst 788
Packet Rate Microburst 789
Average Bit Rate and Byte-counts Graphs 790
Average Packet Rate and Packet-counts Graphs 791
© 2023 Pico Quantitative Trading LLC. All rights reserved 13 .
Active Flows Graph 792
Viewing Packet Size Distributions 793
Corvil Measurement Warnings 794
Measurement Warning Overview 795
Checking Measurement Warning Settings 796
© 2023 Pico Quantitative Trading LLC. All rights reserved 14 .
Preface
ABOUT THE USER GUIDE
This User Guide describes how to use the following Corvil features:
l Discovery
l Dashboards
l Data Search
l Lens
l Analyzing Corvil data
l Packet Capture Export
l Stored Data Analysis
l Streams
l Flow Query
l UTC Clock Synchronization Reporting
l Giga+
l Actions
AUDIENCE
This document is targeted at the following types of users:
l Network Planners and Architects
l Traffic Engineers and Capacity Planners
l Network Operation and Maintenance Personnel
l IT Staff and Telco Product Managers
PREREQUISITE KNOWLEDGE
Basic familiarity with Linux administration and Cisco router configuration is assumed.
© 2023 Pico Quantitative Trading LLC. All rights reserved 15 .
RELATED DOCUMENTATION
For more information on using Corvil, refer to the following documents:
l Corvil Installation Guide
l Corvil Configuration Guide
l Corvil Administration Guide
l Corvil CLI Command Reference Guide
l Corvil XML API Reference Guide
l Corvil Packet Capture Export Guide
l Corvil Actions Guide
CONVENTIONS USED IN THIS GUIDE
Monospace indicates variable names, directory paths, file names, and configuration command names.
Monospace indicates configuration command examples.
Boldface indicates names of user interface elements, such as menu options, toolbar button, dialog box
and window field names, and commands and keywords that are entered literally as shown.
Command arguments are enclosed in angle brackets (< >).
Square brackets ([ ]) indicate optional elements.
Braces ({ }) group required choices, and vertical bars ( | ) separate alternative elements.
Braces and vertical bars within square brackets ([{ | }]) indicate a required choice within an optional
element.
NOTE: Means reader take note. Notes contain helpful suggestions or references to material not
covered in the manual.
© 2023 Pico Quantitative Trading LLC. All rights reserved 16 .
CAUTION: Means reader be careful. In this situation, you might do something that could result in
equipment damage or loss of data.
CONTACTING CORVIL TECHNICAL SUPPORT
If you require further information or support, please contact Corvil Technical Support:
e-mail: support@corvil.com
USA/Canada Toll Free: 1800 673 3185
UK Freephone: 0800 066 4799
International: +353 1 859 1010
Website: www.pico.net/support
© 2023 Pico Quantitative Trading LLC. All rights reserved 17 .
Introduction to the User
Interface
User Interface Overview 19
© 2023 Pico Quantitative Trading LLC. All rights reserved 18 .
User Interface Overview
Corvil provides browser-based and command line access to the Corvil Management Center (CMC) and
CNE appliances, allowing you to configure application and network monitoring of your trading
environment and providing you with a variety of options for viewing and analyzing the monitored data.
NOTE: Information on how to access information using the Corvil command line interface or CLI is
contained in the topic "Introduction to the Corvil Command Line Interface (CLI)" in the Corvil Analytics
Configuration Guide.
Accessing your appliance on a browser presents you with a login page from where you can log in to the
CMC or CNE using secured or unsecured mode. Refer to the topic "Configuring HTTP over TLS (HTTPS)
for GUI and Web Services API Access" in the Corvil Analytics Administration Guide for more information
on secure login.
© 2023 Pico Quantitative Trading LLC. All rights reserved 19 .
From Corvil Analytics 9.7.0, an optional security information banner can be added to the login screen. In
this case, you cannot proceed to the login prompt until you first acknowledge that you have read the
information by clicking ACCEPT. You will need to acknowledge the login banner every time you attempt
to log in to the appliance. See the topic "Configuring a Login Banner for the UI Login Screen" in the Corvil
Analytics Administration Guide for details of how to add a login banner for display on the login screen.
Both the CMC and CNE UIs feature different modes of operation. If you log in as an administrator (admin)
or config user, you can access all modes, that is, all of the monitoring screens and the System
Administration mode. Logging in as a monitor user only allows you to use the monitoring features on the
UI and you will not have access to System Administration mode to perform configuration tasks.
NOTE: Your administrator may have provided you with a restricted login access to the Corvil UI,
restricting what you can view based on configured Corvil login privileges. For example, you may be
prevented from viewing certain results on the dashboards.
For more information on Corvil role-based access control, refer to the topic Role-based Access
Control for Restricted Users in the Corvil Analytics Administration Guide.
Once you have successfully logged into the appliance, a Welcome dashboard will open to help you to
navigate the UI, providing brief descriptions and links to some of the most commonly used Corvil features.
For example, on logging into a Corvil Management Center, the opening dashboard will be as follows:
© 2023 Pico Quantitative Trading LLC. All rights reserved 20 .
From the Welcome dashboard you can go directly to the CNE administration page, where you can add
CNEs to be managed by the CMC.
You can quickly check the health of your network from the Network Health link or you can explore the
connections for a particular IP address.
You can directly export a PCAP for a session and you can go to the Discovery, Data Search and Lens
screens (you can also access these screens from the top tier menu).
Finally, clicking on the Go to the Corvil Customer Center link allows you to access Corvil information
and download software from the Corvil Customer Center and contact Corvil Technical Support .
Logging into a CNE opens a similar Welcome dashboard. In this case, you have additional information
about the Performance Dashboard from where you can gain an insight into the performance of your
CNE.
The Manage Corvil Appliances link is not included on the CNE Welcome dashboard as it applies to
CMCs only.
NOTE: The Network Health, Host Connectivity and Performance Dashboard features are Actions and
you must install the latest Action Pack for the links to work. For more information on configuring and
using these Actions refer to the topics "Analyze / Network Health", "Analyze / Host Connectivity" and
"System / Performance Dashboard" in the Corvil Actions Guide.
© 2023 Pico Quantitative Trading LLC. All rights reserved 21 .
Navigation Menus
The User Interface provides a number of navigation menus to enable you to quickly access the
information you are interested in.
On the lefthand side of the screen there is a (collapsible) contextual navigation panel for each screen tab
(or information panel in the case of the Discovery and Data Search screens).
For example, on Dashboard and Inspect Data screens, in Corvil Analytics 9.7.0, the navigation panel
looks like this
The DASHBOARDS panel aids dashboard navigation, allowing you to search for and open a dashboard.
The SESSIONS panel lists all sessions on your CNE (and on all CNEs if you are using a CMC), allowing
you to quickly find and select a session for filtering on a dashboard.
You can also expand the navigation panel by hovering on the right edge of the panel, clicking on the drag
indicator then dragging the panel to the right.
On the Lens screen, the lefthand navigation panel allows you to switch between defined Lens views, and
similarly, you can switch between streams on the Streams screen. You can't expand the navigation panel
on these screens.
© 2023 Pico Quantitative Trading LLC. All rights reserved 22 .
The tabs that appear in the top tier navigation menu of the UI screen depend on whether you are using a
CNE or CMC (no Streams tab in the latter), and they also depend on how your appliance is licensed.
For example, if your appliance is licensed for Network Analytics, only the Dashboards and Inspect Data
tabs are available. Similarly, only these two tabs are available when using your appliance in Network
Capture mode.
The icons on the right of the top tier navigation menu provide additional functionality, such as access to
System Administration and dashboard editing.
The Settings icon allows you to access System Administration, System Alerts, Quality Alarms
(CNE only), PDF Reporting (CMC only), Management of images, Giga+ dashboards and Web CLI. You
can also enable IP Host Resolution from here.
The Actions icon allows you to launch global Actions, such as generating a UTC Clock Sync Report or
viewing the Performance Dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 23 .
You can create, edit and manage dashboards from the Edit icon.
And you can log out from the appliance by clicking Logout on the username menu.
© 2023 Pico Quantitative Trading LLC. All rights reserved 24 .
Finally, if you need further information on any of the above, or if you need help to use these and other
features in your Corvil appliance, refer to the relevant documentation in the Corvil Customer Center or
click on the Help icon.
© 2023 Pico Quantitative Trading LLC. All rights reserved 25 .
Corvil Dashboards
Dashboards Overview 27
Dashboard Widgets 36
Data Filter 62
Exporting Dashboards and Widgets 65
Navigation Between Dashboards and to the Inspect Data Screen 71
Managing Images 84
Managing Corvil Dashboards 87
Creating and Editing Corvil Dashboards 92
Managing Tagging 329
Configuring UI Reporting Periods 338
IP Host Resolution 350
© 2023 Pico Quantitative Trading LLC. All rights reserved 26 .
Dashboards Overview
Dashboards provide an at-a-glance view of Corvil data.
NOTE: Access to Corvil dashboard results may be restricted depending on configured Corvil login
privileges.
For example, dashboards may only contain results for sessions for which a user has the required
privileges and click-through access to Inspect Data may be restricted.
For more information on Corvil role-based access control, refer to the topic "Role-based Access
Control for Restricted Users" in the Corvil Administration Guide.
You can use the dashboards to see live and historical summary data and monitor how the infrastructure is
performing.
Dashboards support live mode, preset historical reporting periods, or custom time periods.
They also support business hours reporting for preset historical reporting periods (for example, Last 24
hours) and custom time periods, but not for user-defined named periods.
The dashboards also provide straightforward navigation to other dashboards and to the underlying detail
and context when further analysis is required.
On installation, system dashboards are grouped under:
1. Dashboard Views (for non-templated dashboards) or Views (for Inspect Data dashboards)
2. Sessions (for session templated dashboards)
3. TagName (for tag templated dashboards)
© 2023 Pico Quantitative Trading LLC. All rights reserved 27 .
User defined dashboards are included, by default, in Dashboard Views (or Views for Inspect Data
dashboards). The group can be changed by XML or from the Manage Dashboards screen. See
"Managing Corvil Dashboards" on page 87.
DASHBOARD VIEWS display big-picture summaries of data. The following example, shows some
sample dashboard views including Core Network, eCommerce Portal, Physical Ports and VoIP Overview.
These 9.6.x examples do not include the new navigation panel.
In the preceding example, the Core Network dashboard view covers whole regions and breaks out
results across multiple sessions.
You also have SESSIONS dashboards that display data on a per-session basis. The following example
shows a number of sample per-session dashboards.
© 2023 Pico Quantitative Trading LLC. All rights reserved 28 .
In the preceding example, the Link Utilization per-session dashboard displays results for the selected
session (HTTP-RTT). Results for other sessions can be accessed using the drop-down list.
There are also dashboards that display data based on a selected grouping based on defined tags and tag-
types. In the following example there is one per-tag dashboard defined.
© 2023 Pico Quantitative Trading LLC. All rights reserved 29 .
In the preceding example, the VoIP Media (RTP) dashboard displays results for the selected tag
(Frankfurt). Results for other tags can be accessed using the drop-down list.
For more information on editing tags, refer to the topic "Managing Tagging" on page 329.
The menu of dashboards can be hidden by clicking above the dashboard views.
Dashboards are automatically hidden from a user if the user has restricted viewing of the dashboards, or if
the dashboard global filter does not match any sessions. Also, if you exceed the maximum number of
dashboards that can be displayed on your system, currently 100 (50 in pre-9.6 releases), you can allow
the system-supplied and plugin-supplied dashboards to be automatically hidden. See "Dashboard
Validation" on page 323 for details on how to configure this.
For templated dashboards, the dashboards are hidden if the tag or session selector is empty.
If all dashboards in a group become hidden due to these criteria, then the group will also be hidden.
Unrestricted users can see all dashboards, including empty dashboards, making editing of empty
dashboards possible.
© 2023 Pico Quantitative Trading LLC. All rights reserved 30 .
SWITCHING DASHBOARDS AND SESSIONS
From Corvil Analytics 9.7.0, the navigation panel on the left side of Dashboards and Inspect Data screens
allows you to quickly switch to a different dashboard and view results for a selected session. There are
separate Dashboard and Session panels and you can toggle between them.
The DASHBOARDS panel lists all (unhidden) system and user-defined dashboards for the Dashboards
or Inspect Data screens. You can search for a dashboard name (enter a minimum of 3 characters) and
open the dashboard in the same browser tab. To change the order of the dashboards, open the Manage
Dashboards window under the Edit dashboard menu
NOTE: The dashboard listed depends on the dashboard type. On the Dashboards screen, only
dashboards of type="dashboard" are listed. On the Inspect Data screen, only dashboards of
type="networkdata" are shown. See "Dashboard Context Settings - XML" on page 143
The SESSIONS panel lists all sessions (online sessions only for Dashboard Views; online and offline
sessions for Inspect Data dashboards) on your CNE (and on all CNEs if you are using a CMC). Only
sessions for which a user has the required privileges are shown. Sessions are also automatically hidden
from a user if the dashboard global filter does not match these sessions. You can search for a session
name (enter a minimum of 3 characters) and filter the results on the currently open dashboard or you can
open the filtered dashboard in a new browser tab, which allows you to compare the results for 2 sessions.
© 2023 Pico Quantitative Trading LLC. All rights reserved 31 .
Note that the session list has a sites-CNEs-sessions tree structure so if viewing results from a CMC, you
can quickly select a session for a particular CNE. The list is collapsed down to site level by default. After a
search, expand the site and CNE levels to see the returned list of sessions. Fifty sessions are shown at a
time, depending on how many sessions are returned. Click More Sessions to expand the list.
If you have a number of browser tabs open, each with a dashboard filtered by a different session or tag,
you can quickly find a dashboard of interest, by hovering over the browser tab name to view the browser
tab title. The title shows the following information:
With no session or tag filtering:
<dashboard-name> | <cne-name>
If the dashboard is filtered by tag or session:
<dashboard-name> | <session-name or tag-name> | <cne-name>
For a CMC the equivalent browser tab titles are:
<dashboard-name> | <cmc-name> (CMC)
<dashboard-name> | <session-name or tag-name> on <cne-name> | <cmc-name> (CMC)
On a Dashboard Views dashboard, you can filter your dashboard results for a selected online session,
with the session name displayed under the dashboard name. A single PDF export of this dashboard will
also show the results filtered for the selected session and will display the session name. Scheduling a
report for a dashboard will only show the full summary dashboard and does not reflect results filtered for a
session selected on the panel. You can filter by session on all dashboard view types, including templated
by session and tag dashboards. Note that if you have filters applied through the dashboard filter box or
through dashboard config XML, only sessions that satisfy the filter conditions will be listed in the Session
panel. Similarly, if you are viewing a templated by tag dashboard, only sessions that are included in the tag
will be available for selection in the panel. You can display all the hidden sessions by selecting the Show
© 2023 Pico Quantitative Trading LLC. All rights reserved 32 .
all sessions checkbox. The hidden sessions will be listed (greyed out) but can’t be selected, showing the
warning "Session is not valid as a filter for this Dashboard due to the applied Dashboard filters". You will
also see this message if you select a session on a dashboard but then change to a templated by tag
dashboard that doesn't match this session.
You can change the session at any time and can remove session filtering from the dashboard by clicking
the x next to the session name.
Once a session is selected, the filtering persists across all dashboard views only, including the templated
by session and tag dashboards (in the same browser tab). If you selected the session to filter the
dashboard in a new browser tab, the session persists on all dashboard views in that tab only.
On Inspect Data dashboards, similar rules apply as for Dashboard Views, with slight differences.
© 2023 Pico Quantitative Trading LLC. All rights reserved 33 .
The Sessions panel lists all online and offline sessions. If a session has been previously selected on the
dropdown menu, you can switch to a new session selected from the Sessions panel (or keep both sets of
results, by selecting the new session to filter the Inspect Data dashboard in a new browser tab). Since
these are templated by session dashboards, the session filtering remains when you click x next to the
session name.
If you have applied filters to the Inspect Data dashboard through dashboard config XML, only sessions
that satisfy the filter conditions will be listed in the Session panel. You can display all the hidden sessions
by selecting the Show all sessions checkbox.
Once a session is selected, the selected session persists across all Inspect Data dashboards only (in the
same browser tab). If you selected the session to filter the dashboard in a new browser tab, the session
persists across all Inspect Data dashboards in that tab only.
If you can't see the full name of a dashboard or session on the navigation panel, you can expand the panel
by hovering on the right edge of the panel, clicking on the drag indicator then dragging the panel to
the right.
NOTE: In Corvil Analytics releases earlier than 9.7.x, the navigation panel only shows the dashboard
list. You can select a different dashboard from the panel but it is not searchable, and you can't expand
the panel.
And you can hide the navigation panel at any time by clicking the hide /collapse icon on the panel .
PERFORMANCE WARNING BANNER
[Supported from Corvil Analytics 9.7.0]
NOTE: The warning banner is disabled by default. It can be enabled by configuration of dashboard
XML (by admin users only).
You can be alerted when your CNE is experiencing performance issues by configuring a performance
warning banner to be displayed at the top of the Dashboards, Inspect Data and PCAP Export screens.
The banner is displayed only when port or packet capture drops reach a configurable threshold. You
configure the banner in the Dashboard XML config (see "Defining a Dashboard Using XML" on page 127),
specifying threshold limits that trigger the banner to appear. In the XML you can specify that the warning
appears if the number of port drops or packet capture drops exceeds the configured limit. You can also
trigger the banner if the faults are active for too long by specifying a maximum percentage of 30 second
time windows in the configured time range that port or packet capture drop faults can be active on the
CNE.
For example, if a port drop fault becomes active when you are viewing the Dashboard screen on a CNE,
the banner below will pop up at the top of your screen.
© 2023 Pico Quantitative Trading LLC. All rights reserved 34 .
To see what the performance issue is, click on Read more. A pop-up window opens showing what port
and/or capture drops have occurred, whether they are active (have occurred in the last 30 seconds) or
recent, and the impact they are having on the CNE. If you have installed a recent Action Pack, you can
click on the link to open the Performance Dashboard Action to diagnose the issue (The link is only shown
on CNEs with the Action installed).
You can hide the banner by clicking x and it will not appear again unless you open a dashboard in a new
tab, or login to the appliance again (on the current or a new tab), and if the port/capture drops still violate
the thresholds. The banner is automatically hidden if the number of faults or the percentage of time with
active faults fall below the configured thresholds in the configured time range.
On a CMC, the banner only displays on Inspect Data dashboards and only when you are filtering on a
session for an affected CNE. In this case, the banner text states the CNE name. You can open the banner
to see the fault information, but if your CMC is installed with a release earlier than 9.7.0, you will need to
open the Performance Dashboard Action on the CNE for more details as the Performance Dashboard
Action is not supported on those CMCs.
© 2023 Pico Quantitative Trading LLC. All rights reserved 35 .
Dashboard Widgets
Dashboards include different widgets to display data. Widgets include:
Time-series Charts
Display time-series data for one or more sessions or for whole data categories like geographical regions.
Bar Charts
Display results in the form of tailored bar charts that can be used as business reports, such as Latency per
venue - Day over day / Week over week.
© 2023 Pico Quantitative Trading LLC. All rights reserved 36 .
Session Tables
Display results for a number of sessions and include the option to display certain results as bar charts in
the table.
Big numbers
Display a summary value for a particular statistic and optionally display trending indicators.
Top-N tables
Display top application, talker, listener, message-type and conversation data.
Pie Charts
Provide a visual guide to the relative proportions of data in different categories. A pie chart can be session
or tag-based and up to 10 segments are displayed (based on the highest proportions of data), with an
additional segment grouping all other session/tag data.
© 2023 Pico Quantitative Trading LLC. All rights reserved 37 .
Recent Corvil Stream Events
Report a list of recent events generated by a Corvil Stream. (This widget is not available on Corvil
Management Center)
© 2023 Pico Quantitative Trading LLC. All rights reserved 38 .
NOTE: You can also add extra information to a dashboard by adding a Notes widget. If you have
installed an Action Pack, you can add Action widgets, such as Network Health, to a dashboard.
DISPLAYING AND HIDING TIME SERIES RESULTS
Time series charts often display multiple sessions, as indicated in the legend below the chart.
You can choose which results to display or hide on a time-series chart by clicking the legend items.
To view only a single session, such as “PortAB – TCP Throughput” in the example below, hover over the
legend item to isolate it or double-click on it. To redisplay the other sessions, double-click on the session
again.
© 2023 Pico Quantitative Trading LLC. All rights reserved 39 .
In the example below, “PortAB – TCP Throughput” has been single-clicked on, to hide it. To redisplay it,
single-click the grayed-out legend item once again.
NOTE: You cannot hide all sessions in a time series chart. When all but one session is greyed out, the
last unhidden session cannot be clicked to hide it.
© 2023 Pico Quantitative Trading LLC. All rights reserved 40 .
DISPLAYING LOGARITHMIC TIME SERIES RESULTS
[Supported from Corvil Analytics release 9.7.1]
By default, the time series charts display results on a linear Y-axis. If the results cover a wide range of
values, it can be difficult to see the detail for sessions returning lower values. Also, since the scale starts at
0, if all results are in the higher range, the graphs are skewed towards the top of the graph.
To avoid this you can dynamically display results using a logarithmic Y-axis (base 10) by clicking on the
log icon on the bottom right of your time series widget. Clicking on the icon again toggles the chart
back to linear view.
In the example below, you can see the same chart with results displayed linearly and then logarithmically.
© 2023 Pico Quantitative Trading LLC. All rights reserved 41 .
If a result is zero or negative, no log value is displayed so you may see a gap in your chart, as seen above.
You can select logarithmic display on time series widgets on Dashboard and Inspect Data dashboards.
Logarithmic scales are supported in comparison and full screen modes, and across time range and filter
changes. If thresholds are configured, threshold lines are also displayed. All users included RBAC users
with access to the chart can enable and disable the log view.
As the logarithmic display is dynamic, if you refresh the screen or change to a different dashboard, the
chart reverts to the linear axis.
NOTE: Logarithmic axis charts are not shown in a PDF export of a dashboard. Only the linear charts
are shown.
CORVIL DASHBOARD REPORTING PERIODS
The following standard reporting periods (and associated update rates) are available:
l Live View – 10 second updates
l Last 1 hour – 5 minute updates
l Last 12 hours – 5 minute updates (disabled by default)
l Last 24 hours – 5 minute updates
l Last 48 hours – 30 minute updates
© 2023 Pico Quantitative Trading LLC. All rights reserved 42 .
l Last 7 days – 1 hour updates
l Last 30 days – 3 hour updates
l Last 60 days – 6 hour updates
l Business Day – 5 minute updates
The default reporting period for a given dashboard view is configurable. For more information, please refer
to the section "Defining a Dashboard or Widget Time Period" on page 147.
The text above the table indicates the last time at which an update was made.
New measurements are displayed according to the update rate listed above for each reporting period.
NOTE: Reporting periods can be defined, displayed or suppressed using the CLI. For more
information on defining, enabling and suppressing reporting periods, refer to the topic "Configuring UI
Reporting Periods" on page 338.
When a given reporting period is selected, all information displayed on the screen is updated to only
include data relevant to that period.
On Corvil Management Center, if a user-defined period is requested, the summary data displayed
comes from collected reporting period summaries of managed CNEs. Sessions and sessions from
monitor-only CNEs are not displayed in Corvil Lens.
Corvil Management Center collects the reporting period summary data, and after a reporting period is
applied, Corvil Management Center shows only data related to the selected user-defined period.
On a Corvil Management Center user-defined reporting periods are not supported on managed CNEs
running an earlier Corvil version.
Business Hours Reporting
You can display the results on a dashboard or widget for business hours only for a chosen time period. All
statistics results are updated to ignore time periods outside of business hours.
Dashboards or widgets on Dashboards View allow you to display results for pre-defined business hours
only for a selected preset historical reporting period (for example, Last 24 hours) or custom time period.
You cannot display business hours results for user-defined named periods.
© 2023 Pico Quantitative Trading LLC. All rights reserved 43 .
For example, if your pre-defined business hours reporting period is 08:30 - 17:30, and you want to display
results for the last 7 days, the dashboard will only show summarized results between those hours for the
weekdays that fall within the 7 day period. Any data captured on Saturday and Sunday is ignored on the
dashboard, as is the data captured after 17:30 or before 08:30 on Monday to Friday. Hence, a business
hours only dashboard may look like this:
Here, the gaps indicate results that are being ignored, that is, they are outside of the configured business
hours. In this example, the large gap is a weekend.
To enable business hours reporting, you need to perform the following steps:
Enabling Business Hours Reporting on a dashboard
Step 1
Create a business hours reporting period using the CLI command reporting-period. Refer to the CLI
Command Reference for details on how to use this command or contact an administrator to create the
reporting period for you.
Step 2
Open the dashboard of interest and select the option Show business hours only in the Global Time
Selector.
NOTE: The Show business hours only option can only be enabled when the reporting period
currently selected on the Global Time Selector is a preset historical reporting period (such as Last 24
hours) or a custom time period. If the current reporting period is set to Live View or is a user-defined
named period, such as Business Day, the toggle button cannot be selected. The information tooltip
tells you why you cannot enable the option. If the business hours toggle is not selectable, change the
© 2023 Pico Quantitative Trading LLC. All rights reserved 44 .
reporting period to an allowed setting, such as Last 1 hour. The Global Time Selector will close and the
dashboard will update. Reopen the Global Time Selector window and you will now be able to click the
business hours toggle button.
Step 3
Select the business hours Reporting Period that you want to use from the list of available options. Your
newly created reporting period from Step 1 should be listed, along with any other existing user-defined
reporting periods.
NOTE: If you do not have any user-defined reporting periods (for example, you have not defined any
and you have deleted the provided example 'Business Day' reporting period), no options are displayed
when you try to enable business hours reporting. Business hours reporting is automatically disabled in
this instance.
Step 4
Choose the reporting period that you want your dashboard to cover. Only preset historical reporting
periods (Last 1 hour, Last 24 hours and so on), or a custom time period up to 60 days (for releases earlier
than 9.6.0, if you have more than 300 sessions, the custom time range cannot exceed 7 days on a
CNE and cannot be used at all on a CMC - see note) can be selected. User-defined reporting periods are
greyed out. The time selector window will close and your dashboard will be updated to reflect the
reporting period and business hours selection.
NOTE: If any part of the reporting period pre-dates the upgrade to 9.6.0 release, the old limits of 7
days/300 sessions apply to the whole custom period for a CNE. On CMCs running 9.6.x or later
releases, when viewing data that was captured on CNEs running 9.5.x or earlier, custom periods can
only be used on dashboards that contain less than 300 sessions. This also applies if any of the
managed or monitored CNEs in the CMC configuration are running 9.5.x or earlier releases. This also
applies to business hours reporting and comparison periods.
In the example below, Last 24 hours is selected and Show business hours only is enabled. Here, we
can see that there are two reporting period options available for selecting the business hours that the
dashboard results will be based on. These user-defined reporting periods have been configured using the
CLI command reporting-period. Business Day is an example user-defined reporting period,
provided by default with your system, and it is the option selected for business hours reporting if no other
user-defined reporting periods are defined. In this example, the user-defined reporting period
UK Business Hours is selected and this option will persist through other dashboard screens and even
when you have logged out and in again on the same browser (although Show business hours only will
be automatically disabled when you log in again).
© 2023 Pico Quantitative Trading LLC. All rights reserved 45 .
Once you have enabled business hours reporting, your dashboard will update to reflect this and the
selected business hours reporting period is displayed on top of the dashboard, as shown in the TCP
Summary dashboard example above.
NOTE: You can also select business hours reporting on the local time selector of a widget.
NOTE: The filtered results for business hour reporting are based on the timezone defined when you
configured the CLI reporting-period (the configured business hours and time zone are displayed
under the dashboard title). However, if the UI is using a different time zone, the results displayed on the
dashboard will reflect the UI time zone. For example, if your business hours reporting period is 09:00 to
17:00 in the UTC time zone, but the dashboard is displaying results for time zone CEST (UTC+02:00),
then the business hours results on a time-series chart will be displayed as 11:00 to 19:00.
Business hours reporting supports comparison mode and PDF export on dashboards. You can also
schedule a PDF report for a business hours dashboard from Corvil Management Center.
© 2023 Pico Quantitative Trading LLC. All rights reserved 46 .
NOTE: Business hours reporting is not supported on Inspect Data and Lens screens and the option
Show business hours only is not available on the time selector drop down menu. It is also not
supported (business hours are not applied) when you click through from a business hours dashboard
to Inspect Data.
NOTE: On Corvil Management Center business hours reporting is not supported on managed CNEs
running a software release earlier than 9.5.0. If your CMC manages multiple CNEs, some of which are
pre-9.5.0 release, then business hours are not reported for any CNEs if sessions from the older
release CNE are included on the dashboard.
SELECTING THE TIME ZONE FOR THE UI DISPLAY
You can change the time zone of the data displayed in the local GUI session. Other users logged on to the
same device will not be affected and can set a time zone relevant to their location. The time zone is
changed for all displays.
NOTE: The time zone for the CNE and CMC can be set via CLI (clock timezone command) and is
the default time zone for the device. If you change the time zone for your local GUI session from the
Global Time Period Selector or from the timestamp at the top of a screen, it will propagate to and
be displayed on all relevant screens, and will be displayed in alerts and reports.
To change the time zone of the data displayed in the local GUI session click on the current time zone
displayed with the timestamp on any of the main screens (click on the orange time zone text) or click on
the time zone indicated by Display in selected time zone in the Global Time Period Selector menu.
© 2023 Pico Quantitative Trading LLC. All rights reserved 47 .
A list will open Select a System Time Zone containing all allowable time zone options for your device.
Select a new time zone from the list and click SET TIME ZONE to set this time zone for all screens in the
GUI session.
© 2023 Pico Quantitative Trading LLC. All rights reserved 48 .
The new time zone is displayed at the top of your screen.
CORVIL DASHBOARD LIVE VIEW
Select Live View as the reporting period to view dashboard results that are updated every 10 seconds.
In Live View, use the History drop-down list (for example, click 5 MIN in the preceding example) to
choose the age of the data set from which the displayed live values are taken. The chosen setting
specifies the duration of the sliding window used to calculate the historical values displayed. For example,
if you select a history size of one minute, then each value displayed in the table is taken from the last one
minute of history of aggregated values on the system.
The 10-second automatic screen refresh may be paused by clicking the pause button. Click the same
button again to enable the automatic screen refresh.
© 2023 Pico Quantitative Trading LLC. All rights reserved 49 .
SELECTING AND COMPARING TIME PERIODS
You can switch in and out of live mode and set a global time period for a whole dashboard by clicking the
global time selector, and selecting a preset historical time period. Global custom periods can also be set
for the whole dashboard on both the CNE and Corvil Management Center. The list of recently viewed
custom time periods is maintained in Recent Periods.
The time period can also be set for a specific widget.
For big numbers and time-series charts, time periods can be compared.
NOTE: In releases earlier than 9.6.0:
- On Corvil Management Center, if you have more than 300 sessions on a dashboard, you cannot set
a custom or recent period, you cannot use compare mode, and business hours reporting is not
supported.
- On CNEs, if you have more than 300 sessions on a dashboard, custom periods and business hours
are not supported if the reporting period is greater than 7 days.
On CMCs running 9.6.x or later releases, when viewing data that was captured on CNEs running 9.5.x
or earlier, custom periods can only be used on dashboards that contain less than 300 sessions. This
also applies if any of the managed or monitored CNEs in the CMC configuration are running 9.5.x or
earlier releases.
Business hours reporting is supported in releases 9.5.0 or later.
For example, click for a time-series widget, choose a time period, for example Last 1 Hour, and click
COMPARE.
© 2023 Pico Quantitative Trading LLC. All rights reserved 50 .
Time-series graphs for the same hour on consecutive days can be shown together.
Note that the vertical axis for both charts is always the same scale.
© 2023 Pico Quantitative Trading LLC. All rights reserved 51 .
Click to show the comparison charts one above the other.
If you're viewing a line-based time-series chart you also have the option of overlaying compared results by
clicking .
The icon indicates that the widget has its own time period set. Global reporting period changes do not
affect widgets with their own time period set.
To compare the time-series of one session, double-click on the session name in the legend. The other
sessions will be hidden in your comparison view.
© 2023 Pico Quantitative Trading LLC. All rights reserved 52 .
Big numbers display trend information when comparison mode is used.
The preceding example shows a comparison of latency values for the same hour on consecutive days,
indicating the percentage difference in the compared values.
Click in the big number widget and select COMPARE for a time period. The widget refreshes showing
trend information such as in the above example. Clicking on the big number opens a lightbox displaying
the time-series graphs compared side-by-side.
The widget can be reset to the dashboard time period by clicking and selecting SET TO GLOBAL.
When viewing historical chart data, you can click and drag to zoom in on data down to a five-minute
timescale.
When using the Dashboards screen, zooming in on a time-series chart updates the time period displayed
for all widgets on the dashboard.
DASHBOARD WIDGET FULL-SCREEN MODE
Click for a widget to display the widget full-screen.
© 2023 Pico Quantitative Trading LLC. All rights reserved 53 .
Click the legend items to choose which results to display or hide on a time-series chart.
You can zoom in by clicking and dragging on the graph when full-screen in historical mode.
You can navigate to per-session dashboards and Inspect Data by clicking on a time-series chart data
point and selecting Go To ...
© 2023 Pico Quantitative Trading LLC. All rights reserved 54 .
If you navigate to Inspect Data, select from the available time periods and click on the session name.
© 2023 Pico Quantitative Trading LLC. All rights reserved 55 .
In the preceding example, the Inspect Data dashboards display only results for the selected Rejects
messages for the selected time period. If you launch Event Inspection, the same filter is applied and only
results for the Rejects messages are displayed.
DASHBOARD FILTERING
You can filter the data displayed in a dashboard by clicking on
l a time-series data point (in time-series widgets or lightbox mode)
l a tag or session name in a table
l a pie chart segment
From the displayed menu, select Add to filter.
© 2023 Pico Quantitative Trading LLC. All rights reserved 56 .
A data filter based on the selection is applied and the dashboard displays results with that filter applied.
© 2023 Pico Quantitative Trading LLC. All rights reserved 57 .
In the preceding example, the dashboard is updated to only display results for the selected session –
PlantLatency. The data filter has an equivalent filter applied.
To remove the filter, click Data Filter, click the X beside the filter, and click Apply.
© 2023 Pico Quantitative Trading LLC. All rights reserved 58 .
In the following example, a tag in a session table (London-Venue) is selected.
When Add to filter is clicked, the whole dashboard is updated to only display results for the selected tag.
In the preceding example, the dashboard now displays results for the London venue only.
© 2023 Pico Quantitative Trading LLC. All rights reserved 59 .
CUSTOM STATISTIC AND SESSION NAMING
You can optionally change the session name that is displayed on some types of widget and you can also
change the display name of a statistic.
Custom Session Display Name
You can change the default session name displayed on certain widgets by selecting the Session Display
Name option on the GUI widget editor (or use the equivalent XML parameter). The alternative display
name is the tag name predefined for the session for a particular tag-type. You select the tag name to use
by choosing from a dropdown list of tag-types.
The following widget types support this feature:
l Time Series
l Session Table
l Pie Chart
l Bar Chart
l Big Number (the new session name is displayed on navigation to a time series chart)
The Session Display Name option is only available on Dashboard View and Templated by tag widgets
(Templated by tag is supported in 9.6.x or later releases). It is not available for Inspect Data and
Templated by session widgets.
Refer to the relevant widget definition topic for the details on how to change the session display name on
your widget.
Custom Statistic Display Name
[Supported in 9.6.x and later releases only]
You can replace the display name for a system-defined statistic or a configurable statistic with a custom
name that will be used on selected dashboards and on the Lens table. Statistics names can be
customized in the following types of widget:
l Time Series (the statistic name in the legend and tooltip)
l Session Table (the statistic name in the column header and tooltip)
l Pie Chart (the statistic name in the tooltip)
l Bar Chart (the statistic name in the legend and tooltip)
l Big Number (the statistic name displayed on navigation to a time series chart)
© 2023 Pico Quantitative Trading LLC. All rights reserved 60 .
NOTE: Decoder and system dashboards will also adopt the custom statistic names, however, you
cannot edit the XML block of configuration for system configuration using any of the editors.
To use custom statistic names, you must configure dictionaries of new statistic names in the Dashboard
XML Configuration, and then select which dictionary you want to use for your widget or dashboard.which
you access from the System Administration menu.
For details on how to configure dictionaries of custom statistics names, refer to the topic "Defining a
Dashboard Using XML" on page 127
Refer to the relevant widget definition topic for the details on how to select the custom statistic dictionary
you require for your widget.
NOTE: The custom statistic names are preserved in a PDF export of the dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 61 .
Data Filter
Corvil tags data so that it is more straightforward to categorize in a useful way, for example gathering
sessions into relevant groupings.
You can use the Data Filter to select certain data to display based on how that data is tagged.
The list of available tag categories is shown when you start typing. Then you specify a qualifier from the
displayed list.
And then select from the available tags.
Corvil automatically applies tags to sessions based on the session’s underlying configuration attributes:
l Src/Dst Subnet
l Custom-signature
l Configurable-stats-maps
l Service-objectives
l Classification Policy
l Parent Session
l Network and Message Filters
For example, this means you can
l filter a Trading dashboard to show all sessions configured with specific trading metrics based
on a common configurable statistic configuration.
l filter a Market Data dashboard to show all sessions doing gap detection based on a common
service objective that applies that configuration
An administrator can also view, add, remove tags and tag-types. For more information on how to do this,
please refer to the section "Managing Tagging" on page 329
© 2023 Pico Quantitative Trading LLC. All rights reserved 62 .
When the filter is validated, apply it. The dashboard updates to reflect the applied filter.
You can add multiple filters.
If you add a filter, the DATA FILTER text changes and FILTERS APPLIED is displayed.
Filters can be deleted when they are no longer required.
If no filters are applied, NO FILTERS SET is displayed.
Certain dashboards (for example, per-tag dashboards) come with preset filters, displayed with a lock
symbol.
© 2023 Pico Quantitative Trading LLC. All rights reserved 63 .
While you cannot change the preset filters, you can add additional filters.
© 2023 Pico Quantitative Trading LLC. All rights reserved 64 .
Exporting Dashboards and Widgets
You can export a selected dashboard in the following formats:
l PDF
l CSV [Supported from 9.7.1 release only ]
l PDF and CSV in a single zip file [Supported from 9.7.1 release only]
Exporting a PDF is also available for Inspect Data screen dashboards.
Exporting in CSV format is only available for Dashboard screens and Dashboard widgets.
All users (admin, monitor and RBAC users) can export a dashboard.
The exported PDF and CSV files display the configured global or local dashboard settings (time range,
time zone and filters). See limitations for local settings in the note below.
NOTE: Transient and Local Setting Limitations
Transient changes to dashboard widgets (for example, clicking and dragging to reset session table
column widths to display long session names, setting a different time period on a specific widget, and
so on) are not reflected in an exported PDF or a CSV file exported in a zipped CSV and PDF file.
Use the dashboard editing tools to configure the dashboard as required before exporting a
dashboard. For example, use the XML editor to set required session table column widths and context
settings for specific widget time and filtering options.
For a dashboard or widget exported as a CSV file only, local times selected on the local time selector
dropdown menu for widgets are included in the export.
NOTE: A dashboard cannot be exported in Live View mode. In this case, the PDF and CSV Export
buttons are disabled . They will also be disabled if some of the widgets saved
to your dashboard have been configured to use Live View.
If templated dashboards are used, the PDF/CSV Export button is disabled if a session or tag is not
selected.
NOTE: You can schedule the export of a dashboard in PDF, CSV or zipped PDF and CSV format as a
report from a Corvil Management Center. Refer to the topic "Creating Scheduled Reports" for 9.6.x or
later releases, or "Viewing and Scheduling Dashboard Reports Using Dashboard PDF Reporting" for
© 2023 Pico Quantitative Trading LLC. All rights reserved 65 .
earlier releases. Both topics are also in the Corvil Analytics Administration Guide.
EXPORTING A DASHBOARD IN PDF FORMAT
To export a PDF of a selected dashboard, click .
Once clicked, the icon changes to indicate that PDF report generation and export is underway .
You can continue using the product as normal while the PDF is generating (for example navigating to
other screens and so on). Reloading or closing the page will cancel the PDF generation.
Hovering over the PDF button while generation is underway displays the CANCEL option. Click this
button to cancel the job.
NOTE: A single PDF export is supported at any one time. Other requests from concurrent users are
queued and served in FIFO order.
An error message is displayed if PDF generation exceeds the system memory limit (for example,
attempting to generate a PDF of a very large dashboard containing many widgets reporting on many
busy sessions when the Corvil appliance is experiencing heavy load). Error messages are also
displayed for issues such as connection problems or timeouts.
In a CNE only one PDF can be generated at a time so if other users are also generating PDFs, these
are queued. In Corvil Management Center, two PDFs can be generated at a time and any other
requests will be queued.
The exported PDF file is named Corvil_<CNE_NAME>_<DASHBOARD>_<CURRENT_DATE_TIME>
<TIMEZONE>.pdf
The file is available via the browser's configured download folder.
© 2023 Pico Quantitative Trading LLC. All rights reserved 66 .
The report is exported in A4 format with portrait orientation and includes
l a header containing the Pico Corvil Analytics logo and a custom report logo if one has been
imported and selected as a report logo on the Manage Images page [Manage Images is
supported from Corvil Analytics release 9.7.0].
l the dashboard name
l the session or tag name if a templated dashboard has been selected
l the session name if a session has been selected from the lefthand navigation panel for filtering
on a dashboard view or templated by tag dashboard [from Corvil Analytics 9.7.0 only]
l the selected time period
the symbol , if present, indicates that the selected dashboard has a global data filter
applied or a widget has a local data filter configured
© 2023 Pico Quantitative Trading LLC. All rights reserved 67 .
l a footer including the originating Corvil appliance and pagination
NOTE: A single PDF export is supported at any one time. Other requests from concurrent users are
queued and served in FIFO order.
EXPORTING A DASHBOARD OR WIDGET IN CSV
FORMAT
[Supported from 9.7.1 release only]
To export a CSV of a selected dashboard, click the down arrow next to the PDF export button, and select
Export As .. CSV.
Once clicked, the CSV report is generated immediately, with the file available via the browser's configured
download folder.
The exported CSV file is named Corvil_<CNE_NAME>_<DASHBOARD>_<CURRENT_DATE_TIME>
<TIMEZONE>.csv
The exported comma-separated (.csv) file includes the following information for each widget on the
dashboard
l the dashboard name
l the widget name and type
l the selected global or local time period
l the time range and timezone
l the sorting statistic and direction
l any global or local filters (if present)
l the session names, statistic names and timestamped statistics results
The global dashboard settings are used for all widgets that do not have local settings configured using the
widget editor or selected on the local time selector dropdown menu.
© 2023 Pico Quantitative Trading LLC. All rights reserved 68 .
NOTE: If your dashboard contains an Action, Notes or Recent Events widget, these are not included in
the exported CSV file.
You can continue using the product as normal while the CSV file is generating (for example navigating to
other screens and so on). However, as the report is generated from the data loaded on the browser, it is
downloaded within seconds so we recommend that you wait for it to finish downloading before moving to a
different screen. Also, because the report is generated from already loaded data, this allows a number of
concurrent users to request CSV reports on a CNE or CMC with no queuing necessary.
Exporting a Single Widget in CSV Format
You can also export a single widget in CSV format. Click for a widget to display the local time selection
menu and click the option EXPORT TO CSV at the bottom of the menu. The report will contain the same
widget information as described above.
EXPORTING A DASHBOARD IN CSV AND PDF
FORMAT
[Supported from 9.7.1 release only]
You can also choose to export a selected dashboard in both PDF and CSV formats at the same time, by
selecting the Export As .. CSV and PDF option.
Once clicked, the PDF export icon changes to indicate that PDF and CSV report generation and export is
underway
You can continue using the product as normal while the files are being generated (for example navigating
to other screens and so on). Reloading or closing the page will cancel the CSV and PDF generation.
You can cancel the CSV and PDF export job by hovering over the PDF button while generation is
underway and clicking the CANCEL option.
The exported files are compressed into a zip file named Corvil_<CNE_NAME>_<DASHBOARD>_
<CURRENT_DATE_TIME> <TIMEZONE>. The contained files use the same naming convention, with
microseconds appended to the end to differentiate 2 files downloaded on the same date for the same
dashboard.
NOTE: A single 'CSV and PDF' export is supported at any one time in a CNE. Other requests from
concurrent users are queued and served in FIFO order.
In Corvil Management Center, two concurrent users can request 'CSV and PDF' exports at the same
© 2023 Pico Quantitative Trading LLC. All rights reserved 69 .
time and any other requests will be queued.
© 2023 Pico Quantitative Trading LLC. All rights reserved 70 .
Navigation Between Dashboards and to
the Inspect Data Screen
Navigation between dashboards and to more detailed results is straightforward. Corvil provides
contextual navigation from time-series, big number, bar chart and pie chart widgets, enabling you to
navigate quickly from dashboards to the relevant captured data.
For example, you can click through from a count of Reject messages displayed as a summary number on
a dashboard to the specific affected orders to see the reason for rejection and counterparty information in
the decoded capture data. Similarly, you can click-through from a count of unexpected logons straight to
the relevant Logon messages to identify what traders are logging on. Or you can navigate quickly from
TCP zero window, out of sequence, market data gap dashboard information to top conversation charts to
identify which clients are slow, and which flows are gapping.
There are different navigation options available from the following widget types:
l Time-series charts
l Bar charts (supported in release 9.5.0 or later)
l Session tables
l Big numbers
l Pie charts
TIME-SERIES CHARTS AND BAR CHARTS
NOTE: Time-series and bar charts have the same navigation behavior. The description below shows
examples for time-series only.
On the charts, click on a data point and select Go to … to display the navigation options.
© 2023 Pico Quantitative Trading LLC. All rights reserved 71 .
If the chosen chart summarizes data from multiple sessions, you can switch to Inspect Data for a specific
session. The top-ranked sessions by chart metric are available to select. In the preceding example, the
time-series chart from a tag-based dashboard displays results for the London venue, which comprises the
displayed sessions.
In this case, the available options include switching to Inspect Data for a selected session, or to a related
tag-based dashboard.
If you click on a data point on a chart that is displaying data in live mode, chart updates will be paused,
indicated by a flashing pause button, and the chart will be faded. This allows you to click-through to
Inspect Data without the chosen data point being updated.
© 2023 Pico Quantitative Trading LLC. All rights reserved 72 .
If the chosen chart summarizes data from multiple sessions, you can switch to Inspect Data for a specific
session.
NOTE: Navigating to Inspect Data in live mode from a grouped time series graph is not supported.
If the chart displays data from individual sessions, you can either go to Inspect Data for that session, or to
one of the displayed session-based dashboards.
© 2023 Pico Quantitative Trading LLC. All rights reserved 73 .
The Inspect Data time period you navigate to depends on the time selection you are hovering over,
which in turn depends on the overall time you have selected for the dashboard. For example, if you have
chosen to display dashboards for the last hour, a typical time series chart will display 5-minute increments
across this hour.
If you are displaying dashboards for 48 hours, the increments will be 10 minutes. If you’re displaying
dashboards for 7 days, the increments will be 35 minutes, and so on.
© 2023 Pico Quantitative Trading LLC. All rights reserved 74 .
You can select whether to view the time period represented by the data point you selected (in this
example, 5 minutes), or to view results for the whole period configured on the dashboard from which you
are navigating (in this example the 1-hour view is set for the whole dashboard).
NOTE: When you open the context menu for a bar on a bar chart, the time range is auto-selected
depending on the grouping. If the bars are grouped by time, the default time range is the time range of
the grouping within which the bar resides, for example, if the bar chart is for 30 days, the bars are
grouped per week. If the bars are not grouped by time, the default time range is the one currently
selected for the bar chart, for example, "Last 24 hours" is offered on click-through.
Then, when you go to Inspect Data, the results displayed are for that five minutes.
Similarly, if the increment is, say, 35 minutes, then Inspect Data for that 35 minutes will display on the
click-through.
The click-through to Inspect Data is also contextual, filtering the results based on the selected data point
in the time series chart dashboard from which you navigated, if the chart is based on a Corvil configurable
statistic. In this example, we navigated to Inspect Data by clicking on a data point representing a max
latency value of 1.079 seconds.
© 2023 Pico Quantitative Trading LLC. All rights reserved 75 .
The DATA FILTER displays the current filtering status.
If you launch Event Inspection, the same filter is applied to the displayed results.
In this way you can quickly navigate from dashboards to the relevant capture data.
TABLES
For tables, click on a session name to see the navigation options.
© 2023 Pico Quantitative Trading LLC. All rights reserved 76 .
Go straight to Inspect Data for the chosen session or to one of the displayed session dashboards.
Note that a session table in Dashboards displays sessions for the time period you have specified,
whether that’s the last hour, last 24 hours, or last 7 days, and so on. This time period persists on the click-
through to Inspect Data. So for example, if you have selected the last hour in Dashboards, then when
you click on a session table, the time period you navigate to in Inspect Data will also be for the last hour.
Clicking on the session name in a session table when in live mode will pause updates. Clicking on a value
in the table will display a time series chart in full-screen mode for that statistic (all aspects if a distribution
value is selected) for the time period selected on the dashboard. If using release 9.5.0 or later and you
click on a statistic that has a threshold assigned, the time series chart displays a threshold value and
threshold line (if threshold display is enabled for the session table).
Alternatively, switch to a per-session dashboard, if available. In the preceding example there are a
number of per-session dashboards available to choose. For example, you can switch to link utilization
information for the selected session.
In the following example, the sessions are grouped by Venue.
© 2023 Pico Quantitative Trading LLC. All rights reserved 77 .
When you click the tag names in the first column of the table, (the Venue named London-Venue in the
preceding example) the top sessions contributing to the tag are listed first according to the defined
statistic and ordering (descending max latency values in the preceding example), and you can click
through to Inspect Data. You can also select any configured per-tag dashboards from the Venue
Dashboards list.
Click on a table cell with measurements to display a full-screen time-series chart of the selected data .
© 2023 Pico Quantitative Trading LLC. All rights reserved 78 .
From the graph you can click on a data point and select Go to ... to navigate to Inspect Data or session
dashboards.
In live mode, graph updates will be paused, making it easier for you to click-through to Inspect Data from
a selected data point.
Tables can also be sorted by column. Click on a column heading to sort on that column's values. Click on
a max mean or min sub-heading for distribution statistics. In the following example the session table is
sorted by maximum latency value:
© 2023 Pico Quantitative Trading LLC. All rights reserved 79 .
NOTE: The session table widget will display the top 100 sessions after the analytics for all the matching
sessions are analyzed and sorted. If you change to a different sorting statistic, the analytics from all
matching sessions are retrieved again, analyzed and the results are redisplayed, hence the sessions
displayed may change.
NUMBERS
Big number widgets also provide navigation options.
Click on a big number to display the corresponding time-series data being summarized in full-screen
mode. If using release 9.5.0 or later and if the number is for a statistic that allows threshold monitoring and
has a threshold assigned for the included statistics and is mapped to a session, the time series chart
displays a threshold value and threshold line (if threshold display is enabled for the big number widget).
© 2023 Pico Quantitative Trading LLC. All rights reserved 80 .
In live mode, graph updates will be paused, making it easier for you to click-through to Inspect Data from
a selected data point.
PIE CHARTS
Click on a pie chart segment and select Go to… to display the navigation options.
In live mode, chart updates will be paused, making it easier for you to click-through to Inspect Data for a
specific segment.
© 2023 Pico Quantitative Trading LLC. All rights reserved 81 .
In the preceding example, where the pie chart is based on tags (in this case the information is displayed by
Venue), when you open the navigation options, you can navigate to Inspect Data for the top sessions
associated with that venue, or to a venue-based dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 82 .
In the preceding example, where the pie chart is based on sessions (in this case the information is
displayed for two sessions representing market data feeds), when you open the navigation options, you
can navigate to Inspect Data for the selected session associated with that pie chart segment, or to one of
the session-based dashboards.
The click-through to Inspect Data is also contextual, filtering the results based on the selected data point
in the pie chart from which you navigated, if the chart is based on a Corvil configurable statistic.
© 2023 Pico Quantitative Trading LLC. All rights reserved 83 .
Managing Images
[Supported from Corvil Analytics 9.7.0 only]
From Corvil Analytics release 9.7.0, image files can be imported to a CNE or CMC and can be included in
a Notes widget as a static image or as a linked image. You can also set an imported image to be used as a
report logo on scheduled reports and PDF exports.
To import images into the appliance, go to the Settings cog menu and select Manage Images.
NOTE: This option is only accessible by Admin or Config users.
The Manage Images screen opens showing a list of previously imported images, with a thumbnail preview
of each image.
To import a new image, click IMPORT IMAGE. A new window opens where you can drag and drop an
image file, or you can click on the upload icon to open a browser and select the image. Only image
files of type GIF, PNG, SVG, JPG or JPEG can be imported and can be no larger than 10MB. After
selecting the image, click IMPORT on the bottom of the screen. You are returned to the Manage Images
screen which shows your new image at the top of the list of imported images. You can only import one
image at a time. Once an image has been imported, you can select the ACTIONS menu and set it as a
report logo, delete it or copy the file name (to use on a notes widget, for example).
A maximum of 50 images can be imported and viewed on the Manage Images screen. If you try to exceed
this limit, you will be unable to click IMPORT IMAGE and will get an onscreen warning.
To remove images from the list, select Delete under the ACTIONS menu.
NOTE: If you have previously uploaded a custom logo to a CNE or CMC with 9.6.x installed, it will be
automatically loaded into the new image directory and will be set as the report logo, on upgrade to
9.7.0.
© 2023 Pico Quantitative Trading LLC. All rights reserved 84 .
Image Dimensions
The dimensions of the image file at import are displayed on the Manage Images screen (width and height
in pixels). Once imported, you cannot resize the image file itself, however, the image is automatically
resized when used as a report logo, and you can resize images when adding them to a Notes widget.
Depending on the type of image used and to ensure display quality, you may need to resize the image
before importing it, for example, enlarging a PNG image may result in a blurred image.
Image file name
The name of the image file can be up to 40 characters long and must only consist of upper and lowercase
letters (a-z and A-Z), numbers (0-9), plus and minus signs (+, -), dot (.), space ( ) and special characters
_, &, (, ), *, :, <, >, |, ~
Finding an imported image
All images imported using Manage Images are listed on the Manage Images screen and an image can be
searched for by entering a search string in FILTER BY (Only images imported via the Manage Images
screen can be returned by the filter). By default, the imported images are sorted by import date with the
latest imports at the top. You can also sort by file name.
USING AN IMAGE IN A NOTES WIDGET
Images of type GIF, PNG, SVG, JPG or JPEG that have been imported via the Manage Images screen can
be displayed in a notes widget and can be rescaled, if required. Copy the name of the image file (you can
use the action Copy File Name) and paste it into the content window of the notes widget editor. You can
optionally resize the image displayed using some of the Markdown notation examples below.
For example, to display the unscaled image file "mylogo.jpg" in the widget (most basic notation - with no
tooltip image name when you hover over the image):
To display an image, auto-scaling to 100% of the width of the notes widget:
You can also scale to a smaller percentage:
You can also add a link to an image in the widget.
[](https://www.example.com "Go to example.com")
{:target="_blank"}
© 2023 Pico Quantitative Trading LLC. All rights reserved 85 .
Refer to the topic “Defining a Notes Widget” for a more detailed description of how to use images in a
Notes widget.
USING AN IMAGE AS THE REPORT LOGO
You can import an image that you want to use as the report logo on exported PDF reports and on
Scheduled reports. Only one image can be set to be used as the report logo. For the chosen image, select
Use as Report Logo from the ACTIONS dropdown menu.
The Preview image will update with the report logo icon.
If you later want to use a different image, just select Use as Report Logo on the new image (the
previously select report logo image will be deselected).
Once an image has been selected as the report logo, it will be resized and displayed on the top right-hand
corner of every page of a dashboard PDF export and on scheduled reports from the CMC (the default Pico
logo on the report is replaced with a smaller Pico logo and moved to the top left-hand corner). Note that
the image to be used on the scheduled reports must be imported directly to the CMC.
To remove a report logo from reports and PDF exports, select the action Don’t use as Report Logo on
the report logo image.
© 2023 Pico Quantitative Trading LLC. All rights reserved 86 .
Managing Corvil Dashboards
Corvil provides system-supplied and plugin-supplied dashboard configuration, providing a range of
dashboard views out of the box.
You can re-order and hide these dashboard views but you cannot edit their content. You can duplicate
and rename any of them, and you can view their XML configuration as examples to use as a starting point
for defining your own. You can also create dashboard groups and move dashboards between groups.
The configuration options below apply to dashboards accessed on the Dashboards screen and on the
Inspect Data screen.
NOTE: Only users with administration access can access the Manage Dashboards popup window.
RE-ORDERING DASHBOARD VIEWS
Re-ordering Dashboard Views
Step 1
Click and select Manage dashboards.
Step 2
Drag and drop the dashboard titles to re-order them.
HIDING A DASHBOARD VIEW
Hiding a Dashboard View
Step 1
Click and select Manage dashboards.
© 2023 Pico Quantitative Trading LLC. All rights reserved 87 .
Step 2
Select the dashboard view you want to hide and click OPTIONS - Hide.
Showing a Hidden Dashboard View
Step 1
On the Manage Dashboards screen, click the Show hidden toggle to display any hidden dashboards.
Step 2
Select the hidden dashboard view you want to show again and click OPTIONS - Show.
COPYING A DASHBOARD VIEW
You can create a new dashboard view by copying an existing system, plugin-supplied or user-defined
dashboard. Refer to Creating User Defined Dashboards from the UI for more information on creating your
own dashboard.
Copying a Dashboard View
Step 1
Click and select Manage Dashboards.
Step 2
Select a system, plugin-supplied or user-defined dashboard view from the available list, select OPTIONS
and Save a Copy. You are prompted to enter a new name for the dashboard view. It must be a unique
name.
Step 3
You can rename the new dashboard view at any time by clicking the pen symbol next to the dashboard
name, changing the title and clicking the green tick to confirm.
© 2023 Pico Quantitative Trading LLC. All rights reserved 88 .
RENAMING A DASHBOARD VIEW OR DASHBOARD
GROUP
Renaming a Dashboard View or Group
Step 1
Click and select Manage Dashboards.
Step 2
Select the dashboard view or group you want to rename and click on the pen symbol.
Step 3
Enter the new dashboard title (overwriting the existing name) and click the green tick sign to confirm and
save the new name. If you try to use an existing name, you will get a message telling you that the name has
already been used and you will not be able to save the new name.
NOTE: Adding and renaming dashboard views applies only to user dashboard views; system
dashboards can’t be added or renamed. Additionally, you may not re-use existing dashboard view
names.
You can rename predefined system dashboard groups.
CREATING AND MANAGING DASHBOARD GROUPS
You can place dashboards into groups to make them easier to manage. You can move dashboards
between existing dashboard groups or you can create a new group. The maximum number of dashboards
allowed is 100 and you can place up to 100 dashboards into a single group if no other groups exist. The
limit is 50 dashboards in releases earlier than 9.6.0.
Changing the Group that Your Dashboard Belongs To
© 2023 Pico Quantitative Trading LLC. All rights reserved 89 .
Step 1
Click and select Manage Dashboards. The predefined default dashboard groupings ‘Dashboard
Views’ and ‘Sessions’ (or ‘Views’ for the Inspect Data screen) are displayed, along with any dashboard
groups you have previously defined.
Step 2
Click on the arrow next to each group to expand the list of the dashboards they contain.
Step 3
Click OPTIONS and Change group for the dashboard that you want to move.
Step 4
In Select Group, choose the new group that you want to move your dashboard to, or Create a new
group. For a new group, enter a unique group name of up to 40 characters. If you try to use an existing
name, you will get a message telling you that the group name has already been used and you will not be
able to save the new name. Click SELECT.
Step 5
Refresh the Dashboards or Inspect Data screen to see your new or modified dashboard groups.
DELETING DASHBOARDS AND DASHBOARD GROUPS
Deleting a Dashboard
Step 1
Click and select Manage Dashboards.
Step 2
Click on the arrow next to each group to expand the list of the dashboards they contain.
© 2023 Pico Quantitative Trading LLC. All rights reserved 90 .
Step 3
Click OPTIONS and Delete for the dashboard that you want to remove.
Step 4
To delete a group, click the pen symbol next to the group name and click REMOVE GROUP.
NOTE: You cannot delete dashboards with a lock symbol as these are system dashboards.
Also, you can only delete an empty dashboard group, that is, you must remove all dashboards from a
group before you can delete it, either by deleting the dashboards or moving them to another group.
© 2023 Pico Quantitative Trading LLC. All rights reserved 91 .
Creating and Editing Corvil Dashboards
If you logged in as an administrator, you can create your own dashboard and edit existing user-defined
dashboards by clicking and selecting from the available options:
You can
l Add a new dashboard
l Add a new widget to the dashboard
l Adjust the dashboard layout
l Edit the dashboard context settings (dashboard type, filters and time settings)
l Manage dashboards
l Create a user-defined dashboard by copying and modifying an existing system dashboard
You can configure the following dashboard types:
l Dashboards view – displayed on the Dashboards screen as a Dashboard View and dis-
plays results across multiple sessions
l Per-session dashboard – displayed on the Dashboards screen as a Dashboard View by
default (group can be changed to a Sessions dashboard) and displays results for selected ses-
sions (edit the dashboard context settings to make the dashboard a per-session dashboard)
l Per-tag dashboard – displayed on the Dashboards screen as a Dashboard View by
default (group can be changed to a new Tagname dashboard) and displays results for a selec-
ted tag (edit the dashboard context settings to make the dashboard a per-tag dashboard)
l Inspect Data dashboard – displayed on the Inspect Data screen and displays results for a
selected session.
Dashboards View supports two types of dashboard (in 9.6.1 and later releases):
© 2023 Pico Quantitative Trading LLC. All rights reserved 92 .
l Grid-based dashboards- see note below for pre-9.6.1 releases
l Canvas-based dashboards
Grid-based Dashboards
Grid-based dashboards allow you to add widgets to a dashboard and the system will automatically
configure the layout based on the specified widgets sizes. Note that grid-based dashboards were known
as Dashboards in previous releases and have the same capabilities and behaviors. You can create your
grid-based dashboard to be one of the following types - Dashboard View, Templated by session or
Templated by tag. You can adjust the layout of the dashboard by selecting the Adjust Layout option and
moving a widget to a different grid position on the dashboard. And you can adjust the widget sizes by
editing the height and width of a widget in the widget editor or via the widget XML.
You can add the following widget types to a grid-based dashboard (for Dashboard View, Templated by
session or Templated by tag dashboards):
l Action
l Bar Chart
l Big Number
l Notes
l Pie Chart
l Recent Events (CNE only)
l Session Table
l Time Series
l TopN
For more information please refer to the topic "Creating Grid-based Dashboards" on the next page.
NOTE: You can also use this topic when creating a Dashboard View dashboard in releases earlier than
9.6.1, as the same procedure is almost identical. The only difference is you do not have to set the
dashboard type when the Add a New Dashboard window opens.
Canvas-based Dashboards
Canvas-based dashboards allow you to add widgets, icons and connectors to a dashboard and apply
precise control over the placement of these elements on the dashboard. Starting with a blank canvas you
can add icons, join them by connectors to create a diagrammatic view of your network and the inclusion of
widgets enables you to display live traffic information. You can change the position of a widget, icon or
connector directly on the open dashboard by selecting it and moving it to a new location. You can also
resize a widget by dragging its edge. You can add colored notes widgets which you can, optionally,
enlarge and use as a 'palette' for grouping related widgets and icons.
Your canvas-based dashboard can be of type Dashboard View, Templated by session or Templated by
tag and you can add the following widget types:
© 2023 Pico Quantitative Trading LLC. All rights reserved 93 .
l Action
l Bar Chart
l Big Number
l Notes
l Pie Chart
l Session Table
l Time Series
NOTE: Inspect Data does not support canvas-based dashboards.
NOTE: You cannot add topNTable, recentEvents or messagesTable widgets to a canvas-based
dashboard.
For more information please refer to the topic "Creating Canvas-based Dashboards" on page 100
Inspect Data Dashboards
Inspect Data dashboards allow you to add widgets to a dashboard and the system will automatically
configure the layout based on the specified widgets sizes. You can add the following widget types:
l Action
l Message Table
l Notes
l Time Series
l TopN
For more information please refer to the topic "Creating Inspect Data Dashboards" on page 116.
CREATING GRID-BASED DASHBOARDS
Creating a New Dashboard
You can create a new grid-based dashboard directly from the Dashboards View screen in a CNE and
CMCs, by opening the Dashboard Editor from the Settings menu and then populating the dashboard by
adding widgets to it using the widget editor.
NOTE: You can only create a dashboard of type Dashboard View using the dashboard editor. If you
require your dashboard to be per session or per tag, you can configure this later by setting it in the
Context Settings. See "Specifying Per-Session and Per-tag Dashboards - XML" on page 139.
© 2023 Pico Quantitative Trading LLC. All rights reserved 94 .
To create a new dashboard on the Dashboards screen:
Adding a New User-Defined Grid-based Dashboard
Step 1
On the Dashboards screen click and select Add a New Dashboard.
Step 2
Enter a name for the new dashboard and select the Grid-based layout (for releases earlier than 9.6.1, the
grid/canvas options are not displayed). Click SAVE.
The new dashboard will open.
© 2023 Pico Quantitative Trading LLC. All rights reserved 95 .
Step 3
As the new dashboard is empty, you can start to build it by using the options available from the dropdown
menu when you click .
You can add widgets to the dashboard by selecting the Add a Widget option, which allows you to create
new widgets using a widget editor (or using XML mode, if you prefer). See "Adding Widgets to a
Dashboard" on page 99. You can also change the layout and manage the dashboard by selecting the
option from the dropdown menu.
Step 4
Once you have added your widgets, you can change the current widget arrangement by selecting Adjust
Layout from the menu.
The dashboard is displayed in Adjust Layout Mode and you can move the widgets around by dragging
and dropping them to another part of the dashboard. When you have finished making your widget layout
changes, click SAVE LAYOUT.
Step 5
You can pre-define and persist data filters and time periods for your new dashboard by clicking on
Context Settings. This opens an XML editor where you can enter the required settings. You can also
modify the dashboard type here, for example, you may want to make your dashboard a per-session
dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 96 .
If you want to click-through to a particular Inspect Data view from the widgets on your dashboard, you can
specify the target view in the XML editor. You can also specify this per widget using the widget
editors/XML.
Refer to "Dashboard Context Settings - XML" on page 143 for more detail on changing these attributes.
If you don't want pre-defined persistent data filter and time period settings for the dashboard, you can set
them from the dashboard screen instead. Set a global data filter for the dashboard using Dashboard
Filters and select a time period using the Global Time Period Selector (top right of the dashboard display).
Creating a Dashboard Based on an Existing Dashboard
You can create a new dashboard by copying and modifying an existing dashboard.
To create a new dashboard from an existing system or plugin-supplied Dashboard:
Creating a New Dashboard from a System or Plugin-supplied Dashboard
Step 1
Open the dashboard that you want to copy on the Dashboards screen. Click and select Make
Editable ENABLE.
© 2023 Pico Quantitative Trading LLC. All rights reserved 97 .
Step 2
Enter a new, unique name for the copied dashboard and save it as a user dashboard by clicking SAVE.
If you want to create a new dashboard from a user-defined dashboard:
Defining a New Dashboard View Based on a User-Defined Dashboard
Note: You can also use the steps below for views based on a system or plugin-supplied dashboard.
Step 1
Click and select Manage Dashboards.
Step 2
Select a user-defined dashboard view from the available list, select OPTIONS and Save a Copy. You are
prompted to enter a new name for the dashboard view. It must be a unique name.
You can now get to work on setting up the new dashboard view.
You can delete or edit any of the widgets in the dashboard by clicking on the top right arrow. Clicking EDIT
will open the relevant widget editor.
Clicking DELETE will remove the widget from your new dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 98 .
To add a new widget, see "Adding Widgets to a Dashboard" below.
To change the current dashboard layout, click and select Adjust Layout.
The dashboard is displayed in Adjust Layout Mode and you can move widgets around by dragging and
dropping them to another part of the dashboard. You can also edit the widgets themselves by clicking
EDIT XML. For more information about editing widget XML, refer to the section "Defining Widgets Using
XML" on page 149. When you have made your changes, click SAVE LAYOUT.
Adding Widgets to a Dashboard
For a user-defined dashboard created on the Dashboards screen of a CNE or CMC, you can add the
following types of widget:
l Action
l Bar Chart
l Big Number
l Notes
l Pie Chart
© 2023 Pico Quantitative Trading LLC. All rights reserved 99 .
l Recent Events (CNE only)
l Session Table
l Time Series
l TopN
You can add up to 40 widgets to a user defined dashboard.
To add widgets to your dashboard using the GUI widget editor, see "Defining Widgets Using the Widget
Editor" on page 121.
To add widgets to your dashboard using XML, see "Defining Widgets Using XML" on page 149.
CREATING CANVAS-BASED DASHBOARDS
[Supported in 9.6.1 and later releases]
You can create a new canvas-based dashboard directly from the Dashboards screen in a CNE and in
CMC dashboards, by opening the Dashboard Editor from the Settings menu. You can then populate the
dashboard by adding widgets to it using the appropriate widget editor and you can add icons from the
menu options in the canvas dashboard editor. You can link icons using connectors enabling you to create
a pictorial representation of your network.
You can also create a canvas-based dashboard using XML. Refer to the topic "Defining a Dashboard
Using XML" on page 127 for more information.
Once you have created your dashboard, it can be exported as a PDF file or you can schedule it as part of a
PDF report. You can also copy a canvas-based dashboard from the Manage Dashboards screen.
To create a new canvas-based dashboard on the Dashboards screen:
Creating a New Canvas-based Dashboard from a Dashboards Screen
Step 1
Open any dashboard on the Dashboards screen click and select Add a New Dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 100 .
Step 2
Enter a name for the new dashboard and select the Canvas-based layout. Click SAVE.
The new dashboard will open on a blank canvas with contextual help and view control buttons on the right.
The help tooltips provide useful guidance on configuring the dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 101 .
Step 3
You can start to add content to your canvas by using the options available from the Edit dropdown menu
when you click .
Step 4
You can add multiple icons simultaneously to the canvas by selecting the Add an Icon option and
choosing the icons from a library. See "Working with Icons on Canvas-based Dashboards" on page 104.
Step 5
You can add widgets to the canvas by selecting the Add a Widget option. Select the type of widget to
add and configure it from the widget editor (or switch to XML mode if you prefer). You can add multiple
widgets to the dashboard but must add them one at a time. See "Adding Widgets to a Canvas-based
Layout Dashboard" on page 109.
© 2023 Pico Quantitative Trading LLC. All rights reserved 102 .
Step 6
Once you have added your widgets and icons, you can change the current layout on the canvas by
dragging and dropping the widgets and icons to the desired location. You can also join icons together
using connectors.
NOTE: The Adjust Layout menu item listed on the Edit dropdown menu is not available for canvas-
based dashboards. Changing the layout is done directly on the dashboard.
When you have made your changes, you can save the dashboard by clicking the update icon next to
the dashboard name in the left screen panel.
NOTE: Adding or editing a widget on the dashboard and then saving the widget updates, also results
in the dashboard being automatically saved. If you make other changes such as adding or editing
icons and connectors or if you make any layout adjustments to the dashboard, you must manually
save the dashboard.
Step 7
You can pre-define and persist data filters and select time periods for your new dashboard by clicking on
Context Settings. This opens an XML editor where you can enter the required settings. You can also
modify the dashboard type here, for example, you may want to make your dashboard a per-session
dashboard.
If you want to click-through to a particular Inspect Data view from the widgets on your dashboard, you can
specify the target view in the XML editor. You can also specify this per widget using the widget
editors/XML.
Refer to "Dashboard Context Settings - XML" on page 143 for more detail on changing these attributes.
If you don't want pre-defined persistent data filter and time period settings for the dashboard, you can set
them from the dashboard screen instead. Set a global data filter for the dashboard using Dashboard
Filters and select a time period using the Global Time Period Selector (top right of the dashboard display).
Step 8
If you want to rename your dashboard, change its order on the dashboard navigation menu or move it to a
new dashboard group, select the Manage Dashboards option from the Edit dropdown menu.
© 2023 Pico Quantitative Trading LLC. All rights reserved 103 .
WORKING WITH ICONS ON CANVAS-BASED
DASHBOARDS
[Supported in 9.6.1 and later releases]
Canvas-based dashboards have a library of predefined icons from which you can select and add to your
dashboard. For example, there are icons available representing exchanges, servers, Corvil devices and
so on. You can add up to 100 icons to the dashboard.
You can also join icons together using connectors by simply clicking on one icon and dragging the
connector line over to another icon. There are no limits to the number of connectors that can start or
terminate at a particular icon, subject to the overall limit of 100 connectors for a particular dashboard.
Once you have added an icon, you can edit it to add a label to it, if required. You can also copy an icon on
the dashboard and move an icon to another location on the canvas. And you can delete icons you no
longer require.
Adding and Connecting Icons on a Canvas-based Dashboard
To add icons to a canvas-based dashboard, you just select the required icons from the icon library.
In the example below, we go through the steps of adding two icons to a canvas dashboard, joining them
with connector lines and then finally adding labels to the icons.
Adding Icons to a Canvas-based Dashboard using the Widget Editor
Step 1
Open the canvas-based dashboard, click and select Add an Icon. A window opens showing you
the icons that can be added to your new dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 104 .
Select the Exchange and Server icons (you can select more than one icon by clicking as many as you
require) and click ADD TO DASHBOARD.
The icons are displayed on the top left of the canvas.
Step 2
Click each icon and drag it to a preferred position on the dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 105 .
Step 3
Now connect the icons in the forward direction by clicking the server icon once to highlight it, then click it
again and holding the mouse key down (see note), drag the (gray) connector line to the exchange icon.
Release the mouse key once you are hovering over the exchange icon. The connector line turns blue once
you have joined the two icons.
NOTE: Alternatively, once you have started drawing the connector line, as soon as you leave the
highlighted starting icon area, you no longer need to hold the mouse key down, and can simply draw
the line by moving the cursor to the other icon where you click the mouse key to finish the line.
Now draw the reverse connector but this time you want a multipoint line. Click on the exchange icon then
click again to start drawing the connector line. Click to add a point and then continue drawing the line,
clicking at each point where you want to change direction.
Step 4
Now you can optionally add labels to your icons. Double-click on the server icon. The Edit Icon window
opens. Enter the label for the icon and click SAVE.
© 2023 Pico Quantitative Trading LLC. All rights reserved 106 .
Repeat for the exchange icon.
Deleting Icons and Connectors
To delete an icon or a connector, click it to highlight it and then press the Delete key on your keyboard.
Deleting an icon automatically deletes any connector lines to or from it.
Copying Icons
To copy an icon, hold the Ctrl key and click the icon. The icon is duplicated for each mouse click. Click on
the duplicated icon to move it to another part of the dashboard. If your icon is labeled, the icon and label
are copied.
NOTE: If you are using an Apple MAC, hold the "command" key and click the icon to copy it.
© 2023 Pico Quantitative Trading LLC. All rights reserved 107 .
Editing Icon XML
When you double-click on the server icon, the Edit Icon window opens. You can enter an icon label here
or you can click </> XML VIEW to view/edit the XML code for your icon. You can also define an icon for a
dashboard by editing the Dashboard XML (select System Administration mode, then the Dashboards
editor).
The icon XML code for icons has the following format:
<icon nodeId="" source="" title="" x="" y=""/>
NAME, TYPE AND IDENTITY
nodeId
Each time you add an icon to a canvas dashboard, it is automatically assigned an id, "icon-n", where n is
the icon instance on the dashboard. You can assign any id (alphanumeric characters) if adding an icon via
the Dashboard XML and you can rename it in the XML View. Two icons cannot be assigned the same
node ID. You will see a configuration error if you attempt to do this.
source
Identifies the type of icon and the category it belongs to, for example, "Network/Cloud" or "Infrastructure
and Endpoints/Combine". The categories for icons are shown in the image of the icon library at the start of
this topic. The current categories are "Network", "Infrastructure and Endpoints", "Corvil Analytics",
"Shapes" and "Other".
title
[Optional] Assigns a label to an icon that will be displayed under the icon on the dashboard.
POSITION ON CANVAS
[Mandatory for canvas-based dashboards. Icons are not supported for grid-based
dashboards]
The x and y attributes determine the position of the icon on the canvas dashboard, where the center point
of the canvas is at coordinates x="0", y="0". When you add an icon it is placed by default in the top left
corner of the displayed canvas screen.
x=""
Specifies the x coordinate or horizontal position of the icon on the canvas. Attribute “x” must be between -
5000 and 5000.
© 2023 Pico Quantitative Trading LLC. All rights reserved 108 .
y=""
Specifies the y coordinate or vertical position of the icon on the canvas. Attribute “y” must be between -
5000 and 5000.
Here is an example of a labeled icon and the resulting icon on the dashboard:
<icon nodeId="icon-3" source="Network/Firewall" title="Firewall 1" x="-1241" y="-
301"/>
ADDING WIDGETS TO A CANVAS-BASED LAYOUT
DASHBOARD
[Supported in 9.6.1 and later releases]
For a user-defined canvas-based dashboard created on the Dashboards screen of a CNE or CMC, you
can add the following types of widget:
l Action
l Bar Chart
l Big Number
l Notes
l Pie Chart
l Session Table
l Time Series
You can add up to 40 widgets to a canvas-based dashboard.
For general information on adding widgets to your dashboard using the widget editor, see "Defining
Widgets Using the Widget Editor" on page 121. Or if you want to use XML, see "Defining Widgets Using
XML" on page 149.
Continuing on from the example used when adding icons to a canvas-based dashboard, we now want to
add data to our dashboard by adding widgets. In the example below, we are adding 3 types of widget.
© 2023 Pico Quantitative Trading LLC. All rights reserved 109 .
Adding a Widget to a Canvas-based Dashboard Using the Widget
Editor
To Add a Widget to a Canvas-based Dashboard using the Widget Editor
Step 1
Open the canvas-based dashboard, click and select Add a Widget. A window opens showing you
the widget types that can be added to your new dashboard. Widgets that cannot be added to a canvas-
based dashboard are grayed out.
Step 2
First, we will add a big number widget. Click on the icon for the Big Number widget. The Add Big Number
editor window opens.
© 2023 Pico Quantitative Trading LLC. All rights reserved 110 .
Step 3
Enter the details to create your widget.
NOTE: The Title field is not mandatory for widgets added to canvas-based dashboards.
The only mandatory field is the Statistic that you want to display in big number format. However, you can
configure any other settings that you require. In this example, you want to display the total number of
bytes measured for all monitored sessions in the request direction, so select 'packet-bytes' request.
Refer to the topic "Defining a Big Number Using the Widget Editor" on page 153 (or "Defining a Big
Number Using XML" on page 161) for detailed information on the fields you can configure for the big
number widget.
Click SAVE. Your screen will return to the dashboard which now contains the widget that you have
created.
Notice that your new widget is placed in the top left corner of the screen. Any other widgets you add will
also be placed here so click on the widget and drag it to a new location on the dashboard. In this case, we
want to place it over the forward line joining the server and exchange icons.
© 2023 Pico Quantitative Trading LLC. All rights reserved 111 .
Step 4
Repeat step 3, adding a new big number widget but in this case, select the statistic 'packet-bytes'
response. Save your widget and when the dashboard is refreshed, click the new widget and drag it to
reverse line between the two icons.
So now we have a simple connectivity diagram showing the live bytes transferred between 2 points in your
network.
NOTE: You can increase the size of the big number displayed in the widget by clicking the widget and
dragging it at one of its corners to stretch the widget. The font will snap to a larger size.
Step 5
Now add a time-series chart to the dashboard by clicking Add a Widget and selecting the Time Series
widget. Add the statistic 'packet-bytes' request. The other fields are optional, however, in this example we
will add a subtitle 'Request Bytes'. Save the widget. When the canvas dashboard refreshes, the time
series chart is added to the top left of the screen. Click it and drag it to a new location on the canvas.
As there are no dimension fields when defining widgets for canvas-based dashboards, the newly added
widgets are small and in cases like the time series or session table widget, need to be enlarged so that you
can properly view its data. To increase (or decrease) the size of the chart, click on the chart and drag one
of its corners to stretch the widget.
Step 6
Now repeat step 5, adding another time-series chart to the dashboard but this time add the statistic
'packet-bytes' response and the subtitle 'Response Bytes'. When the canvas dashboard refreshes, drag
the new time series chart to a new location.
© 2023 Pico Quantitative Trading LLC. All rights reserved 112 .
Step 7
Now add a Notes widget. In this example, you are going to use a colored Notes widget to act as a
background palette for the group of items that you have just added to your dashboard.
On the Notes editor screen select a background color and some text. In this case you also want to add a
title to the widget.
© 2023 Pico Quantitative Trading LLC. All rights reserved 113 .
Once the widget is added to the canvas, click the corner of the widget and drag it so that it is large enough
to fully encompass the widgets and icons that you have added. The widgets, icons and connectors are
displayed in front of the Notes widget.
Step 8
When you have completed your dashboard modifications, save the dashboard.
Your dashboard now looks something like this.
NOTE: If you prefer you can create or edit your widget using XML code, by clicking on XML VIEW in
the widget editor. If you click this and have unsaved edits in your widget, you will be asked to save
these first. Similarly, if you make changes in the XML editor you must save these before you switch
back to GUI editing.
NAVIGATING A CANVAS-BASED DASHBOARD
[Supported in 9.6.1 and later releases]
Canvas-based dashboards are designed to give you lots of flexibility and control over how you want your
final dashboard to look. We have seen in previous sections how to add content to the dashboard in the
form of icons and widgets, and how to move these on around on the canvas by clicking and dragging
them.
Here we will look at other features of the canvas-based dashboards.
© 2023 Pico Quantitative Trading LLC. All rights reserved 114 .
View Control Buttons
On the right side of every canvas based dashboard you see the following buttons
Helpful tips
The top button provides you with information on how to add widgets and icons (you can even open the
Edit menu from here), how to copy icons and how to add and delete icons and connectors. You can also
open the main Help page for canvas-based dashboards from here.
Zooming and Autofitting the canvas
The next three buttons relate to viewing your dashboard.
The canvas that you are building your dashboards on is large (10K x 10K pixels in size), so that you can fit
a lot of information into this one place. When you first create or open a canvas-based dashboard, the
screen always displays the center of the canvas and is automatically sized so that the dashboard content
fits on the screen. Clicking the zoom out (-) button allows you to see the extended area around your newly
added contents which can aid you in making layout changes.
© 2023 Pico Quantitative Trading LLC. All rights reserved 115 .
Similarly, you can zoom in (+) on a dashboard that contains a lot of information.
Clicking the autofit button returns the screen to the center of the canvas.
NOTE: The dashboard is also autofitted when you perform a PDF export or scheduled report.
Panning Around the Dashboard
If you want to view a different part of the canvas, you can click on the canvas and holding down the left
mouse key, you can pan around the canvas in any direction. For example, if you keep dragging the canvas
to the right, you will eventually see the gray border indicating the left edge of the canvas. Clicking the
autofit button will return you to the center of the canvas.
CREATING INSPECT DATA DASHBOARDS
Creating a New Dashboard
You can create a new dashboard directly from the Inspect Data screen in a CNE and CMC, by a simple
menu click to open the Dashboard Editor. You can then populate the dashboard by adding widgets to it
using the appropriate widget editor.
To create a new dashboard on the Inspect Data screen:
Adding a New User-Defined Inspect Data Dashboard
Step 1
On the Inspect Data screen click and select Add a New Dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 116 .
Step 2
Enter a name for the new dashboard and click SAVE.
The new dashboard will open.
Step 3
As the new dashboard is empty, you can start to build it by using the options available from the dropdown
menu when you click .
© 2023 Pico Quantitative Trading LLC. All rights reserved 117 .
You can add widgets to the dashboard by selecting the Add a Widget option, which allows you to create
new widgets using a widget editor (or using XML mode, if you prefer). See "Adding Widgets to a
Dashboard" on page 121. You can also change the layout and manage the dashboard by selecting the
option from the dropdown menu.
Step 4
Once you have added your widgets, you can change the current widget layout by selecting Adjust
Layout from the menu.
The dashboard is displayed in Adjust Layout Mode and you can drag and drop widgets to move them
around. When you have made your changes, click SAVE LAYOUT.
Step 5
You can pre-define and persist data filters and time periods for your new dashboard by clicking on
Context Settings. This opens an XML editor where you can enter the required settings.
Refer to "Dashboard Context Settings - XML" on page 143 for more detail on changing these attributes.
If you don't want pre-defined persistent data filter and time period settings for the dashboard, you can set
them from the dashboard screen instead. Set a global data filter for the dashboard using Dashboard
Filters and select a time period using the Global Time Period Selector (top right of the dashboard display).
Creating an Inspect Data Dashboard Based on an Existing Inspect
Data Dashboard
You can create a new Inspect Data dashboard by copying and modifying an existing Inspect Data
dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 118 .
To create a new dashboard from an existing system or plugin-supplied Inspect Data Dashboard:
Creating a New Dashboard from a System or Plugin-supplied Inspect Data Dashboard
Step 1
Open the dashboard that you want to copy on the Inspect Data screen. Click and select Make
Editable ENABLE.
Step 2
Enter a new, unique name for the copied dashboard and save it as a user dashboard by clicking SAVE.
If you want to create a new dashboard from a user-defined Inspect Data dashboard:
Defining a New Dashboard Based on a User-Defined Inspect Data Dashboard
© 2023 Pico Quantitative Trading LLC. All rights reserved 119 .
Note: You can also use the steps below for dashboards based on a system or plugin-supplied Inspect
Data dashboard.
Step 1
Click and select Manage Dashboards.
Step 2
Select a user-defined Inspect Data dashboard from the available list, select OPTIONS and Save a Copy.
You are prompted to enter a new name for the dashboard. It must be a unique name.
You can now get to work on setting up the copied Inspect Data dashboard .
You can delete or edit any of the widgets in the dashboard by clicking on the top right arrow. Clicking EDIT
will open the relevant widget editor.
Clicking DELETE will remove the widget from your new dashboard.
To add a new widget, see "Adding Widgets to a Dashboard" on the facing page.
© 2023 Pico Quantitative Trading LLC. All rights reserved 120 .
To change the current widget layout, click and select Adjust Layout.
The dashboard is displayed in Adjust Layout Mode and you can drag and drop widgets to move them
around or edit the widgets themselves by clicking EDIT XML. For more information about editing widget
XML, refer to the section "Defining Widgets Using XML" on page 149. When you have made your
changes, click SAVE LAYOUT.
Adding Widgets to a Dashboard
For a user-defined dashboard created on the Inspect Data screen of a CNE or CMC, you can add the
following types of widget:
l Action
l Message Table
l Notes
l Time Series
l TopN
You can add up to 40 widgets to a user defined dashboard.
To add widgets to your dashboard using the widget editor, see "Defining Widgets Using the Widget Editor"
below.
To add widgets to your dashboard using XML, see "Defining Widgets Using XML" on page 149.
DEFINING WIDGETS USING THE WIDGET EDITOR
Once you have created a dashboard, you can start to add widgets to it using the widget editor. The editor
is opened by clicking and Add a Widget. It is only accessible from user-defined dashboards and is
greyed out on system and plugin-supplied dashboards.
The widget editor contains a number of sections, depending on the widget type.
All widgets contain a general section which is used to give the widget a name and to define the size of the
widget. This section must be filled in. For time series widgets you also define the style of the chart in this
section.
For widgets that display statistics, there is a Statistics section where you can select the statistics that you
want to display on your widget. The maximum number of statistics that can be displayed is dependent on
the widget type, for example, the time series widget can display a maximum of 10 statistics, a session
table widget can display up to 30.
© 2023 Pico Quantitative Trading LLC. All rights reserved 121 .
Some widgets contain an Advanced Settings section where you can, for example, set filters or select a
drilldown view for sessions widgets that can be opened in Inspect Data.
Some widgets have addition sections like Width of First Column for session tables, Content section for
notes, Chart Type for pie charts, and Streams for recent events.
NOTE: Refer to Dashboard Validation for the dashboard limits in relation to the number of widgets
allowed per widget type. Once a limit for a dashboard has been reached, the widget selection will be
disabled.
Adding a Widget using the widget editor
Adding a Widget to a Dashboard View using the Widget Editor
Step 1
Select the user dashboard on the Dashboards or Inspect Data screen. Click and select Add a
Widget. A window opens showing you the widget types that can be added to your new dashboard.
If your dashboard is on the Dashboards screen, you will see the following widget type options:
l Action
l Bar Chart
l Big Number
l Notes
l Pie Chart
l Recent Events (CNE only)
l Session Table
l Time Series
l TopN
If your dashboard is on the Inspect Data screen, you will see the following widget type options:
© 2023 Pico Quantitative Trading LLC. All rights reserved 122 .
l Action
l Message Table
l Notes
l Time Series
l TopN
Step 2
Click on the icon for the type of widget that you want to create. For example, if you select Session Table,
the Add Session Table window will open.
NOTE: You can change the widget type from within the widget editor by clicking the arrow next to the
widget type and selecting another widget type from the dropdown menu. If you do this, you must
confirm the change as your current edits will be cleared.
© 2023 Pico Quantitative Trading LLC. All rights reserved 123 .
Step 3
Enter the details to create your widget.
Mandatory fields must be filled in before you can save your new widget. These fields are marked with an *.
In this example, you must enter a Title for the table, the Height and Width of the table, and the Statistics
(the data that you want to display in your session table). The default height and width are the minimum
recommended values for a session table widget. Please refer to the topic "Dashboard Layout Design" on
page 151 for the minimum and maximum recommended widget dimensions for each widget type.
Note that the ADD STATISTICS button will become greyed out once you select the maximum number of
stats that can be displayed for this widget.
Configure any other settings to define your widget, such as how you want to group the displayed data and
whether you want to filter the displayed data.
Refer to the specific widget sections for detailed information on creating a widget of that type.
Click SAVE. Your screen will return to the new dashboard which now contains the widget that you have
created.
© 2023 Pico Quantitative Trading LLC. All rights reserved 124 .
Step 4
If you want to make further changes to your widget, click the arrow on the top right of the widget and click
Edit.
This will open the Edit Session Table window for this widget. You can modify the widget and re-save it.
Clicking CANCEL will ask if you want to discard the edits just made before closing the editor.
© 2023 Pico Quantitative Trading LLC. All rights reserved 125 .
NOTE: If you prefer you can create or edit your widget using XML code, by clicking on XML VIEW in
the widget editor. If you click this and have unsaved edits in your widget, you will be asked to save
these first. Similarly, if you make changes in the XML editor you must save these before you switch
back to GUI editing.
DELETING OR EDITING A WIDGET
To delete or make changes to an existing widget, click and select Delete or Edit.
© 2023 Pico Quantitative Trading LLC. All rights reserved 126 .
NOTE: These options are only available for user defined dashboards. In the case of system or plugin
supplied dashboards, you can view the XML by clicking </> VIEW XML, but the XML window that
opens has a lock symbol telling you that the 'Widget XML is view-only'.
DEFINING A DASHBOARD USING XML
You can configure the following dashboard types using XML:
l Dashboards view – displayed on the Dashboards screen as a Dashboard View and dis-
plays results across multiple sessions
l Per-session dashboard – displayed on the Dashboards screen as a Dashboard View by
default, when groupName is not specified in XML, and displays results for selected sessions.
The group can be changed to a Sessions dashboard by changing the groupName.
l Per-tag dashboard – displayed on the Dashboards screen as a Dashboard View by
default, when groupName is not specified in XML, and displays results for a selected tag. The
group can be changed to a new group by editing the groupName.
© 2023 Pico Quantitative Trading LLC. All rights reserved 127 .
l Inspect Data dashboard – displayed on the Inspect Data screen and displays results for a
selected session.
NOTE: From release 9.7.2, the Dashboard XML configuration of CMCs includes configuration for any
management reports and schedules configured using the Scheduled Reporting feature (which allows
them to be backed up and restored along with the dashboard configuration). You will see this
configuration within the <reports></reports> element. As Pico does not recommend that you
edit the report XML directly, the <reports> configuration elements are not described here. The
report configuration XML undergoes strict or non-strict validation checks (strict validation is selected
by default but can be disabled on the Dashboard XML configuration screen). On installation to another
CMC, errors detected in the configuration by the validation checks will prevent the updated
Dashboard XML configuration from being saved. See "Dashboard Validation" on page 323.
As an administrator, you can also access the file that defines the current set of Corvil dashboards by
switching to System Administration mode and selecting the Dashboards editor.
This screen enables you to view and modify the current Dashboards and Inspect Data screen
configuration and save a new one. The default dashboard configuration is also listed in a separate tab so
that you can return to the default settings if necessary.
On Corvil Management Center, only the local dashboard is configurable this way (that is, pushing the
dashboard configuration from Corvil Management Center to individual CNEs is not supported).
NOTE: Removing a configurable statistic or tag-type from the CLI results in an error message being
displayed if the statistic or tag-type is used in the current Corvil Dashboard definition.
Using the clear config CLI command resets the Corvil Dashboard to the default settings.
The high-level structure of the XML configuration file is as follows:
© 2023 Pico Quantitative Trading LLC. All rights reserved 128 .
<dashboards version="0">
<context pcapAnalysisView="{dashboard name}"> [<context> Optional; Supported in
release 9.6.x and later]
<statsConfigs>
<statsConfig>...</statsConfig>
</statsConfigs>
<performanceWarning..>
<warningThresholds.../>
<warningThresholds.../>
</performanceWarning>
</context>
<dashboard groupName=”DASHBOARD VIEWS” name="My dashboard" source="user"
layout="grid" type="dashboard">
.
.
</dashboard>
<reports>...</reports> Scheduled Reporting config in CMCs - Supported in release
9.7.2 and later]
<dashboards>
The enclosing <dashboards></dashboards> element contains a version (currently 0) and one or
more <dashboard></dashboard> elements.
Global Dashboard Context
From Corvil Analytics 9.6.x, you can include an optional <context></context> element within which
you define global dashboard elements.
For example, you can configure:
l custom statistic naming that can be used for dashboards and the Lens table (see "Defining
Custom Statistic Names - XML" on page 135
l a performance warning banner that is displayed at the top of the screen to highlight performance
issues [from 9.7.0 only]
l a specific Inspect Data dashboard to open when viewing analyzed PCAP files [from 9.7.0 only]
DEFINING A PERFORMANCE WARNING BANNER
From release Corvil Analytics 9.7.0, you can configure an optional performance warning banner within the
global <context> element. Here you define threshold limits for port and packet capture drops. If
exceeded, the performance warning banner is displayed at the top of Dashboards, Inspect Data and
PCAP Export screens of a CNE (and Inspect Data on a CMC for a managed CNE).
The XML structure for <performanceWarnings> is explained in the following example:
<performanceWarning timeRangeValue="24" timeRangeUnit="hour">
© 2023 Pico Quantitative Trading LLC. All rights reserved 129 .
<warningThresholds faultType="Port Drop" maxNumberOfFaultsAllowed="250"
maxTimePercentageSpentWithActiveFaults="15"/>
<warningThresholds faultType="Packet Capture Drop" maxNumberOfFaultsAllowed="1"
maxTimePercentageSpentWithActiveFaults="30"/>
</performanceWarning>
where
the timeRangeValue and timeRangeUnit attributes specify the length of time for which the drops
are monitored for the banner to be triggered.
timeRangeValue - specifies a time range of 1 hour to 60 days
timeRangeUnit - time unit can be "hour" or "day"
faultType - specifies which type of fault is being configured for the banner. It can be set to "Port Drop"
or "Packet Capture Drop” only.
maxNumberOfFaultsAllowed - [Optional] specifies the maximum number of port or packet capture
drops that can occur before the warning banner is displayed. Range: 1 - n. If you exclude the attribute, the
number of port drop faults won’t trigger the warning.
maxTimePercentageSpentWithActiveFaults - [Optional] specifies the maximum percentage 30
second time windows in the configured timerange that port or packet capture drop faults can be active on
the CNE before the warning banner is displayed. Range: 0 - 100(%). If you set to 0 or exclude the
attribute, the warning isn't triggered based on length of time the drop faults are active.
DEFINING A PCAP ANALYSIS VIEW DASHBOARD
From release Corvil Analytics 9.7.0, you can quickly import and analyze a PCAP file, then view the results
on the default (top of list) Inspect Data dashboard, or you can specify a different dashboard on which to
view the results. To specify a different PCAP Analysis view dashboard, configure the following attribute
within the global <context> element:
<context pcapAnalysisView="dashboard name"/>
The dashboard you specify must be pre-defined and it must be an Inspect Data dashboard.
Defining Dashboards
The <dashboard></dashboard> element includes
l a name attribute used to give the dashboard a title
l a groupName attribute used to specify which dashboard group the dashboard belongs to.
See note
l a source attribute, which can have the following values:
l source="system" - system-defined dashboard (cannot be edited)
l source="decoder" - plugin-supplied dashboard (cannot be edited)
© 2023 Pico Quantitative Trading LLC. All rights reserved 130 .
l source="user" - user-defined dashboard. To manually add a new dashboard ele-
ment as an administrator, this attribute must be set.
l a layout attribute used to specify if the dashboard is a "grid" or "canvas" based dashboard
[this attribute is included in 9.6.1 and later releases]. This attribute is not allowed for Inspect
Data dashboards (dashboards with type=networkdata).
l a type attribute used to specify if the dashboard is displayed on the Dashboards (type-
e=dashboard) or Inspect Data screen (type=networkdata)
l an optional <templating/> element used to specify a global, per-session, or per-tag-type
dashboard
l an optional <context></context> element, which can include filters and time period set-
tings
l zero or more widget elements of various types
NOTE: When a dashboard is created, the default groupName is Dashboard Views (or Views for
Inspect Data). You can change this in the XML or by using ‘Change Group’ in Manage Dashboards. If
you delete the groupName attribute (it is optional), the dashboard will revert back to the group
Dashboard Views (or Views for Inspect Data).
NOTE: Dashboards imported from releases earlier than 9.6.0 will automatically be updated with the
attribute layout="grid".
The overall structure of a user-defined grid-based dashboard definition is as follows, including the optional
elements:
<dashboard groupName=”DASHBOARD VIEWS” name="My Dashboard" source="user"
layout="grid" type="dashboard">
<templating/>
<context>
<filters>
<filter>
...
</filter>
</filters>
<time>
...
</time>
</context>
<timeSeriesChart>...</timeSeriesChart>
<sessionTable>...</sessionTable>
<topNTable>...</topNTable>
<pieChart>...</pie Chart>
<recentEvents>...</recentEvents>
<number>...</number>
© 2023 Pico Quantitative Trading LLC. All rights reserved 131 .
<notes>...</notes>
<action>...</action>
<barChart>...</barChart>
</dashboard>
The overall structure of a user-defined Inspect Data dashboard definition is as follows, including the
optional elements:
<dashboard groupName=”VIEWS” name="My Dashboard" source="user"
type="networkdata">
<templating/>
<context>
<filters>
<filter>
...
</filter>
</filters>
<time>
...
</time>
</context>
<timeSeriesChart>...</timeSeriesChart>
<topNTable>...</topNTable>
<messagesTable>...</messagesTable>
<notes>...</notes>
<action>...</action>
</dashboard>
NOTE: Only time-series charts, TopN tables, Notes, Action and message table widgets can be added
to an Inspect Data dashboard.
EXAMPLE DASHBOARD VIEW - XML
The following example excerpt from the default dashboard configuration shows a user-defined dashboard
view named TCP Metrics.
© 2023 Pico Quantitative Trading LLC. All rights reserved 132 .
This dashboard is listed as a dashboard view on the Dashboard screen and includes session table
widgets named TCP Byte and Packet Counts and TCP Roundtrip Times reporting a specified set of
statistics. This example does not include any optional filtering or time settings.
<dashboard groupName=”DASHBOARD VIEWS” name="TCP Metrics" source="user"
layout="grid" type="dashboard">
<sessionTable height="2" title="TCP Byte and Packet Counts" width="12">
<stat direction="request" type="tcp-connections-initiated"/>
<stat direction="response" type="tcp-connections-initiated"/>
<stat direction="request" type="tcp-connections-exited"/>
<stat direction="response" type="tcp-connections-exited"/>
<stat direction="request" type="tcp-connections-refused"/>
<stat direction="response" type="tcp-connections-refused"/>
<stat direction="request" type="tcp-connections-ignored"/>
<stat direction="response" type="tcp-connections-ignored"/>
<stat direction="request" type="tcp-packet-count"/>
<stat direction="response" type="tcp-packet-count"/>
<stat direction="request" type="tcp-retransmitted-oos-percent"/>
<stat direction="response" type="tcp-retransmitted-oos-percent"/>
<stat direction="request" type="tcp-roundtrip-time">
<aspect type="max"/>
</stat>
<stat direction="response" type="tcp-roundtrip-time">
<aspect type="max"/>
</stat>
<stat direction="request" type="tcp-total-goodput"/>
<stat direction="response" type="tcp-total-goodput"/>
<stat direction="request" type="tcp-total-roundtrip-time">
<aspect type="max"/>
</stat>
<stat direction="response" type="tcp-total-throughput"/>
© 2023 Pico Quantitative Trading LLC. All rights reserved 133 .
<stat direction="request" type="tcp-total-throughput"/>
</sessionTable>
<sessionTable height="2" title="TCP Roundtrip Times" width="12">
<stat direction="request" type="tcp-roundtrip-time">
<aspect type="min"/>
<aspect type="mean"/>
<aspect type="max"/>
</stat>
<stat direction="response" type="tcp-roundtrip-time">
<aspect type="min"/>
<aspect type="mean"/>
<aspect type="max"/>
</stat>
<stat direction="request" type="tcp-total-roundtrip-time">
<aspect type="min"/>
<aspect type="mean"/>
<aspect type="max"/>
</stat>
</sessionTable>
</dashboard>
EXAMPLE INSPECT DATA DASHBOARD - XML
The following example from a user-defined default dashboard configuration shows a per-session
dashboard named Messages that is displayed on the Inspect Data screen.
Here is the corresponding XML configuration. This Inspect Data screen dashboard is templated by
session, set to show results for the last hour and includes a time-series chart of message counts named
Message Count and a message table named Messages – Analytics.
<dashboard groupName=”VIEWS” name="Messages" source="user" type="networkdata">
<templating by="session"/>
<timeSeriesChart area="false" height="2" preferredResolution="default"
showLegend="true" stacked="false" title="Message Count" width="12">
<stat direction="request" type="message-count"/>
</timeSeriesChart>
<messagesTable height="3" showEmptyColumns="false" title="Messages -
© 2023 Pico Quantitative Trading LLC. All rights reserved 134 .
Analytics" width="12"/>
</dashboard>
DEFINING CUSTOM STATISTIC NAMES - XML
[Supported in release 9.6.x and later]
In order to use a custom statistic name you must first define one or more dictionaries of custom statistic
names within the <context> element under the overall <dashboards> element. These dictionaries
can then be used to apply custom names for statistics in dashboards and in Lens.
A maximum of 10 dictionaries can be defined.
You can open the Dashboard XML editor directly from a GUI widget editor (for widgets that support
custom statistic naming) by selecting the tooltip next to Use Custom Statistic Names and clicking the
Dashboards XML Configuration link. Alternatively, open System Administration mode from the
Settings cog menu and select the Dashboards editor.
The general structure of a custom statistic naming definition is as follows:
<dashboards version="0">
<context>
<statsConfigs>
<statsConfig>
<stat ... />
</statsConfig>
</statsConfigs>
<context>
To specify the <stat> element, you use the following attributes:
direction="" - Optional
Specifies the session direction for which a statistic is reported:
"both" - the new custom name is used for the receive and response directions, with the direction indicated
by an arrow.
© 2023 Pico Quantitative Trading LLC. All rights reserved 135 .
"request" - the custom name is used for the request direction. No arrow is displayed.
"response" - the custom name is used for the response direction. No arrow is displayed.
If you do not enter the direction attribute, the default of "both" is used for applicable statistics.
displayName=""
Specifies the name that will be displayed on the dashboard or Lens table. You can enter a name up to 40
characters long, using the following character set:
a-z
A-Z
whitespace
0-9
()*:;,./-=+{}$%!?\|^#@
Enter either the attribute type or name in your configuration:
type
For system-defined statistics, specifies the name of the statistic to be replaced.
name
For configurable statistics, specifies the name of the configurable statistic to be replaced.
useGlobally
Specifies that this dictionary should be used on all Dashboards Views and Inspect Data dashboards, and
on the Lens table. Can only be configured for one dictionary.
useInLens
Specifies that this dictionary should be used on the Lens table. Can only be configured for one dictionary.
Once the dictionaries are defined, they can be used as follows:
l Globally throughout Dashboards and Inspect Data using the ‘useGlobally’ tag (only one dic-
tionary may be configured for global usage)
l In Lens by including the ‘useInLens’ tag (only one dictionary may be configured for use in
Lens)
© 2023 Pico Quantitative Trading LLC. All rights reserved 136 .
l On a per dashboard basis by referencing the dictionary in the specific dashboard XML con-
figuration (referenced using the name attribute of the statsConfig)
l On a per widget basis by referencing the dictionary in the specific dashboard XML con-
figuration (referenced using the name attribute of the statsConfig)
Precedence
The order of precedence for custom statistic naming is as follows:
l Widget-based – A dictionary referenced for a widget supersedes the dashboard or global dic-
tionaries
l Dashboard-based - A dictionary referenced for a dashboard supersedes the global dictionary
l Global – Used for all Dashboards Views and Inspect Data dashboards where a local dictionary
isn’t referenced
l No custom statistic names – If a global dictionary isn’t defined, and dictionaries aren’t ref-
erenced for a dashboard or widget
In the case of the Lens table, if a Lens view dictionary is not configured, the global dictionary is used. If a
global dictionary isn't configured, no custom names are used on the table.
Examples of Using Custom Statistic Naming in Dashboards - XML
Globally
In the example here, you define a dictionary to be used globally:
<statsConfig name="general" useGlobally="true">
<stat direction="both" displayName="Initiated Conns" type="tcp-connections-
initiated"/>
<stat direction="both" displayName="Packet Bitrate" type="packet-bitrate"/>
<stat direction="request" displayName="Packets Tx" type="tcp-packet-count"/>
<stat direction="response" displayName="Packets Rx" type="tcp-packet-count"/>
:
</statsConfig>
The display names for the statistics above are used on all Dashboards Views, Inspect Data dashboards
and the Lens table unless superseded by a different dictionary configured on a dashboard, widget or for
Lens view.
Lens View
To use specific custom statistic names in your Lens table, you define a dictionary as follows:
<statsConfig name="lensview" useInLens="true">
<stat direction="request" displayName="Packets Tx" type="tcp-packet-count"/>
<stat direction="response" displayName="Packets Rx" type="tcp-packet-count"/>
© 2023 Pico Quantitative Trading LLC. All rights reserved 137 .
:
</statsConfig>
Per Dashboard / Per Widget
In the next example, two dictionaries are configured with translated configurable statistics and then used
in a dashboard and widget:
<statsConfig name="english">
<stat direction="request" displayName="Cancelled Orders" name="Cancels"/>
<stat direction="response" displayName="Rejected Orders" name="Rejects"/>
</statsConfig>
<statsConfig name="spanish">
<stat direction="request" displayName="Ordenes Canceladas" name="Cancels"/>
<stat direction="response" displayName="Ordenes Rechazadas" name="Rejects"/>
</statsConfig>
<statsConfig name="general" useGlobally="true">
<stat direction="request" displayName="Canc-Orders" name="Cancels"/>
<stat direction="both" displayName="Nr init TCP" type="tcp-connections-
initiated"/>
<stat direction="both" displayName="Packet Bitrate" type="packet-bitrate"/>
<stat direction="response" displayName="Rej-Orders" name="Rejects"/>
</statsConfig>
</statsConfigs>
</context>
<dashboard groupName="DASHBOARD VIEWS" hidden="false" name="New Orders
Information" source="user" statsConfig="english" type="dashboard">
<sessionTable height="2" title="Orders per Session" width="5">
<stat direction="request" name="Cancels"/>
<stat direction="response" name="Rejects"/>
</sessionTable>
<timeSeriesChart area="false" height="3" preferredResolution="default"
showLegend="true" showThreshold="true" stacked="false" title="Rejected and
Cancelled Orders" width="3">
<stat direction="request" name="Cancels"/>
<stat direction="response" name="Rejects"/>
</timeSeriesChart>
<sessionTable height="2" statsConfig="spanish" title="Informacion de Ordenes"
width="5">
<stat direction="request" name="Cancels"/>
<stat direction="response" name="Rejects"/>
</sessionTable>
© 2023 Pico Quantitative Trading LLC. All rights reserved 138 .
</dashboard>
The resulting dashboard looks as follows:
The overall dashboard is using the custom statistic names from the 'english' dictionary, but one of the
session tables is using the 'spanish' dictionary and hence different names for the statistics are displayed.
SPECIFYING PER-SESSION AND PER-TAG
DASHBOARDS - XML
Templating is optional and is used to specify per-session and per-tag dashboards. For example, a per-tag
dashboard could be “Per Client” to show detail on a trading client, or a “Per Web Server” dashboard to
show detail specific to any single web server that’s being monitored.
Per-session and per-tag dashboards will be added to the Dashboards View. You can change this in XML
(you can also move dashboards or change the group using Manage Groups on the UI). For per-session
dashboards, specify groupName=”SESSIONS” to view it under Sessions. For per-tag, set the groupName
© 2023 Pico Quantitative Trading LLC. All rights reserved 139 .
to a relevant name. If the groupName used does not exist, a new group will be created with this name.
For a dashboard templated by tag a tag type should be specified.
These templated dashboards can be accessed directly from tables (click on the client, server or session
name in the table row), or directly from the view selector. This can be used to create useful click-throughs
from high-level dashboards to detail.
Inspect Data dashboards must be templated by session.
If the templating element is not included, this defines a standard dashboard view.
Dashboard Templating Options
The following describes the dashboard templating element options:
<templating by="session"/>
Specifies a per-session dashboard.
Inspect Data dashboards can be templated only by session.
Example templated by session dashboard:
<templating by="session"/>
<templating by="tag" tagType=""/>
Specifies a per-tag dashboard.
Dashboards views templated by tag required a specified tag-type.
If an Inspect Data dashboard is templated by tags, the XML is rejected during import with an error
message.
Example templated by tag dashboard:
<templating by="tag" tagType="Client"/>
© 2023 Pico Quantitative Trading LLC. All rights reserved 140 .
Example Per-Session Dashboard - XML
The following example shows a user-defined per-session dashboard named Link Utilization. As this is a
per-session dashboard, it has been added into the Sessions group so that it can be viewed under the
Sessions heading on the Dashboards screen (by default it will be added into the Dashboard Views
group, so this must be updated via XML or by moving it to Sessions using Manage Dashboards).
Here is the corresponding XML configuration. This example dashboard is templated by session, includes
Bytes, Packets and Microburst numbers, and packet bit rate-based Utilization time-series charts for each
session direction:
<dashboard groupName="SESSIONS" name="Link Utilization" source="user"
type="dashboard">
<templating by="session"/>
<number height="1" title="Bytes ->;" width="3">
<stat direction="request" type="packet-bytes"/>
</number>
<number height="1" title="Bytes <;-" width="3">
<stat direction="response" type="packet-bytes"/>
</number>
<number height="1" title="Packets ->;" width="3">
<stat direction="request" type="packet-count"/>
</number>
<number height="1" title="Packets <;-" width="3">
<stat direction="response" type="packet-count"/>
</number>
<timeSeriesChart area="true" height="2" stacked="false" title="Utilization -
>;" width="6">
<stat direction="request" type="packet-bitrate"/>
</timeSeriesChart>
<timeSeriesChart area="true" height="2" stacked="false" title="Utilization
<;-" width="6">
<stat direction="response" type="packet-bitrate"/>
</timeSeriesChart>
</dashboard>
© 2023 Pico Quantitative Trading LLC. All rights reserved 141 .
Example Per-Tag Dashboard - XML
The following example user-defined dashboard configuration shows a per-tag dashboard named VoIP
Media (RTP). As a per-tag dashboard, it is listed under the heading VOIP-SITE on the Dashboards
screen. The grouping here is by VoIP-Site, with associated tags representing sites like Frankfurt, Chicago,
Canary Wharf, and so on.
Here is the corresponding XML configuration. The dashboard is templated by tags, set to show session
tables named RTP Quality and RTP DSCP and time-series charts named RTP Jitter (reporting
maximum and mean values) and Lost Pkts (sequence Gaps).
<dashboard groupName=”VOIP-SITE” name="VoIP Media (RTP)" source="user"
type="dashboard">
<templating by="tag" tagType="VoIP-Site"/>
<sessionTable height="2" title="RTP Quality" width="6">
<stat direction="request" name="RTP-MOS x100">
<aspect type="min"/>
<aspect type="mean"/>
</stat>
<stat direction="request" name="RTP-Jitter">
<aspect type="max"/>
<aspect type="mean"/>
</stat>
</sessionTable>
<sessionTable height="2" title="RTP DSCP" width="6">
<stat direction="request" name="DSCP DE (0)"/>
<stat direction="request" name="DSCP CS5 (40)"/>
<stat direction="request" name="DSCP EF (46)"/>
</sessionTable>
© 2023 Pico Quantitative Trading LLC. All rights reserved 142 .
<timeSeriesChart area="true" height="2" stacked="false" title="RTP Jitter"
width="4">
<stat direction="request" name="RTP-Jitter">
<aspect type="max"/>
<aspect type="mean"/>
</stat>
</timeSeriesChart>
<timeSeriesChart area="true" height="2" stacked="false" title="Lost Pkts
(sequence Gaps)" width="4">
<stat direction="request" type="message-sequence-count"/>
</timeSeriesChart>
</dashboard>
DASHBOARD CONTEXT SETTINGS - XML
The optional <context></context> element contains filtering and time-related settings for a
dashboard or an individual widget.
<context>
<filters>
<filter>
...
</filter>
</filters>
<time>
...
</time>
</context>
NOTE: Widgets can set an inherits="true" parameter to inherit the settings specified for the
dashboard.
You can access the context settings by clicking and selecting Context Settings.
In the following example, the dashboard view is templated by session and the default click-through
navigation to Inspect Data brings you to a view named DMA Clients and Venues. This view is defined
to only show results for sessions tagged with the FIX protocol and a Client. The default reporting period for
the view is set to the last hour:
<templating by=”session”/>
<context drilldownView=”DMA Clients and Venues”>
<filters>
<filter subject=”Protocol” operator=”is” value=”FIX”/>
<filter subject=”Client” operator=”isPresent” />
© 2023 Pico Quantitative Trading LLC. All rights reserved 143 .
</filters>
<time>
<namedPeriod name=”Last 1 hour”/>
</time>
</context>
Specifying Navigation to Decoded Data Views
The optional drilldownView attribute specifies the name of a destination Inspect Data dashboard to
open on click-through (for example, when clicking on a time-series chart data point and selecting Go to
Inspect Data) . This attribute is specified in the <context> tag of dashboards and widgets. For example
to specify click-through to an Inspect Data dashboard named HTTP:
<context drilldownView="HTTP">
...
</context>
The name of the Inspect Data dashboard is validated on upload and fails if the named dashboard does
not exist. If strict validation is disabled then the dashboard configuration is saved with a warning.
When specified at dashboard level, all widgets in that dashboard have the same click through behaviour
unless a widget specifies its own drilldownView attribute, in which case this takes precedence. If a
widget specifies a view that does not exist, it reverts to the overall dashboard behaviour. If the
dashboard's view does not exist, or none is given, then the first Inspect Data view defined is opened.
Defining Data Filters
The optional <filters></filters> element can specify data filtering based on tags, tag-types, and
sessions.
A filter operator can have the following values: is, isNot, contains, doesNotContain, isOneOf, isNotOneOf,
isPresent, isNotPresent.
A filter subject specifies either a tag-type or a session.
In the following example, a compound filter composed of two clauses ANDed together represents the
following:
"(Protocol is FIX) and (Client tag-type is applied)"
© 2023 Pico Quantitative Trading LLC. All rights reserved 144 .
So the dashboard is defined to only show results for sessions tagged with the FIX protocol and a Client:
<filters>
<filter subject=”Protocol” operator”is” value=”FIX”/>
<filter subject=”Client” operator=”isPresent” />
</filters>
In the following example a compound filter composed of two clauses ANDed together represents the
following:
"(Client is ACME) and (Session is not vol5)"
where Client is a defined tag-type, ACME is a potential tag value for that tag-type, and vol5 is one of the
configured sessions on the system.
<filters>
<filter subject="Client" operator="is" value="ACME"/>
<filter session="true" operator="isNot" value="vol5"/>
</filters>
The full set of filters is as follows, where ‘TagType’, ‘TagValue’, ‘SessionName’ are configured Tag types,
values for that tag, and configured Session names respectively.
Filter Expression
<filter subject="TagType" operator="is"
TagType is TagValue
value="TagValue"/>
<filter subject="TagType" operator="contains"
TagType contains search_text
value="search_text"/>
<filter subject="TagType" operator="isOneOf">
<value>TagValue1</value>
<value>TagValue2</value>
TagType is one of .
TagValue1,TagValue2,…TagValueX .
.
<value>TagValueX</value>
</filter>
TagType is present <filter subject="TagType" operator="isPresent"/>
<filter subject="TagType" operator="isNot"
TagType is not TagValue
value="TagValue"/>
© 2023 Pico Quantitative Trading LLC. All rights reserved 145 .
Filter Expression
<filter subject="TagType" operator="isNotOneOf">
<value>TagValue1</value>
<value>TagValue2</value>
TagType is not one of TagValue1, .
TagValue2,…TagValueX .
.
<value>TagValueX</value>
</filter>
<filter subject="TagType"
TagType does not contain search_text operator="doesNotContain"
value="search_text"/>
<filter subject="TagType" operator="isNotPresent"
TagType is not present
/>
<filter session="true" operator="is"
Session is SessionName
value="SessionName" />
<filter session="true" operator="contains"
Session contains search_text
value="search_text" />
<filter session="true" operator="isOneOf">
<value>SessionName1</value>
<value>SessionName2</value>
<value>SessionName3</value>
Session is one of SessionName1, SessionName2,...
.
SessionNameX
.
.
<value>SessionNameX</value>
</filter>
<filter session="true" operator="isNot"
Session is not SessionName
value="SessionName" />
<filter session="true" operator="isNotOneOf">
<value>SessionName1</value>
<value>SessionName2</value>
Session is not one of SessionName1, .
SessionName2,... SessionNameX .
.
<value>SessionNameX</value>
</filter>
<filter session="true" operator="doesNotContain"
Session does not contain search_text
value="search_text" />
© 2023 Pico Quantitative Trading LLC. All rights reserved 146 .
Defining a Dashboard or Widget Time Period
The optional <time></time> element can be added to a dashboard or widget configuration and can
represent any one of
l live
l a named time period
l a custom period
l a comparison of time periods
LIVE MODE
<time>
<liveMode historySize="5 min"/>
</time>
<liveMode historySize="">
Specifies that the dashboard uses live mode by default.
Live mode is not available for Inspect Data dashboards.
Also specifies the age of the data from which live results are displayed.
History size can be one of the following:
l "10 sec"
l "20 sec
l "30 sec"
l "1 min"
l "2 min"
l "5 min"
l "10 min"
NAMED TIME PERIOD
<time>
<namedPeriod name="Last 1 hour">
<!-- Optional, Max 1 -->
<comparisonOption name="Previous hour"/>
© 2023 Pico Quantitative Trading LLC. All rights reserved 147 .
</namedPeriod>
</time>
namedPeriod=""
Specifies that the dashboard uses the selected named time period by default.
Options include:
l "Last 1 hour"
l "Last 24 hours"
l "Last 48 hours"
l "Last 7 days"
l "Last 30 days"
l "Last 60 days"
l "Business Day"
comparisonOption name=""
[Optional] When defining a named time period, you can include one comparison between different
periods. Supported comparison options for each named period are as follows:
l Last 1 hour: "Previous hour", "Same hour yesterday", "Same hour last week", "Same hour last
month"
l Last 24 hours: "Previous day", "Same day last week", "Same day last month"
l Last 48 hours: "Previous 48 hours", "Same 48 hours last week", "Same 48 hours last month"
l Last 7 days: "Previous week", "Same week last month"
l All other: "Previous", "Same yesterday", "Same last week", "Same last month"
For example:
<comparisonOption name="Previous hour"/>
NOTE: If business hours reporting (release 9.5.0 or later) has been enabled, the time period
comparison shows business hours results only.
CUSTOM TIME PERIOD
<time>
<customPeriod from="2017-10-26 12:34:56" to="2017-10-27 14:35:25" />
</time>
© 2023 Pico Quantitative Trading LLC. All rights reserved 148 .
customPeriod from="" to =""
Specifies that the dashboard uses a custom time period by default.
Specify the start and end of the time period as follows:
from="YYYY-MM-DD HH:MM:SS" to=" YYYY-MM-DD HH:MM:SS"
NOTE: The maximum custom time range that can be specified is 60 days.
For releases earlier than 9.6.0:
- On CNEs, if you have more than 300 sessions, the custom time range cannot exceed 7 days.
- On Corvil Management Center, if you have more than 300 sessions on a dashboard, you cannot set
a custom or recent period.
Also, on CMCs running 9.6.x or later releases, when viewing data that was captured on CNEs running
9.5.x or earlier, custom periods can only be used on dashboards that contain less than 300 sessions.
This also applies if any of the managed or monitored CNEs in the CMC configuration are running 9.5.x
or earlier releases.
Format used is the same as in the UI (supports setting only date and up to nanosecond precision) and
uses the universal date format of YYYY-MM-DD. The time zone used is the one displayed on the
dashboard (this can be configured in the CLI or selected directly on the dashboard or in the Global Time
Period Selector) and validation of time is done using that time zone (time zones with DST can have
invalid hours so this is checked).
For example:
from="2017-10-26 12:34:56" to="2017-10-27 14:35:25"
DEFINING WIDGETS USING XML
The widget elements are comprised of one or more of the following elements, in any order.
l action
l bar chart
l number
l timeSeriesChart
l sessionTable
l topNTable
l pieChart
l recentEvents
© 2023 Pico Quantitative Trading LLC. All rights reserved 149 .
l messagesTable (Inspect Data dashboard only)
Up to 40 widgets per dashboard screen can be defined in the XML file.
Adding a Widget Using XML
Adding a Widget to a Dashboard View
Step 1
Click and select Add a widget.
Step 2
On the Add a Widget screen, choose the widget type of interest.
Step 3
The GUI widget editor opens. Click on </> XML VIEW to open the XML editor. The editor displays basic
configuration for the widget. Use the editor prompts to complete a configuration and click Save.
The base widget element, upon which all the derived types above are based, has the following form in a
grid-based dashboard:
<BaseWidget title="widget title" width="2" height="2">
<context inherits="true|false"/>
</BaseWidget>
The common elements, as above, are the title, width, and height attributes, and the enclosed
optional <context/> element.
The title determines the displayed name of the widget.
The width and height of the widget dictate its dimensions in the 12 unit wide grid dashboard or in the
canvas dashboard. Please refer to the topic "Dashboard Layout Design" on the facing page for the
recommended widget dimensions.
© 2023 Pico Quantitative Trading LLC. All rights reserved 150 .
The optional <context/> element, which is available for pie charts, time series charts, session tables,
topN tables, recent stream events and big numbers, is identical to the dashboard context element, with
the addition of the inherits attribute, which specifies whether it inherits the global filter set (if any) as
well as applying its own local filters (if any). The default value is true.
If the inherits attribute is present and set to false the widget does not inherit the global filtering
context.
For more information on data filtering and time period settings using the <context/> element, please
refer to the section "Dashboard Context Settings - XML" on page 143.
In a canvas-based dashboard (supported in 9.6.x and later releases) the base widget element form is:
<BaseWidget height="400" title="" width="800" x="-756" y="-450">
<context inherits="true|false"/>
</BaseWidget>
The common elements are the width, height, x and y attributes, and the enclosed optional
<context/> element.
The width and height of the widget dictate its dimensions in the 10000x10000px canvas dashboard.
Please refer to the topic "Dashboard Layout Design" below for the recommended widget dimensions.
The x and y coordinate attributes dictate the position of the widget on the canvas.
The title element is optional in canvas-based dashboards.
The positioning of the elements in your XML configuration is important. For example, if you add a context
setting to your widget configuration, you must place it before the (optional) subtitle, which must be placed
before the other elements. In general, the order of elements must be:
1. context (optional)
2. subtitle (optional)
3. other elements specific to the widget type
Refer to the definition topic of your required widget type for more information.
DASHBOARD LAYOUT DESIGN
Grid-based Dashboards
Grid-based dashboard layouts are based on a 12-column grid when viewed on screens larger than
1024px in width. This changes to 8 columns below 1024px. Optimal display is supported down to a
minimum width of 768px.
© 2023 Pico Quantitative Trading LLC. All rights reserved 151 .
Each widget is also optimized for specific dimensions. The recommended minimum and maximum
dimensions for each widget type are listed in the table below:
Minimum (Recommended) Maximum (Recommended)
Widget Name Dimensions Dimensions
(width x height) (width x height)
Big Number 2x1 4x1
Time Series Chart 3x3 12x4
Session Table 3x2 12x10
Notes 2x1 12x10
TopN Table 4x2 12x4
Pie Chart 3x3 12x4
Recent Stream
4x2 12x4
Events
Messages Table 6x2 12x10
Action 4x2 (see note) 12x10
Bar Chart 3x3 12x4
NOTE: The minimum allowed widget size for an Action is 4x2, however, many Action widgets may look
better when displayed using larger dimensions. Refer to the specific Action topic in the Corvil Actions
Guide for the recommended minimum dimensions for that Action.
Canvas-based Dashboards
[Supported in 9.6.1 and later release only]
Canvas-based dashboard are based on a 10000x10000px canvas.
When added to the canvas, each supported widget type is optimized to a default dimension size. These
are listed below:
Default Dimensions
Widget Name
(width x height)
Big Number 200x100
Time Series Chart 400x250
Session Table 400x250
Notes 300x100
Pie Chart 300x300
Action 300x300
Bar Chart 400x250
© 2023 Pico Quantitative Trading LLC. All rights reserved 152 .
The minimum dimensions for all supported widget types added to a canvas-based dashboard are
200x100 pixels (width x height) and the maximum dimensions are 4000x4000 pixels.
DEFINING A BIG NUMBER USING THE WIDGET
EDITOR
NOTE: Big number widgets can be added to grid-based and canvas-based dashboards. The widget
editor contents are slightly different depending on which type of dashboard you are adding the widget
to. These differences are highlighted below. Canvas-based layout dashboards are supported in 9.6.1
and later releases.
The big number widget enables you to display a single statistic value (or aspect of a distribution statistic)
on a dashboard. For 9.6.2 and later releases, for statistics that support thresholds, you can choose to
display the statistic as a percentage of the threshold.
You can add a big number widget to a user-defined dashboard on the Dashboards screen by clicking
and selecting Add a Widget.
NOTE: The Add a Widget option is only available for user defined dashboards.
NOTE: Big number widgets are not available for Inspect Data dashboards.
Select the Big Number icon from the widget menu. This opens a dashboard editor to the Add Big
Number window. The example below shows the big number widget editor launched from the Dashboards
screen.
© 2023 Pico Quantitative Trading LLC. All rights reserved 153 .
The settings in the editor window are divided into required and optional settings. Using the guidelines
given below for each setting, make the appropriate updates to create the big number widget that you
require, then click SAVE to apply the changes and view your widget.
NOTE: You can view/edit the XML code for your chart from the widget editor by clicking </> XML
VIEW. You must save your changes in the GUI EDITING mode before switching to XML editing mode
and vice versa.
You can also edit an existing user-defined big number widget using the widget editor by clicking on the
arrow on the top right of the widget and selecting Edit. The widget editor will open an Edit Big
Number window, containing the settings options below.
Big Number Required Settings
To create a big number widget using the widget editor, you must configure some basic settings before you
will be allowed to save the new widget. These fields are generally indicated by a * or flagged as Required.
NOTE: If adding a big number widget to a canvas-based dashboard only the Statistic value is
mandatory.
NAME AND DIMENSIONS
Specify the title and dimensions of the big number widget.
© 2023 Pico Quantitative Trading LLC. All rights reserved 154 .
Title
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specify the display name of the big number widget.
Height
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the height of the widget. The default height is 1.
Width
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the width of the widget. The default width is 2.
NOTE: For grid-based layout dashboards, the recommended minimum dimensions are: 2x1 (width x
height). The recommended maximum dimensions are: 4x1 (width x height).
For canvas-based layout dashboards, the dimensions are based on pixels and can only be changed in
the XML editor.
SPECIFYING THE STATISTIC TO REPORT
[Mandatory for grid-based and canvas-based layout dashboards]
Specify the statistic and session direction that you want to report in your widget. Click ADD STATISTICS
to see the list of available statistics. The statistics are grouped into Packet, Configurable, EQ, Message,
PNQM- Latency and Loss, Microburst and TCP statistics, and most are available in the request and
response session direction. Enable Expand All to see the full list of statistics. You can filter the list of
statistics by entering a string in the Filter by name box on the top right of the ADD STATISTICS
window.
To select a statistic for display, click ADD REQUEST or ADD RESPONSE for the required statistic. You
can only add one statistic for a big number widget. Once selected, the text in the ADD STATISTICS list
will have changed to green and will say RESPONSE/REQUEST ADDED.
If you want to display a different statistic, click CHANGE on the current statistic and select a different
statistic from the list.
© 2023 Pico Quantitative Trading LLC. All rights reserved 155 .
NOTE: Only available statistics are shown in the menu. If you want to see the unavailable statistics,
click Show Unavailable Statistics at the end of the statistics menu. This will show the unavailable
statistics in greyed out text. These statistics cannot be selected. For example, some configurable stats
may be hidden if the assigned sessions have been filtered in the dashboard.
NOTE: For more information on supported statistics, please refer to the section "Specifying Statistics
in Widgets Using XML" on page 317.
NOTE: Big number widgets display statistics results aggregated over all sessions. If you are displaying
results for more than one session, statistics that cannot be aggregated will not be displayed and a
warning message is shown. An example is microburst statistics. In order to display these in a big
number widget, you will need to add a session filter to the widget/dashboard or add the big number
widget to a per-session dashboard. This is also the case if you are displaying the statistic value as a
percentage of a threshold.
Aspect Type
If you are displaying a distribution statistic you need to select the type of aspect to display for the statistic.
For example, you can display the maximum, minimum, mean or percentile values for Latency type
statistics and some configurable statistics. If you select percentile, you must enter a percentile value. Only
one aspect can be displayed.
Adding a Subtitle (Optional)
Subtitle
You can add an optional subtitle to the widget to clarify its purpose.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
Changing the Session Display Name (Optional)
[Supported in release 9.5.x and later]
Session Display Name
The Session Display Name option allows you to use an alternative name for the session name displayed
on the legend and graph when navigating to a time-series chart from a big number widget. The alternative
display name is based on a tag defined for the session. If you have already defined the tag name that you
© 2023 Pico Quantitative Trading LLC. All rights reserved 156 .
want to use for the session, click the toggle switch and select the tag-type from the dropdown list. If you
haven't yet defined a relevant tag for the session, use the tooltip next to the toggle switch and click on the
link that allows you to open the Manage Tags administration page. Here you can add a tag to a session
by selecting a tag-type and assigning a tag value. The time-series chart that opens when you click on the
big number value will display the tag name instead of the session name for sessions that have values
assigned for the selected tag-type. If a session doesn't have this tag-type defined, the original session
name will be displayed.
You can display the same session with a different name on other widgets by configuring and selecting a
different tag-type.
The new display name is not preserved on click-through to Inspect Data or Session dashboards.
NOTE: If you want to see the original name of the session, click on a point on the graph for that
session. The new display name and original session name are both shown in the tooltip.
NOTE: The Session Display Name option is not available for widgets created on Inspect Data
dashboards or for any templated by session dashboards.
Changing the Statistic Display Names (Optional)
[Supported in release 9.6.x and later]
If you have configured dictionaries of custom statistic names for changing the display name for some of
your statistics, you can select which dictionary you want to use for your big number widget by enabling the
Use Custom Statistic Names toggle and selecting a dictionary from the list of configured dictionaries in
the dropdown menu.
Selecting this option replaces the system-defined or configurable statistic name displayed in the legend
and tooltips of the time series chart that you navigate to with the new name configured in the selected
dictionary.
© 2023 Pico Quantitative Trading LLC. All rights reserved 157 .
NOTE: If you do not configure a dictionary for your widget, the dictionary selected for the dashboard is
used instead (if configured), otherwise, the global dictionary is used (if configured).
If you want to check, edit or create a new dictionary, you can open the Dashboard XML editor directly
from a widget editor (for widgets that support custom statistic naming) by selecting the tooltip next to Use
Custom Statistic Names and clicking the Dashboards XML Configuration link.
Showing Threshold Violations (Optional)
[Supported in 9.6.1 and later releases only]
If you have configured a threshold target for your statistic in the relevant service objective and you want to
be warned if the value exceeds the threshold value, then select Show Threshold Violation. This
ensures that the number will display in red if the threshold is exceeded.
Note that this is unrelated to the Trending alert style which does not impact on color of the big number
itself but instead displays trending information below the big number itself.
Displaying a Statistic as a Percentage of a Threshold (Optional)
[Supported in 9.6.2 and later releases only]
If you have configured a threshold target for your statistic in the relevant service objective and you want to
display the statistic or statistic aspect as a percentage of the threshold value, rather than as an absolute
value, select Display Number as Percentage of Threshold. Comparison mode is supported
displaying the current and previous percentage values and indicating whether there is no change, an
increase or a decrease in the percentage.
If the percentage can't be calculated for the statistic, "--" is displayed with an explanatory tooltip. For
example, when the dashboard/widget is displaying multiple sessions, the statistic value is empty for the
session or when the threshold target has not been set for the statistic. Also, negative percentages are not
calculated so if the threshold and the statistic values have different signs, this is displayed as "--".
Note that the percentage value will display in red if the threshold is exceeded and the widget is configured
to flag threshold violations.
Displaying Abbreviated or Exact Values (Optional)
Number Formatting
Big numbers display scaled or ABBREVIATED values by default. For example, a count of 1234.5
messages is displayed as 1.23k. To display the full, unscaled value select EXACT.
© 2023 Pico Quantitative Trading LLC. All rights reserved 158 .
Trending Alert (Optional)
Trending Alert Style
Trend information is displayed for your big number when you select a comparison time period. You can
choose how the trending is displayed by setting the Trending Alert Style when configuring your
statistic. If you select the option Up is green, down is red, then an increase compared to the previous
compared period is considered a positive trend and will be displayed in green, while a decrease is
displayed in red. If you select the option Up is red, down is green, for example, for loss or latency, then
an increase is considered a negative trend and is displayed in red, while a decrease is a positive trend and
is displayed in green. Alternatively, you can use the default setting of Neutral - up and down are grey,
which shows both the positive and negative trends displayed in grey. Clicking on the number navigates to
a time-series chart displaying the graphs compared side-by-side.
Advanced Settings
APPLYING TIME AND DATA FILTERS (OPTIONAL)
Your widget will use the time period and data filters set for the dashboard that it resides in. If you want to
use local time and data filters for your widget, you can set them here.
Setting a Time Filter
Enable Local Time Filter
You can set a time-related filter for your big number widget by selecting Enable Local Time Filter and
selecting a time period from the drop-down menu. The allowed options are described in Defining a
Dashboard or Widget Time Period in "Dashboard Context Settings - XML" on page 143. After setting and
saving a local time filter, the icon is displayed on top of the widget to indicate that the widget has its
own time period set.
NOTE: If you want to change the time period on the widget, you can click the or icon and make
a different selection. However, this does not override the local time period selected in the GUI widget
editor page. If you now edit and save changes to the widget using the GUI widget editor, the time
period will be reset to the value that you had originally selected in the GUI editor. If you want to keep
using the locally selected time period, ensure that you also set it within the widget editor.
© 2023 Pico Quantitative Trading LLC. All rights reserved 159 .
Setting Data Filters
Enable Local Data Filters
You can set local data filters by selecting Enable Local Data Filters and adding filters, and/or you can
use the existing filters from the dashboard by setting the Inherit Global Filter button. Data filtering is
based on tags, tag-types, and sessions.
Refer to "Defining Data Filters" in "Dashboard Context Settings - XML" on page 143 for the full set of data
filters and some examples of how to apply them.
Inheriting Global Filters is enabled by default. After setting up local filters, the icon is displayed on
top of the widget to indicate that the widget has its own local data filters.
NAVIGATING TO INSPECT DATA VIEWS (OPTIONAL)
Inspect Data Target View
You can set a target view when navigating to Inspect Data from the widget. The view that is opened in
Inspect Data can be pre-selected by selecting one of the view options under Inspect Data Target View.
If you do not select an option here, the dashboard click through view will be used. If the dashboard's view
does not exist, or none is given, then the first Inspect Data view defined is opened.
Example of a Big Number Widget Using the GUI Widget Editor
The example below shows the creation of a big number widget using the GUI widget editor, and the
resulting widget on the dashboard UI. The example shows a comparison of latency values for the previous
24 hours for a specific session, indicating the trending direction and percentage difference in the
compared values.
© 2023 Pico Quantitative Trading LLC. All rights reserved 160 .
DEFINING A BIG NUMBER USING XML
NOTE: Big number widgets can be added to grid-based and canvas-based layout dashboards.
Canvas-based layout dashboards require additional XML attributes highlighted below. Canvas-based
layout dashboards are supported in 9.6.1 and later releases.
You can add a big number widget to a user-defined dashboard on the Dashboards screen by clicking
and selecting Add a Widget. Select the Big Number icon from the widget menu to open the big
number widget editor. Click </> XML VIEW to view/edit the XML code for your chart. You can also define
a big number for a dashboard by editing the Dashboard XML (select System Administration mode, then
the Dashboards editor).
The big number widget enables you to display a single statistic value (or aspect of a distribution statistic)
on a dashboard. For 9.6.2 and later releases, for statistics that support thresholds, you can choose to
display the statistic as a percentage of the threshold. Use the number element to define a big number
© 2023 Pico Quantitative Trading LLC. All rights reserved 161 .
widget.
NOTE: Number widgets are not available for Inspect Data views.
In the following example, the Physical Ports dashboard includes a number widget displaying Total
Bytes across the Corvil appliance physical ports during the selected time period:
Here is the equivalent XML configuration:
<number height=”1” title=”Total Bytes” width=”3”>
<stat direction=”request” type=”packet-bytes”/>
</number>
Big Number Required Settings
The positioning of the elements within the XML configuration used to define your basic number widget
must follow the order below:
1. context (optional)
2. subtitle (optional)
3. stat
DEFINING THE WIDGET NAME AND DIMENSIONS
The basic number widget settings define:
title=""
[Mandatory for grid-based dashboards. Optional for canvas-based layout dashboards]
Specifies the displayed name of the widget.
height=""
Specifies the height of the widget.
The range is 100 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 4 on grid-based dashboards.
© 2023 Pico Quantitative Trading LLC. All rights reserved 162 .
width=""
Specifies the width of the widget.
The range is 200 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 12 on grid-based dashboards.
NOTE: For grid-based layout dashboards, the recommended minimum dimensions are: 2x1 (width x
height). The recommended maximum dimensions are: 4x1 (width x height).
For canvas-based layout dashboards, the dimensions are based on pixels. The default dimensions
are: 200x100 (width x height). The minimum dimensions are 200x100 (width x height) and the
maximum dimensions are 4000x4000.
POSITION ON CANVAS
[Mandatory for canvas-based dashboards. Not supported for grid-based dashboards]
The x and y attributes determine the position of the widget on the canvas dashboard, where the center
point of the canvas is at coordinates x="0", y="0". When you add a widget it is placed by default in the top
left corner of the displayed canvas screen.
x=""
Specifies the x coordinate or horizontal position of the widget on the canvas. Attribute “x” must be
between -5000 and 5000.
y=""
Specifies the y coordinate or vertical position of the widget on the canvas. Attribute “y” must be between -
5000 and 5000.
NOTE: On canvas-based dashboards, be aware that changing the height and width or x and y
attributes using XML can result in the widget overlapping other elements on the dashboard (this also
happens if you use the mouse to resize or move a widget on the canvas). If this is not intended, you
can reposition the widget or the overlapped elements later when you view the canvas.
SPECIFYING THE STATISTIC TO REPORT
[Mandatory for grid-based and canvas-based layout dashboards]
© 2023 Pico Quantitative Trading LLC. All rights reserved 163 .
There are also parameters used to specify the reported statistic and session direction.
stat direction=""
Specifies the required session direction: request or response
stat type=""
Specifies the system-defined statistic to report.
stat name=""
Specifies the name of a defined configurable statistic.
aspect type=""
Specifies the aspect of a distribution statistic: min, mean, max, percentile. If you specify a percentile
aspect, you use the value="" parameter to specify the percentile value.
NOTE: For more information on supported statistics, please refer to the section "Specifying Statistics
in Widgets Using XML" on page 317.
Adding a Subtitle (Optional)
You can add an optional subtitle to the widget to clarify its purpose. Enter the subtitle text between
<subtitle></subtitle> tags and place it on a separate line AFTER the basic widget settings and
BEFORE the stat tags.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
For example, here's a big number with a subtitle:
Here's the equivalent XML:
© 2023 Pico Quantitative Trading LLC. All rights reserved 164 .
<number height=”1” title=”Client Hit Rate” unscaled=”false” width=”3”>
<context inherits=”true”>
<filters>
<filter operator=”is” subject=”Segment” value=”External”/>
</filters>
</context>
<subtitle>Ratio of RFQs that Trade</subtitle>
<stat direction=”response” name=”Hit Ratio”/>
</number>
Changing the Session Display Name (Optional)
[Supported in release 9.5.x and later]
The displayNameTagType attribute allows you to use an alternative name for the session name
displayed on the legend and graph of the time-series chart that opens when you click on a big number
value. The alternative display name is based on a tag defined for the session. Set the attribute to the tag-
type that you want to use for renaming the session.
For example, the big number widget here will display the tag name in tag-type "User" instead of the
session name on the time series chart, for any sessions configured with this tag-type. If a session doesn't
have this tag type defined, the original session name will be displayed.
<number displayNameTagType="User" height=”1” title=”New Connections”
unscaled=”true” width=”2”>
<stat direction=”request” type=”tcp-connections-initiated”/>
</number>
You can define a tag-type and tag value for a session on the Manage Tags administration page or via CLI
command.
You can display the same session with a different name on other widgets by configuring a different tag-
type.
The new display name is not preserved on click-through to Inspect Data or Session dashboards.
NOTE: If you want to see the original name of a session, click on a point on the graph for that session.
The new display name and original session name are both shown in the tooltip.
NOTE: This attribute is not available for widgets created on Inspect Data dashboards or for any
templated by session dashboards.
© 2023 Pico Quantitative Trading LLC. All rights reserved 165 .
Changing the Statistic Display Names (Optional)
[Supported in release 9.6.x and later]
If you have configured dictionaries of custom statistic names for changing the display name for some of
your statistics, you can select which dictionary you want to use for your big number widget using the
statConfig attribute. The list of available dictionaries is listed when you type the attribute.
Selecting this option replaces the system-defined or configurable statistic name displayed in the legend
and tooltips of the time series chart that you navigate to with the new name configured in the selected
dictionary.
NOTE: If you do not configure a dictionary for your widget, the dictionary selected for the dashboard is
used instead (if configured), otherwise, the global dictionary is used (if configured).
Showing Threshold Violations
[Supported on 9.6.1 and later releases only]
If you have configured a threshold value for your statistic in the relevant service objective and you want to
be warned if the value exceeds the threshold value, set the attribute
showThresholdViolation="true". This ensures that the number will display in red if the threshold
is exceeded.
Displaying a Statistic as a Percentage of a Threshold (Optional)
[Supported in 9.6.2 and later releases only]
If you have configured a threshold target for your statistic in the relevant service objective and you want to
display the statistic as a percentage of the threshold value, rather than as an absolute value, set the
attribute displayAs="percentOfThreshold". You can set this option on a statistic or on a statistic
aspect.
For example:
<number height="1" showThresholdViolation="false" title="TCP RTT %"
unscaled="false" width="2">
<stat direction="request" type="tcp-roundtrip-time">
<aspect displayAs="percentOfThreshold" type="mean"/>
</stat>
</number>
Comparison mode is supported displaying the current and previous percentage values and indicating
whether there is no change, an increase or a decrease in the percentage.
© 2023 Pico Quantitative Trading LLC. All rights reserved 166 .
If the percentage can't be calculated for the statistic, "--" is displayed with an explanatory tooltip. For
example, when the dashboard/widget is displaying multiple sessions, the statistic value is empty for the
session or when the threshold target has not been set for the statistic. Also, negative percentages are not
calculated so if the threshold and the statistic values have different signs, this is displayed as "--".
Note that the percentage value will display in red if the threshold is exceeded and the widget is configured
to flag threshold violations.
Displaying Scaled or Unscaled Values (Optional)
Big numbers display scaled values by default. For example, a count of one thousand messages is
displayed as 1k. Use the unscaled=true setting to display unscaled values. In the preceding example
of one thousand messages, the unscaled big number displays 1,000.
For example:
<number height=”1” title=”New Connections” unscaled=”true” width=”2”>
<stat direction=”request” type=”tcp-connections-initiated” />
</number>
Use the (default) unscaled=false setting to display scaled values.
Trending Alert (Optional)
Ttrend information is displayed for your big number when you select a comparison time period. If you use
the trendUpPositive="true" setting then an increase compared to the previous compared period
is considered a positive trend and will be displayed in green, while a decrease is displayed in red. When
you set trendUpPositive="false" for example, for loss or latency, then an increase is considered a
negative trend and is displayed in red, while a decrease is a positive trend and is displayed in green. If you
do not choose one of these trend settings, both positive and negative trends are displayed in grey. No
XML setting is required for this default trending alert style.
For example
<number height="1" title="Latency Mean" unscaled="false" width="2">
<context drilldownView="TCP" inherits="true">
<filters>
<filter operator="is" session="true" value="FIX-RTT"/>
</filters>
<time>
<namedPeriod name="Last 24 hours">
<comparisonOption name="Previous day"/>
</namedPeriod>
</time>
</context>
<subtitle>For FIX-RTT session</subtitle>
© 2023 Pico Quantitative Trading LLC. All rights reserved 167 .
<stat direction="request" type="latency">
<aspect trendUpPositive="false" type="mean"/>
</stat>
</number>
Context Settings (Optional)
Big numbers can also have an optional context element that specifies filtering and time-related settings,
similar to that available at the dashboard level.
For more information on the available filtering and time settings, please refer to the section "Dashboard
Context Settings - XML" on page 143.
In the following example excerpt from the default dashboard configuration, the Physical Ports
dashboard includes number widgets displaying Total Bytes, Bandwidth, Total Packets and Packet Rate
across the Corvil appliance physical ports during the selected time period:
In the following example, the time series chart that opens on clicking a big number value displays the
statistic with a customized name:
© 2023 Pico Quantitative Trading LLC. All rights reserved 168 .
Here's the corresponding XML configuration. In this example, the selected dictionary "english", contains
custom names for the Orders statistics. In this case, the big number is displaying the "Cancels" statistic,
and the statistic name displayed in the legend and tooltips of the time series chart is the custom name
"Cancelled Orders".
<number height="1" statsConfig="english" title="Cancelled Orders"
unscaled="false" width="2">
<stat direction="request" name="Cancels"/>
</number>
CANVAS-BASED LAYOUT DASHBOARD EXAMPLE
If you are adding a big number widget to a canvas-based dashboard, its location will always default to the
top left corner of the displayed screen.
In the following example, a simple big number widget is added, displaying request packet bytes:
<number height="100" showThresholdViolation="false" title="Bytes (Request"
unscaled="false" width="200" x="-985" y="-301">
<stat direction="request" type="packet-bytes"/>
</number>
In the canvas dashboard you can see the widget is added to the top left of the displayed canvas.
© 2023 Pico Quantitative Trading LLC. All rights reserved 169 .
DEFINING A TIME SERIES CHART USING THE WIDGET
EDITOR
NOTE: Time series widgets can be added to grid-based and canvas-based dashboards. The widget
editor contents are slightly different depending on which type of dashboard you are adding the widget
to. These differences are highlighted below. Canvas-based dashboards are supported in 9.6.1 and
later releases.
You can add a time series widget to a user-defined dashboard on the Dashboards or Inspect Data
screens by clicking and selecting Add a Widget.
NOTE: The Add a Widget option is only available for user defined dashboards.
Select the Time Series icon from the widget menu. This opens a widget editor to the Add Time Series
window. The example (from a 9.6.x or later release) below shows the time series widget editor launched
from the Dashboards screen.
© 2023 Pico Quantitative Trading LLC. All rights reserved 170 .
The settings in the editor window are divided into required and optional settings. Using the guidelines
given below for each setting, make the appropriate updates to create the time series chart that you
require, then click SAVE to apply the changes and view your time series chart.
NOTE: You can view/edit the XML code for your chart from the widget editor by clicking </> XML
VIEW. You must save your changes in the GUI EDITING mode before switching to XML editing mode
and vice versa.
You can also edit an existing user-defined time series widget using the widget editor by clicking on the
arrow on the top right of the widget and selecting Edit. The widget editor will open an Edit Time
Series window, containing the settings options below.
Time-series Chart Required Settings
To create a time series widget using the widget editor, you must configure some basic settings before you
will be allowed to save the new widget. These fields are generally indicated by a * or flagged as Required.
NOTE: If adding a time series to a canvas-based dashboard only the Statistic value is mandatory.
NAME AND DIMENSIONS
Specify the title and dimensions of the time series widget.
© 2023 Pico Quantitative Trading LLC. All rights reserved 171 .
Title
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specify the display name of the time series chart.
Height
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the height of the widget. The default height is 3.
Width
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the width of the widget. The default width is 3.
NOTE: For grid-based dashboards, the recommended minimum dimensions are: 3x3 (width x height).
The recommended maximum dimensions are: 12x4 (width x height).
For canvas-based dashboards, the dimensions are based on pixels and can only be changed in the
XML editor.
DISPLAY STYLE
Choose how you would like to display the time series chart.
Chart Type
Specifies an Area or Line chart type. The default is Line.
Stacked
If you select Area chart type, you can enable/disable stacking of charts, if you want a stacked display of
results for a graph. Selecting Line chart, automatically disables the Area and Stacked attributes.
Show Legends
Choose whether you want to hide or display the graph legend. The legend is shown by default.
Show Threshold
© 2023 Pico Quantitative Trading LLC. All rights reserved 172 .
[Supported in release 9.5.0 and later]
Choose whether you want to hide or display the configured threshold value and a threshold line on the
chart. Displaying the threshold value and line is enabled by default and these are shown on the time series
chart when the chart is displaying results for a relevant unidirectional statistic for a single session only. See
the table below for the statistics that can display threshold values.
The threshold value that is displayed is the relevant value set in the service objective and session
configuration of the displayed session. Below is an example of a chart showing latency results, displaying
the One-way Latency target threshold configured in the service objective for the session.
The following table shows the statistics for which threshold values can currently be displayed on the time
series chart, and the threshold target (in some cases, two targets must be configured) that is used.
NOTE: The threshold targets can be configured on the UI - on the Service Objectives or Sessions
System Administration pages, or using CLI commands - when configuring the nso-map or a
session. As most of the targets are configured in the service objective, the targets that are session-
based are highlighted in the table.
© 2023 Pico Quantitative Trading LLC. All rights reserved 173 .
Threshold
Threshold Target (UI) in System Target (CLI) in
Statistic Type Administration:Service Objectives configuration
or Sessions modes:nso-
map or session
Corvil Bandwidth - Generate events when
Corvil Bandwidth exceeds X measure-
bandwidth
or
capacity or
User Microburst - Generate Events on bit-
rate microbursts measure-
microburst
Configurable statistic event policies - Add statistic-event-
configurable-min-mean-max
an event policy of type 'Min/Mean/Max' policy
Expected Queuing - Generate events
when delay exceeds threshold
expected-queuing-delay queuing-targets
and
Queuing Delay target
protect-packets
Latency and Loss Targets -
percent
Packet/Message Protection
and
icmp-loss-percent and
measure-icmp
ICMP Ping - Generate events when loss
event-thresholds
occurs
loss
ICMP Ping - Generate events when
Round-trip delay exceeds threshold measure-icmp
expected-queuing-delay event-thresholds
and
delay
Roundtrip delay target
latency
NOTE:
One-way Latency one-way-latency
The threshold is displayed if any or all of
min, mean, max or percentile aspects are
selected.
measure-
User Microburst - Generate Events on bit-
message-bitrate-microburst microburst event-
rate microbursts
threshold percent
© 2023 Pico Quantitative Trading LLC. All rights reserved 174 .
Threshold
Threshold Target (UI) in System Target (CLI) in
Statistic Type Administration:Service Objectives configuration
or Sessions modes:nso-
map or session
measure-
User Microburst - Generate Events on bit- microburst event-
rate microbursts threshold percent
message-bitrate-microburst-1s
and and
Bandwidth (in Sessions) bandwidth (session
config)
measure-
User Microburst - Generate Events on bit-
microburst event-
rate microbursts
threshold percent
message-bitrate-microburst-delay-target
and
and
One-way Latency
one-way-latency
measure-
User Microburst - Generate Events on microburst event-
message-rate-microburst packet-rate/message-rate microbursts threshold packets-
(pkts/s) or-messages-per-
second
measure-
User Microburst - Generate Events on microburst event-
message-rate-microburst-1s packet-rate/message-rate microbursts threshold packets-
(pkts/s) or-messages-per-
second
measure-
User Microburst - Generate Events on microburst event-
packet-rate/message-rate microbursts threshold packets-
(pkts/s) or-messages-per-
message-rate-microburst-delay-target second
and
and
One-way Latency
one-way-latency
measure-
User Microburst - Generate Events on bit-
packet-bitrate-microburst microburst event-
rate microbursts
threshold percent
© 2023 Pico Quantitative Trading LLC. All rights reserved 175 .
Threshold
Threshold Target (UI) in System Target (CLI) in
Statistic Type Administration:Service Objectives configuration
or Sessions modes:nso-
map or session
measure-
User Microburst - Generate Events on bit- microburst event-
rate microbursts threshold percent
packet-bitrate-microburst-1s
and and
Bandwidth (in Sessions) bandwidth (session
config)
measure-
User Microburst - Generate Events on bit-
microburst event-
rate microbursts
threshold percent
packet-bitrate-microburst-delay-target
and
and
One-way Latency
one-way-latency
measure-
User Microburst - Generate Events on microburst event-
packet-rate-microburst packet-rate/message-rate microbursts threshold packets-
(pkts/s) or-messages-per-
second
measure-
User Microburst - Generate Events on microburst event-
packet-rate-microburst-1s packet-rate/message-rate microbursts threshold packets-
(pkts/s) or-messages-per-
second
measure-
User Microburst - Generate Events on microburst event-
packet-rate/message-rate microbursts threshold packets-
(pkts/s) or-messages-per-
packet-rate-microburst-delay-target second
and
and
One-way Latency
one-way-latency
tcp-targets rtt
TCP Statistics - RTT target
and
tcp-roundtrip-time and
one-way-latency
One-way Latency (optional)
(optional)
You can see some of these configurable targets in the screenshot of the Service Objective administration
page below.
© 2023 Pico Quantitative Trading LLC. All rights reserved 176 .
Preferred Resolution
The resolution of the chart can be the default time period resolution of dashboard where the widget
resides, or you can set the resolution to Days. The default resolution is Default.
This option is hidden for widgets created on Inspect Data dashboards and is preset to Default.
© 2023 Pico Quantitative Trading LLC. All rights reserved 177 .
If you select Days resolution for a time period of 3 days or more, the start of the time range will be adjusted
backwards to the nearest midnight (in the current time zone) and the end of the time range will be
adjusted forwards to the nearest midnight (in the current timezone). See note below. These adjustments
are only visible on the chart and do not affect the time period displayed in the global or local time period
selector. For time periods of less than 3 days, the resolution is determined automatically.
If you use the Days resolution, and have selected Area chart type, the graph will be displayed as a bar
chart for time periods between 3 and 12 days, with one bar representing one day. Also, for time periods
greater than or equal to 3 days, an information icon is displayed on top of the chart, allowing you to see the
time range of the displayed data.
NOTE: The automatic forward adjustment of the end of the time range for selected time periods longer
than 3 days, results in an extra day being displayed on the chart. For example, if you select Last 60
days, then 61 days of data will be displayed in area chart format. Selecting Last 7 days displays 8 days
of data in bar chart format. This extra day is supported on click-through to Inspect Data.
SPECIFYING THE STATISTIC TO REPORT
[Mandatory for grid-based and canvas-based dashboards]
Specify the statistics and session directions that you want to report in your chart. Click ADD STATISTICS
to see the list of available statistics. The statistics are grouped into Packet, Configurable, EQ, Message,
PNQM- Latency and Loss, Microburst and TCP statistics, and most are available in the request and
response session direction. Enable Expand All to see the full list of statistics. You can filter the list of
statistics by entering a string in the Filter by name box on the top right of the ADD STATISTICS
window.
To select a statistic for display, click ADD REQUEST or ADD RESPONSE for each required statistic. You
can only add one statistic at a time and the window will return to the main widget editing page after you
make your selection. Click ADD STATISTICS again to select another statistic. For statistics already
© 2023 Pico Quantitative Trading LLC. All rights reserved 178 .
selected, the text will have changed to green and will say RESPONSE/REQUEST ADDED.
You can select up to 10 statistics, but they must all be the same type. For example, if you initially select a
Bitrate statistic, all the remaining selection options available will be of type Bitrate.
You will also get the message:
"Only Bitrate statistics are available. Remove current selection to add another statistics type. Some
configurable stats are hidden as the assigned sessions have been filtered in the current dashboard."
If you want to display statistics of a different type, delete the current selection by clicking DELETE on each
statistic.
NOTE: Only available statistics are shown in the menu. If you want to see the unavailable statistics,
click Show Unavailable Statistics at the end of the statistics menu. This will show the unavailable
statistics in greyed out text. These statistics cannot be selected. For example, if you have selected
statistics of type Bitrate, all other types of statistic will be greyed out.
NOTE: Some configurable stats may be hidden if the assigned sessions have been filtered in the
dashboard.
NOTE: For more information on supported statistics, please refer to the section "Specifying Statistics
in Widgets Using XML" on page 317
NOTE: The values configured for microburst in the service objective applied to your session are
displayed in the legend of time series charts. For example, if you set a one-way latency of 500ms in the
service objective, and your time series chart is displaying results for the statistic 'packet-bitrate-
microburst-delay-target', it will display in the legend as 'session-name - Microburst (500ms). Similarly,
if you set the User Microburst Minimum Duration to 10ms, the statistic 'message-bitrate-microburst'
will display in the legend as 'session-name - Msg. Bitrate Microburst (10ms)'.
The ADD STATISTICS button will become greyed out once you have selected the maximum number of
statistics allowed. See "Limiting the Number of Sessions Displayed (Optional)" on page 184.
Aspect Type
If you are displaying distribution statistics you need to select the type of aspect to display for the statistics.
For example, you can display the maximum, minimum, mean or percentile values for Latency type
statistics and some configurable statistics. If you select percentile, you must enter a percentile value.
© 2023 Pico Quantitative Trading LLC. All rights reserved 179 .
Adding a Subtitle (Optional)
Subtitle
You can add an optional subtitle to the widget to clarify its purpose.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
For example, here's a time series graph with a subtitle:
Displaying Cumulative Counts (Optional)
Cumulative (Under Statistics section)
You can display cumulative counts of your statistics by setting the Cumulative toggle switch to on. This
feature only applies to statistics of type Bytes, such as packet-bytes and type Count, such as 'tcp-packet-
count', 'message-count', 'message-sequence-count' and COUNT, for configurable statistics, and only
one statistic can be selected.
In the example below, cumulative results for the statistic 'packet-bytes' are displayed.
© 2023 Pico Quantitative Trading LLC. All rights reserved 180 .
Grouping Session Results by Tag-type (Optional)
Group By Tag
Use the Group By Tag toggle switch to optionally group session results according to a specified tag-
type, selectable from the drop down menu. In the example below, the total packets measured are
grouped by tag-type 'ServiceObjectives'.
This option is not available for widgets created on Inspect Data dashboards.
© 2023 Pico Quantitative Trading LLC. All rights reserved 181 .
Changing the Session Display Name (Optional)
[Supported in release 9.5.x and later]
Session Display Name
The Session Display Name option allows you to use an alternative name for the session name displayed
on the legend and graph of the time-series chart. The alternative display name is based on a tag defined
for the session. If you have already defined the tag name that you want to use for the session, click the
toggle switch and select the tag-type from the dropdown list. If you haven't yet defined a relevant tag for
the session, use the tooltip next to the toggle switch and click on the link that allows you to open the
Manage Tags administration page. Here you can add a tag to a session by selecting a tag-type and
assigning a tag value. The time series chart will display the tag name instead of the session name for
sessions that have values assigned for the selected tag-type. If a session doesn't have this tag-type
defined, the original session name will be displayed.
© 2023 Pico Quantitative Trading LLC. All rights reserved 182 .
You can display the same session with a different name on other widgets by configuring and selecting a
different tag-type.
The new display name is also shown on time-series charts that have been navigated to from big number
widgets or from cells on a session table, if the Session Display Name option is enabled for those
widgets.
The new display name is not preserved on click-through to Inspect Data or Session dashboards.
NOTE: If you want to see the original name of a session, click on a point on the graph for that session.
The new display name and original session name are both shown in the tooltip.
NOTE: The Session Display Name option is not available for widgets created on Inspect Data
dashboards or for any templated by session dashboards.
Changing the Statistic Display Names (Optional)
[Supported in release 9.6.x and later]
If you have configured dictionaries of custom statistic names for changing the display name for some of
your statistics, you can select which dictionary you want to use for your time series widget by enabling the
Use Custom Statistic Names toggle and selecting a dictionary from the list of configured dictionaries in
the dropdown menu.
Selecting this option replaces the system-defined or configurable statistic names displayed in the legend
and tooltips of the chart with the new names configured in the selected dictionary.
NOTE: If you do not configure a dictionary for your widget, the dictionary selected for the dashboard is
used instead (if configured), otherwise, the global dictionary is used (if configured).
If you want to check, edit or create a new dictionary, you can open the Dashboard XML editor directly
from a GUI widget editor (for widgets that support custom statistic naming) by selecting the tooltip next to
Use Custom Statistic Names and clicking the Dashboards XML Configuration link.
© 2023 Pico Quantitative Trading LLC. All rights reserved 183 .
Advanced Settings
NOTE: Advanced Settings are not available for widgets created on Inspect Data dashboards.
LIMITING THE NUMBER OF SESSIONS DISPLAYED (OPTIONAL)
The maximum number of time series that can be displayed is 20 but you can alternatively set an optional
limit to the number of series displayed by setting the maximum number of sessions to display on the
widget and configuring the statistics to display for each session. The maximum number of series displayed
is the product of the number of statistics defined and the configured session limit. As the maximum
number of series allowed is 20, the product of these two values cannot be greater than this series limit.
For example, if you have selected 2 statistics for display, and have set a session limit of 5, then a maximum
of 10 time series will be displayed. The maximum value that you can set for the session limit is determined
by the number of stats or aspects configured for the widget. In this example, the maximum value that you
can set for the session limit is 10, allowing you to display the maximum of 20 time series.
If you do not define a session limit, then an implicit limit is applied on dashboard installation according to
the above calculation. This results in the following effective limits:
Number of Statistics/Aspects Applied/Maximum Session Limit
1 20
2 10
3 6
4 5
5 4
6 3
7, 8 , 9, 10 2
Limit Sessions
To enable session limiting, click the Limit Sessions toggle button. Limiting sessions is disabled by
default. Once enabled, an information message is displayed in the Statistics section informing you that the
session value is limited by the number of statistics selected.
Value
Specify the maximum number of sessions to display on your chart in the range from 1 to 20 (default: 20).
The value that you can enter here determines the maximum number of statistics that you can select.
Limit By
© 2023 Pico Quantitative Trading LLC. All rights reserved 184 .
When a session limit is defined, you must select a statistic to sort your sessions by and then set the sorting
order of the displayed statistics to Ascending or Descending (the default sorting order is descending).
This allows you to control which session results are displayed on the widget by sorting the results in
descending (or ascending) order for the chosen statistic, and then displaying the sessions with the
highest (or lowest) values. For example, if the widget is set to display a limit of 10 sessions and the sorting
statistic is set to packet-bitrate in descending order, the widget will display the top 10 sessions with the
highest bitrate. Similarly, if ascending order is selected, the widget displays data from the top 10 sessions
with the lowest bitrate.
If the statistic requires an aspect, then only one aspect can be defined. If a limit is applied implicitly then
the first statistic (or first aspect of the first statistic if present) is used as the sorting statistic, descending by
default.
APPLYING TIME AND DATA FILTERS (OPTIONAL)
Your time series graph will use the time period and data filters set for the dashboard that it resides in. If you
want to use local time and data filters for your time series graph, you can set them here.
Setting a Time Filter
Enable Local Time Filter
You can set a time-related filter for your time series graph by selecting Enable Local Time Filter and
selecting a time period from the drop-down menu. The allowed options are described in Defining a
Dashboard or Widget Time Period in "Dashboard Context Settings - XML" on page 143. After setting and
saving a local time filter, the icon is displayed on top of the widget to indicate that the widget has its
own time period set.
NOTE: If you want to change the time period on the widget, you can click the or icon and make
a different selection. However, this does not override the local time period selected in the widget editor
page. If you now edit and save changes to the widget using the widget editor, the time period will be
reset to the value that you had originally selected in the editor. If you want to keep using the locally
selected time period, ensure that you also set it within the widget editor.
Setting Data Filters
Enable Local Data Filters
You can set local data filters by selecting Enable Local Data Filters and adding filters, and/or you can
use the existing filters from the dashboard by setting the Inherit Global Filter button. Data filtering is
based on tags, tag-types, and sessions.
© 2023 Pico Quantitative Trading LLC. All rights reserved 185 .
Refer to "Defining Data Filters" in "Dashboard Context Settings - XML" on page 143 for the full set of data
filters and some examples of how to apply them.
Inheriting Global Filters is enabled by default. After setting up local filters, the icon is displayed on
top of the widget to indicate that the widget has its own local data filters.
NAVIGATING TO INSPECT DATA VIEWS (OPTIONAL)
Inspect Data Target View
You can set a target view when navigating to Inspect Data from a data point on the graph. The view that is
opened in Inspect Data can be pre-selected by selecting one of the view options under Inspect Data
Target View. If you do not select an option here, the dashboard click through view will be used. If the
dashboard's view does not exist, or none is given, then the first Inspect Data view defined is opened.
Example of a Time Series Widget Using the Widget Editor
The example below shows the creation of a simple time series chart using the widget editor, and the
resulting chart displayed on the dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 186 .
DEFINING A TIME-SERIES CHART USING XML
NOTE: Time series widgets can be added to grid-based and canvas-based dashboards. Canvas-
based dashboards require additional XML attributes highlighted below. Canvas-based dashboards
are supported in 9.6.1 and later releases.
You can add a time series widget to a user-defined dashboard on the Dashboards or Inspect Data
screens by clicking and selecting Add a Widget. Select the Time Series icon from the widget
menu to open the time series widget editor. Click </> XML VIEW to view/edit the XML code for your chart.
You can also define a time series chart for a dashboard by editing the Dashboard XML (select System
Administration mode, then the Dashboards editor).
You define a time series chart widget using the timeSeriesChart element.
In the following example, a time-series chart named Maximum TCP Roundtrip Time - top 10
sessions (in) displays TCP RTT measurements in the request direction for up to ten sessions:
© 2023 Pico Quantitative Trading LLC. All rights reserved 187 .
Here's the equivalent XML configuration for a grid-based dashboard:
<timeSeriesChart area=”false” “height=”3” preferredResolution="default"
showLegend="true" showThreshold="true" stacked=”false” title=”Maximum TCP
Roundtrip Time – top 10 sessions (in)” width=”6”>
<limit number=”10”>
<sortingStat direction=”request” sort=”descending” type=”tcp-roundtrip-time”>
<aspect type=”max”/>
</sortingStat>
</limit>
<stat direction=”request” type=”tcp-roundtrip-time”>
<aspect type=”max”/>
</stat>
</timeSeriesChart>
Time-series Chart Required Settings
The positioning of the elements within the XML configuration used to define your time series widget must
follow the order below:
1. context (optional)
2. subtitle (optional)
3. limit (optional)
4. stat
© 2023 Pico Quantitative Trading LLC. All rights reserved 188 .
NAME AND DIMENSIONS
The time series widget specifies
title=""
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specifies the displayed name of the widget.
height=""
Specifies the height of the widget.
The range is 100 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 4 on grid-based dashboards.
width=""
Specifies the width of the widget.
The range is 200 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 12 on grid-based dashboards.
NOTE: For grid-based dashboards, the recommended minimum dimensions are: 3x3 (width x height).
The recommended maximum dimensions are: 12x4 (width x height).
For canvas-based dashboards, the dimensions are based on pixels. The default dimensions are:
400x250 (width x height). The minimum dimensions are 200x100 (width x height) and the maximum
dimensions are 4000x4000.
POSITION ON CANVAS
[Mandatory for canvas-based dashboards. Not supported for grid-based dashboards]
The x and y attributes determine the position of the widget on the canvas dashboard, where the center
point of the canvas is at coordinates x="0", y="0". When you add a widget it is placed by default in the top
left corner of the displayed canvas screen.
x=""
Specifies the x coordinate or horizontal position of the widget on the canvas. Attribute “x” must be
between -5000 and 5000.
y=""
© 2023 Pico Quantitative Trading LLC. All rights reserved 189 .
Specifies the y coordinate or vertical position of the widget on the canvas. Attribute “y” must be between -
5000 and 5000.
NOTE: On canvas-based dashboards, be aware that changing the height and width or x and y
attributes using XML can result in the widget overlapping other elements on the dashboard (this also
happens if you use the mouse to resize or move a widget on the canvas). If this is not intended, you
can reposition the widget or the overlapped elements later when you view the canvas.
DISPLAY STYLE
To display results as a line chart, set the area and stacked attributes to false (there is no 'line'
attribute in XML editing mode). To display the time-series in the form of an area chart, you can set the
area attribute to true, and if you want stacked display of results for a particular graph, set the stacked
attribute to true also.
NOTE: The area attribute cannot be set to false when the stacked attribute is set to true.
PREFERRED RESOLUTION
preferredResolution=""
Specifies the resolution of the chart: days or default
Setting the preferred resolution to default means that the widget will use the same time period
resolution of the dashboard on which it resides. This is the default setting.
If you set it to days then if the time period is 3 days or more, the start of the time range will be adjusted
backwards to the nearest midnight (in the current time zone) and the end of the time range will be
adjusted forwards to the nearest midnight (in the current timezone). These adjustments are only visible on
the chart and do not affect the time period displayed in the global or local time period selector. For time
periods of less than 3 days, the resolution is determined automatically.
If you set it to days and have selected area chart type, the graph will be displayed as a bar chart for time
periods between 3 and 12 days, with one bar representing one day. Also, for time periods greater than or
equal to 3 days, an information icon is displayed on top of the chart, allowing you to see the time range of
the displayed data.
NOTE: The automatic forward adjustment of the end of the time range for selected time periods longer
than 3 days, results in an extra day being displayed on the chart. For example, if you select Last 60
days, then 61 days of data will be displayed in area chart format. Selecting Last 7 days displays 8 days
of data in bar chart format. This extra day is supported on click-through to Inspect Data.
© 2023 Pico Quantitative Trading LLC. All rights reserved 190 .
NOTE: You cannot change the preferredResolution option for widgets created on Inspect Data
dashboards. It is preset to default.
SPECIFYING THE STATISTIC TO REPORT
[Mandatory for grid-based and canvas-based dashboards]
There are parameters used to specify the reported statistic and session direction.
stat direction=""
Specifies the required session direction: request or response
stat type=""
Specifies the system-defined statistic to report.
stat name=""
Specifies the name of a defined configurable statistic.
aspect type=""
Specifies the aspect of a distribution statistic: min, mean, max, percentile. If you specify a percentile
aspect, you use the value="" parameter to specify the percentile value.
© 2023 Pico Quantitative Trading LLC. All rights reserved 191 .
NOTE: For more information on supported statistics, please refer to the section "Specifying Statistics
in Widgets Using XML" on page 317.
Adding a Subtitle (Optional)
You can add an optional subtitle to the widget to clarify its purpose. Enter the subtitle text between
<subtitle></subtitle> tags and place it on a separate line AFTER the basic widget settings and
BEFORE any other tags.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
For example, here's a time-series graph with a subtitle:
Here's the equivalent XML for a grid-based dashboard:
<timeSeriesChart area=”true” groupByTagType=”Venue” height=”3”
preferredResolution="default" showLegend="true" showThreshold="true"
stacked=”false” title=”Venue Response Latency (Max)” width=”6”>
<subtitle>Maximum latency measurement per Venue</subtitle>
<stat direction=”request” type=”latency”>
<aspect type=”max”/>
</stat>
</timeSeriesChart>
© 2023 Pico Quantitative Trading LLC. All rights reserved 192 .
Displaying Cumulative Counts (Optional)
Use the cumulative="true" parameter in the timeSeriesChart element for packet-count,
message-count, message-sequence-count and count configurable statistics only to display cumulative
counts.
For example:
<timeSeriesChart area=”true” height=”4” preferredResolution="default"
showLegend="true" showThreshold="true" stacked=”false” title=”Cumulative Message
Count” width=”6” cumulative=”true”>
<stat direction=”request” type=”message-count”/>
</timeSeriesChart>
Hiding the Graph Legend (Optional)
Use the showLegend="false" parameter in the timeSeriesChart element to optionally hide the
graph legend.
For example:
<timeSeriesChart area=”true” height=”4” preferredResolution="default"
showLegend="false" showThreshold="true" stacked=”false” title=”Message Count”
width=”6” showLegend=”false”>
<stat direction=”request” type=”message-count”/>
</timeSeriesChart>
Displaying Threshold Values (Optional)
[Supported in release 9.5.x and later]
Choose whether you want to hide or display the configured threshold value and a threshold line on the
chart by setting the showThreshold attribute to true to display or false to hide. Displaying the
threshold value and line is enabled by default and these are shown on the time series chart when the chart
is displaying results for a relevant uni-directional statistic for a single session only.
See the table in the topic "Defining a Time Series Chart Using the Widget Editor" on page 170 for the
statistics that allow the display of threshold values. This table shows you what threshold targets need to be
configured for each statistic. The threshold targets are set in the service objective and session
configuration of the displayed session.
© 2023 Pico Quantitative Trading LLC. All rights reserved 193 .
Grouping Session Results by Tag-type (Optional)
Use the groupByTagType attribute to optionally group session results according to a specified tag-type.
In the following example a defined tag-type called WAN-Region is used so the results for sessions that are
appropriately tagged are then grouped together by geographical region.
<timeSeriesChart area=”true” groupByTagType=”WAN-Region” height=”2”
preferredResolution="default" showLegend="true" showThreshold="true"
stacked=”true” title=”Volume” width=”4”>
Changing the Session Display Name (Optional)
[Supported in release 9.5.x and later]
The displayNameTagType attribute allows you to use an alternative name for the session name
displayed on the legend and graph of the time-series chart. The alternative display name is based on a tag
defined for the session. Set the attribute to the tag-type that you want to use for renaming the session.
For example, the time series chart here will display the tag name in tag-type "User" instead of the session
name, for any sessions configured with this tag-type. If a session doesn't have this tag type defined, the
original session name will be displayed.
<timeSeriesChart area="false" displayNameTagType="User" height="2"
preferredResolution="default" showLegend="true" showThreshold="true"
stacked="false" title="Roundtrip Time" width="6">
<stat direction="request" type="tcp-roundtrip-time">
<aspect type="min"/>
</stat>
</timeSeriesChart>
You can define a tag-type and tag value for a session on the Manage Tags administration page or via CLI
command.
You can display the same session with a different name on other widgets by configuring a different tag-
type.
The new display name is also shown on time-series charts that have been navigated to from big number
widgets or from cells on a session table, if the displayNameTagType attribute is configured for those
widgets.
The new display name is not preserved on click-through to Inspect Data or Session dashboards.
NOTE: If you want to see the original name of a session, click on a point on the graph for that session.
The new display name and original session name are both shown in the tooltip.
© 2023 Pico Quantitative Trading LLC. All rights reserved 194 .
NOTE: This attribute is not available for widgets created on Inspect Data dashboards or for any
templated by session dashboards.
Changing the Statistic Display Names (Optional)
[Supported in release 9.6.x and later]
If you have configured dictionaries of custom statistic names for changing the display name for some of
your statistics, you can select which dictionary you want to use for your time series widget using the
statConfig attribute. The list of available dictionaries is listed when you type the attribute.
Selecting this option replaces the system-defined or configurable statistic names displayed in the legend
and tooltips of the chart with the new names configured in the selected dictionary.
NOTE: If you do not configure a dictionary for your widget, the dictionary selected for the dashboard is
used instead (if configured), otherwise, the global dictionary is used (if configured).
Limiting the Number of Sessions Displayed (Optional)
The maximum number of time series charts that can be displayed is 20 but you can alternatively set an
optional limit to the number of series displayed by setting the maximum number of sessions
(<limit></limit>) to display on the widget and configuring the statistics to display for each session.
to the number of series displayed. The number of series displayed is the product of the number of
statistics defined and the configured session limit. As the maximum number of series allowed is 20, the
product of these two values cannot be greater than this series limit.
For example, if you have selected 2 statistics for display, and have set a session limit of 5, then a maximum
of 10 time series will be displayed. The maximum value that you can set for the session limit is determined
by the number of stats or aspects configured for the widget. In this example, the maximum value that you
can set for the session limit is 10, allowing you to display the maximum of 20 time series charts.
If you do not define a session limit, then an implicit limit is applied on dashboard installation according to
the above calculation. This results in the following effective limits:
Number of Statistics/Aspects Applied/Maximum Session Limit
1 20
2 10
3 6
4 5
5 4
6 3
7, 8 , 9, 10 2
© 2023 Pico Quantitative Trading LLC. All rights reserved 195 .
The number of sessions (<limit></limit>) to be displayed can be specified in range from 1 to 20
(default: 20). The value that you can enter here determines the maximum number of statistics that you can
configure for display.
When a limit is defined it requires a sortingStat (statistic) to be defined. That statistic has an additional
optional attribute sort (ascending/descending) set to descending by default. This allows you to control
which session results are displayed on the widget by sorting the results in descending (or ascending)
order for the chosen statistic, and then displaying the sessions with the highest (or lowest) values. For
example, if the widget is set to display a limit of 10 sessions and sortingStat is set to packet-bitrate in
descending order, the widget will display the top 10 sessions with the highest bitrate. Similarly, if
ascending order is selected, the widget displays data from the top 10 sessions with the lowest bitrate.
If the sorting statistic requires an aspect then only one aspect can be defined. If a limit is applied implicitly
then the first statistic (or first aspect of the first statistic if present) is used as the sorting statistic,
descending by default.
In the following example, a limit of ten sessions is applied.
<timeSeriesChart area=”true” height=”3” preferredResolution="default"
showLegend="true" showThreshold="true" stacked=”true” title=”TCP Throughput – top
10 sessions (in)” width=”6”>
<limit number=”10”>
<sortingStat direction=”request” sort=”descending” type=”tcp-total-
throughput”/>
</limit>
<stat direction=”request” type=”tcp-total-throughput”/>
<timeSeriesChart>
Context Settings (Optional)
Time series graphs can have an optional context element that specifies filtering and time-related
settings, similar to that available at the dashboard level.
For more information on the available filtering and time settings, please refer to the section "Dashboard
Context Settings - XML" on page 143.
Example Time-series Widgets
In the following example, a time-series chart named Latency displays minimum, mean maximum and
percentile latency measurements for up to four sessions starting with the minimum values:
© 2023 Pico Quantitative Trading LLC. All rights reserved 196 .
Here's the corresponding XML configuration:
<timeSeriesChart area="true" height="2" preferredResolution="default"
showLegend="true" showThreshold="true" stacked="false" title="Latency" width="4">
<limit number="4">
<sortingStat direction="request" sort="ascending" type="latency">
<aspect type="min"/>
</sortingStat>
</limit>
<stat direction="request" type="latency">
<aspect type="min"/>
<aspect type="mean"/>
<aspect type="percentile" value="50.00000"/>
<aspect type="percentile" value="99.00000"/>
<aspect type="max"/>
</stat>
</timeSeriesChart>
In the following example from release 9.5.x or later, stacked (overlaid results) time-series charts named
Roundtrip Time (in) and Roundtrip Time (out) display minimum, mean and maximum Corvil TCP
roundtrip time measurements. Threshold display is enabled and the session display name has been
changed to use the "Client" tag name (with a tag value of LondonStk in this case).
NOTE: The threshold value will only be displayed if the chart is filtered for a single session and only one
statistic is being reported.
© 2023 Pico Quantitative Trading LLC. All rights reserved 197 .
Here's the corresponding XML configuration. Note that the roundtrip time (in) displays the tcp-roundtrip-
time statistic in the request direction and the roundtrip time (out) displays the tcp-roundtrip-time statistic
in the response direction:
<timeSeriesChart area="true" displayNameTagType="Client" height="2"
preferredResolution="default" showLegend="true" showThreshold="true"
stacked="false" title="Roundtrip Time (in)" width="6">
<stat direction="request" type="tcp-roundtrip-time">
<aspect type="min"/>
<aspect type="mean"/>
<aspect type="max"/>
</stat>
</timeSeriesChart>
<timeSeriesChart area="true" displayNameTagType="Client" height="2"
preferredResolution="default" showLegend="true" showThreshold="true"
stacked="false" title="Roundtrip Time (out)" width="6">
<stat direction="response" type="tcp-roundtrip-time">
<aspect type="min"/>
<aspect type="mean"/>
<aspect type="max"/>
</stat>
</timeSeriesChart>
© 2023 Pico Quantitative Trading LLC. All rights reserved 198 .
In the following example, a time-series line chart named Latency displays maximum Corvil latency
measurements by WAN region:
Here's the corresponding XML configuration. In this example, the line chart is defined by setting the area
and stacked attributes to false. The results are grouped by the WAN-Region tag-type (with associated
tags Asia, Europe, US in the Corvil configuration):
<timeSeriesChart area="false" groupByTagType="WAN-Region" height="2"
preferredResolution="default" showLegend="true" showThreshold="true"
stacked="false" title="Latency" width="4">
<context inherits="true">
<filters>
<filter operator="isPresent" subject="WAN-Region"/>
</filters>
</context>
<stat direction="request" type="latency">
<aspect type="max"/>
</stat>
</timeSeriesChart>
In the following example, a stacked time-series chart named Volume displays packet bit rate by WAN
region:
© 2023 Pico Quantitative Trading LLC. All rights reserved 199 .
Here's the corresponding XML configuration. In this example, the defined WAN-Region tag-type is
specified with associated tags Asia, Europe, US:
<timeSeriesChart area="false" groupByTagType="WAN-Region" height="2"
preferredResolution="default" showLegend="true" showThreshold="true"
stacked="true" title="Volume" width="4">
<context inherits="true">
<filters>
<filter operator="isPresent" subject="WAN-Region"/>
</filters>
</context>
<stat direction="request" type="packet-bitrate"/>
</timeSeriesChart>
In the following example, a stacked time-series chart named Bytes -> displays packet bytes only for the
sessions in the Europe WAN region:
© 2023 Pico Quantitative Trading LLC. All rights reserved 200 .
Here's the corresponding XML configuration. In this example, the defined WAN-Region tag-type and only
the tag Europe are specified:
<timeSeriesChart area="false" height="2" preferredResolution="default"
showLegend="true" showThreshold="true" stacked="true" title="Bytes ->"
width="4">
<context inherits="true">
<filters>
<filter operator="is" subject="WAN-Region" value="Europe"/>
</filters>
</context>
<stat direction="request" type="packet-bytes"/>
</timeSeriesChart>
In the following example, a time-series chart named Message and Packet Count displays multiple
statistics in the same chart:
Here's the corresponding XML configuration. In this example, similar statistics are used so that the one y-
axis – “Counts” – can be used:
<timeSeriesChart area="false" groupByTagType="Protocol" height="2"
preferredResolution="default" showLegend="true" showThreshold="true"
stacked="false" title="Message and Packet Count" width="6">
<stat direction="request" type="message-count"/>
<stat direction="request" type="packet-count"/>
</timeSeriesChart>
In the following example, a time-series chart displays statistics with customized names:
© 2023 Pico Quantitative Trading LLC. All rights reserved 201 .
Here's the corresponding XML configuration. In this example, the selected dictionary "tcp-names",
contains a custom name (Thrput) for the 'tcp-total-throughput' statistic:
<timeSeriesChart area="true" height="3" preferredResolution="default"
statsConfig="tcp-names" showLegend="true" showThreshold="true" stacked="true"
title="TCP Throughput - top 10 sessions (in)" width="6">
<limit number="10">
<sortingStat direction="request" sort="descending" type="tcp-total-throughput"/>
</limit>
<stat direction="request" type="tcp-total-throughput"/>
</timeSeriesChart>
CANVAS-BASED DASHBOARD EXAMPLE
If you are adding a time-series widget to a canvas-based dashboard, its location will always default to the
top left corner of the displayed screen.
In the following example, a simple time-series widget is added, displaying response packet bytes, and
using default values for all other attributes:
© 2023 Pico Quantitative Trading LLC. All rights reserved 202 .
<timeSeriesChart area="false" height="250" preferredResolution="default"
showLegend="true" showThreshold="true" stacked="false" title="" width="400" x="-
659" y="-379">
<stat direction="response" type="packet-bytes"/>
</timeSeriesChart>
In the canvas dashboard you can see the widget is added to the top left of the displayed canvas.
DEFINING A BAR CHART USING THE WIDGET EDITOR
NOTE: Bar chart widgets can be added to grid-based and canvas-based dashboards. The widget
editor contents are slightly different depending on which type of dashboard you are adding the widget
to. These differences are highlighted below. Canvas-based dashboards are supported in 9.6.1 and
later releases.
You can add a bar chart widget to a user-defined dashboard on the Dashboards screens by clicking
and selecting Add a Widget.
NOTE: The Add a Widget option is only available for user-defined dashboards.
NOTE: The bar chart widget is not available in Inspect Data dashboards.
© 2023 Pico Quantitative Trading LLC. All rights reserved 203 .
Select the Bar Chart icon from the widget menu. This opens a widget editor to the Add Bar Chart
window. The example below shows the bar chart widget editor launched from the Dashboards screen.
The settings in the editor window are divided into required and optional settings. Using the guidelines
given below for each setting, make the appropriate updates to create the bar chart that you require, then
click SAVE to apply the changes and view your bar chart.
NOTE: You can view/edit the XML code for your chart from the widget editor by clicking </> XML
VIEW. You must save your changes in the GUI EDITING mode before switching to XML editing mode
and vice versa.
You can also edit an existing user-defined bar chart widget using the widget editor by clicking on the
arrow on the top right of the widget and selecting Edit. The widget editor will open an Edit Bar Chart
window, containing the settings options below.
Bar Chart Required Settings
To create a bar chart widget using the widget editor, you must configure some basic settings before you
will be allowed to save the new widget. These fields are generally indicated by a * or flagged as Required.
© 2023 Pico Quantitative Trading LLC. All rights reserved 204 .
NOTE: If adding a bar chart to a canvas-based dashboard only the Statistic value and grouping are
mandatory.
NAME AND DIMENSIONS
Specify the title and dimensions of the bar chart widget.
Title
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specify the display name of the bar chart.
Height
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the height of the widget. The default height is 4.
Width
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the width of the widget. The default width is 12.
NOTE: For grid-based dashboards, the recommended minimum dimensions are: 3x3 (width x height).
The recommended maximum dimensions are: 12x4 (width x height).
For canvas-based dashboards, the dimensions are based on pixels and can only be changed in the
XML editor.
DISPLAY STYLE
Choose how you would like to display the bar chart.
Stacked
You can enable/disable a stacked display of results for the chart. Stacking is disabled by default but is
automatically enabled when more than one grouping is enabled and multiple statistics are selected.
Stacking is additive, if the selected statistics are count-based, otherwise, the stacking is overlaid.
Show Legends
Choose whether you want to hide or display the graph legend. The legend is shown by default.
© 2023 Pico Quantitative Trading LLC. All rights reserved 205 .
GROUPING RESULTS
The bar chart allows two grouping options - group by Tag/Session and group by Time. The groupings are
termed Primary Grouping and Secondary Grouping and you must select at least one grouping
(primary) for displaying your results. If you only select one grouping, note that grouping by time only is not
allowed. If you select two groupings, the bar chart will display these results as stacked.
Primary Grouping
You must select a primary grouping to use for displaying your results. You can group by Session, Time or
by a specified Tag Type, selectable from the drop down menu. If you select a primary grouping of Session
or Tag Type, you can then optionally select a secondary grouping. If you select a primary grouping of
Time, you must also select a secondary grouping. Grouping by time will be by hour, day or week, based on
the selected global or local time period. If Live View is selected, the group by time selection is ignored and
the x-axis shows group by tag or session instead. To deselect the grouping, select the Clear icon
(9.5.3 and later releases). Clearing the primary grouping also clears the secondary grouping.
Secondary Grouping
Depending on what you selected for your primary grouping, you may want to or may have to select a
secondary grouping. For example, if you select Sessions or a tag-type as your primary grouping, then your
secondary grouping (if you require one) must be Time (this will be the only option offered in the drop down
menu). If you select Time as your primary grouping, you must select a secondary grouping, choosing
either Session or one of the listed tag-types. To deselect the grouping, select the Clear icon (9.5.3 or
later releases).
NOTE: [9.5.2 and earlier releases] If you have already selected and saved a secondary grouping
option, but now want to disable secondary grouping for your bar charts, click on the dropdown menu
and select Select Option. This deselects your secondary grouping setting and reverts your bar chart
to only use the primary grouping.
In the first example below, the packet bitrate results for the request direction for the past 7 days is shown,
grouped by Client with no secondary grouping.
In the second example, the same results are shown but this time a secondary grouping of Time has been
configured for the widget.
© 2023 Pico Quantitative Trading LLC. All rights reserved 206 .
NOTE: The resolution of the bars is automatically selected based on the time range selected on the
global time period selector. For example, if you have selected to display results for the last 60 or 30
days, or have create a custom period longer than 14 days, the bars are grouped into weeks. For
anything less than 14 days, the bars are grouped by day, but if less than 48 hours, the bars are not
grouped by time.
© 2023 Pico Quantitative Trading LLC. All rights reserved 207 .
SPECIFYING THE STATISTIC TO REPORT
[Mandatory for grid-based and canvas-based dashboards]
Specify the statistics and session directions that you want to report in your chart. Click ADD STATISTICS
to see the list of available statistics. The statistics are grouped into Packet, Configurable, EQ, Message,
PNQM - Latency and Loss, Microburst and TCP statistics, and most are available in the request and
response session direction. Enable Expand All to see the full list of statistics. You can filter the list of
statistics by entering a string in the Filter by name box on the top right of the ADD STATISTICS
window.
To select a statistic for display, click ADD REQUEST or ADD RESPONSE for each required statistic. You
can only add one statistic at a time and the window will return to the main widget editing page after you
make your selection. Click ADD STATISTICS again to select another statistic. For statistics already
selected, the text will have changed to green and will say RESPONSE/REQUEST ADDED.
You can select up to 10 statistics, but they must all be the same type. For example, if you initially select a
Bitrate statistic, all the remaining selection options available will be of type Bitrate. You will also get the
message:
"Only Bitrate statistics are available. Remove current selection to add another statistics type. Some
configurable stats are hidden as the assigned sessions have been filtered in the current dashboard."
If you want to display statistics of a different type, delete the current selection by clicking DELETE on each
statistic.
NOTE: Only available statistics are shown in the menu. If you want to see the unavailable statistics,
click Show Unavailable Statistics at the end of the statistics menu. This will show the unavailable
statistics in greyed out text. These statistics cannot be selected. For example, if you have selected
statistics of type Bitrate, all other types of statistic will be greyed out.
NOTE: Some configurable stats may be hidden if the assigned sessions have been filtered in the
dashboard.
NOTE: For more information on supported statistics, please refer to the section "Specifying Statistics
in Widgets Using XML" on page 317
NOTE: The microburst threshold settings, configured in the service objective for your session, are not
shown in the legend of bar charts. They are currently displayed in the legends of time-series charts
only.
© 2023 Pico Quantitative Trading LLC. All rights reserved 208 .
The ADD STATISTICS button will become greyed out once you have selected the maximum number of
statistics allowed. See "Limiting the Number of Sessions Displayed (Optional)" on page 211.
Aspect Type
If you are displaying distribution statistics you need to select the type of aspect to display for the statistics.
For example, you can display the maximum, minimum, mean or percentile values for Latency type
statistics and some configurable statistics. If you select percentile, you must enter a percentile value.
Note that each aspect is counted as a separate statistic and adds towards the total number of statistics.
Adding a Subtitle (Optional)
Subtitle
You can add an optional subtitle to the widget to clarify its purpose.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
For example, here's a bar chart with a subtitle:
Changing the Session Display Name (Optional)
[Supported in release 9.5.x and later]
Session Display Name
The Session Display Name option allows you to use an alternative name for a session(s) for display on
the legend and graph of the bar chart. The displayed name is based on a tag defined for the session. If you
have already defined the tag name that you want to use for the session, click the toggle switch and select
the tag-type from the dropdown list. If you haven't yet defined a relevant tag for the session, use the tooltip
next to the toggle switch and click on the link that allows you to open the Manage Tags administration
© 2023 Pico Quantitative Trading LLC. All rights reserved 209 .
page. Here you can add a tag to a session by selecting a tag-type and assigning a tag value. The bar chart
will display the tag name instead of the session name for sessions that have values assigned for the
selected tag-type. If a session doesn't have this tag-type defined, the original session name will be
displayed.
You can display the same session with a different name on other widgets by configuring and selecting a
different tag-type.
The new display name is not preserved on click-through to Inspect Data or Session dashboards.
NOTE: If you want to see the original name of a session, click on a point on the chart for that session.
The new display name and original session name are both shown in the tooltip.
Changing the Statistic Display Names (Optional)
[Supported from release 9.6.x]
If you have configured dictionaries of custom statistic names for changing the display name for some of
your statistics, you can select which dictionary you want to use for your bar chart widget by enabling the
Use Custom Statistic Names toggle and selecting a dictionary from the list of configured dictionaries in
the dropdown menu.
Selecting this option replaces the system-defined or configurable statistic names displayed in the legend
and tooltips of the chart with the new names configured in the selected dictionary.
NOTE: If you do not configure a dictionary for your widget, the dictionary selected for the dashboard is
used instead (if configured), otherwise, the global dictionary is used (if configured).
If you want to check, edit or create a new dictionary, you can open the Dashboard XML editor directly
from a GUI widget editor (for widgets that support custom statistic naming) by selecting the tooltip next to
Use Custom Statistic Names and clicking the Dashboards XML Configuration link.
© 2023 Pico Quantitative Trading LLC. All rights reserved 210 .
Advanced Settings
LIMITING THE NUMBER OF SESSIONS DISPLAYED (OPTIONAL)
The maximum number of sessions that can be displayed on a bar chart is
l 100 - if only one grouping is configured
l 20 - if two groupings are configured
In both cases you can (optionally) set your own limit, if you want to further reduce the number of bars
displayed.
Note, however, that the optional value that you can set for the session limit is determined by the number of
stats or aspects configured for the widget, the number of groupings and whether stacking is enabled.
l If stacking is disabled and only one grouping is defined, the product of the number of statistics
defined and the configured session limit cannot be greater than 100. For example, if you set the
session limit to its maximum value of 100, you can only select one statistic for display, or if you
configure 10 statistics, you can only set the session limit to a maximum of 10 sessions.
l If stacking is enabled and only one grouping is defined, the number of stats does not impact the
session limit and you can set it to max 100.
l If two groupings are defined, the product of the number of statistics defined and the configured
session limit cannot be greater than 20. For example, if you set the session limit to its maximum
value of 20, you can only select one statistic for display, or if you configure 10 statistics, you can
only set the session limit to a maximum of 2 sessions.
If you do not define a session limit, the bar chart will display as many bars as possible, based on the
available screenspace, up to 100 bars.
Limit Sessions
To enable session limiting, click the Limit Sessions toggle button. Limiting sessions is disabled by
default. If you enable it, an information message is displayed in the Statistics section informing you that the
session value is limited by the number of statistics selected.
Value
Specify the maximum number of sessions to display on your chart in the range from 1 to 100 (default: 2).
The value that you can enter here determines the maximum number of statistics that you can select.
Limit By
© 2023 Pico Quantitative Trading LLC. All rights reserved 211 .
When a session limit is defined, you must select a statistic to sort your sessions by and then set the sorting
order of the displayed statistics to Ascending or Descending (the default sorting order is descending).
This allows you to control which session results are displayed on the widget by sorting the results in
descending (or ascending) order for the chosen statistic, and then displaying the sessions with the
highest (or lowest) values. For example (stacking disabled), if the widget is set to display a limit of 10
sessions and the sorting statistic is set to packet-bitrate in descending order, the widget will display the
top 10 sessions with the highest bitrate. Similarly, if ascending order is selected, the widget displays data
from the top 10 sessions with the lowest bitrate.
If the statistic requires an aspect, then only one aspect can be defined as the Limit By statistic. If a limit is
applied implicitly then the first statistic (or first aspect of the first statistic if present) is used as the sorting
statistic, descending by default.
APPLYING TIME AND DATA FILTERS (OPTIONAL)
Your bar chart will use the time period and data filters set for the dashboard that it resides in. If you want to
use local time and data filters for your bar chart, you can set them here.
Setting a Time Filter
Enable Local Time Filter
You can set a time-related filter for your bar chart by selecting Enable Local Time Filter and selecting a
time period from the drop-down menu. The allowed options are described in 'Defining a Dashboard or
Widget Time Period' in the topic "Dashboard Context Settings - XML" on page 143. After setting and
saving a local time filter, the icon is displayed on top of the widget to indicate that the widget has its
own time period set.
NOTE: If you want to change the time period on the widget, you can click the or icon and make
a different selection. However, this does not override the local time period selected in the GUI widget
editor page. If you now edit and save changes to the widget using the GUI widget editor, the time
period will be reset to the value that you had originally selected in the GUI editor. If you want to keep
using the locally selected time period, ensure that you also set it within the widget editor.
Setting Data Filters
Enable Local Data Filters
You can set local data filters by selecting Enable Local Data Filters and adding filters, and/or you can
use the existing filters from the dashboard by setting the Inherit Global Filter button. Data filtering is
based on tags, tag-types, and sessions.
© 2023 Pico Quantitative Trading LLC. All rights reserved 212 .
Refer to "Defining Data Filters" in "Dashboard Context Settings - XML" on page 143 for the full set of data
filters and some examples of how to apply them.
Inheriting Global Filters is enabled by default. After setting up local filters, the icon is displayed on
top of the widget to indicate that the widget has its own local data filters.
NAVIGATING TO INSPECT DATA VIEWS (OPTIONAL)
Inspect Data Target View
You can set a target view when navigating to Inspect Data from a bar on the bar chart. The view that is
opened in Inspect Data can be pre-selected by selecting one of the view options under Inspect Data
Target View. If you do not select an option here, the dashboard click through view will be used. If the
dashboard's view does not exist, or none is given, then the first Inspect Data view defined is opened.
Maximum Number of Sessions on a Bar Chart
The maximum number of sessions (or tags) that can be displayed on a bar chart is 100 but the actual
number of sessions displayed may be reduced if there is insufficient screen space available. For example,
if a given bar chart has space to display 60 bars, this could be divided up in several ways:
Bar Chart Grouping Number of Statistics Stacking Number of Sessions
Single level 1 N/A 60
Single level 5 Yes 60
Single level 5 No 60/5 = 12
7-12, depending on time
Two levels 1 Yes (Required)
period.
The table shows that the number of sessions displayed depends on the number of statistics selected for
display and the number of items in the primary and secondary groupings. As the maximum number of bars
allowed is 100, the product of these values cannot be greater than this. If you select a lot of statistics, the
number of items being grouped may be reduced to keep within this limit, starting with the secondary
grouping. For example, if the secondary grouping is Time, the number of days displayed may be reduced.
Note that stacked/ overlaid statistics count as just one bar.
Example of a Bar Chart Widget Using the Widget Editor
The example below shows the creation of a simple bar chart using the widget editor, and the resulting
chart on the dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 213 .
DEFINING A BAR CHART USING XML
NOTE: Bar chart widgets can be added to grid-based and canvas-based dashboards. Canvas-based
dashboards require additional XML attributes highlighted below. Canvas-based dashboards are
supported in 9.6.1 and later releases.
You can add a bar chart widget to a user-defined dashboard on the Dashboards screen by clicking
and selecting Add a Widget. Select the Bar Chart icon from the widget menu to open the bar chart
widget editor. Click </> XML VIEW to view/edit the XML code for your chart. You can also define a bar
chart for a dashboard by editing the Dashboard XML (select System Administration mode, then the
© 2023 Pico Quantitative Trading LLC. All rights reserved 214 .
Dashboards editor).
You define a bar chart widget using the barChart element.
In the following example, a bar chart named Top Clients displays packet bitrate measurements in the
request and response directions for up to ten sessions, grouped by client:
Here's the equivalent XML configuration:
<barChart “height=”4” showLegend="true" stacked=”true” title=”Top Clients”
width=”12”>
<limit number=”10”>
<sortingStat direction=”request” sort=”descending” type=”packet-bitrate”/>
</limit>
<grouping>
<groupBy tagType="Client"/>
<groupBy time="true"/>
</grouping>
<stat direction=”request” type=”packet-bitrate”/>
<stat direction=”response” type=”packet-bitrate”/>
</barChart>
Bar Chart Required Settings
The positioning of the elements within the XML configuration used to define your bar chart widget must
follow the order below:
1. context (optional)
2. subtitle (optional)
3. limit (optional)
4. stat
© 2023 Pico Quantitative Trading LLC. All rights reserved 215 .
NAME AND DIMENSIONS
The bar chart widget specifies
title=""
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specifies the displayed name of the widget.
height=""
Specifies the height of the widget.
The range is 100 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 4 on grid-based dashboards.
width=""
Specifies the width of the widget.
The range is 200 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 12 on grid-based dashboards.
NOTE: For grid-based dashboards, the recommended minimum dimensions are: 3x3 (width x height).
The recommended maximum dimensions are: 12x4 (width x height).
For canvas-based dashboards, the dimensions are based on pixels. The default dimensions are:
400x250 (width x height). The minimum dimensions are 200x100 (width x height) and the maximum
dimensions are 4000x4000.
POSITION ON CANVAS
[Mandatory for canvas-based dashboards. Not supported for grid-based dashboards]
The x and y attributes determine the position of the widget on the canvas dashboard, where the center
point of the canvas is at coordinates x="0", y="0". When you add a widget it is placed by default in the top
left corner of the displayed canvas screen.
x=""
Specifies the x coordinate or horizontal position of the widget on the canvas. Attribute “x” must be
between -5000 and 5000.
© 2023 Pico Quantitative Trading LLC. All rights reserved 216 .
y=""
Specifies the y coordinate or vertical position of the widget on the canvas. Attribute “y” must be between -
5000 and 5000.
NOTE: On canvas-based dashboards, be aware that changing the height and width or x and y
attributes using XML can result in the widget overlapping other elements on the dashboard (this also
happens if you use the mouse to resize or move a widget on the canvas). If this is not intended, you
can reposition the widget or the overlapped elements later when you view the canvas.
DISPLAY STYLE
You can enable/disable a stacked display of results for the chart. To display results as stacked, set the
stacked attribute to true.
NOTE: Stacking is disabled by default (stacked attribute set to false) but is automatically enabled
when more than one grouping is enabled and multiple statistics are selected.
SPECIFYING THE STATISTIC TO REPORT
[Mandatory for grid-based and canvas-based dashboards]
There are parameters used to specify the reported statistic and session direction.
stat direction=""
Specifies the required session direction: request or response
stat type=""
Specifies the system-defined statistic to report.
stat name=""
Specifies the name of a defined configurable statistic.
aspect type=""
Specifies the aspect of a distribution statistic: min, mean, max, percentile. If you specify a percentile
aspect, you use the value="" parameter to specify the percentile value.
© 2023 Pico Quantitative Trading LLC. All rights reserved 217 .
NOTE: For more information on supported statistics, please refer to the section "Specifying Statistics
in Widgets Using XML" on page 317.
Adding a Subtitle (Optional)
You can add an optional subtitle to the widget to clarify its purpose. Enter the subtitle text between
<subtitle></subtitle> tags and place it on a separate line AFTER the basic widget settings and
BEFORE any other tags.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
For example, here's a bar chart with a subtitle:
Here's the equivalent XML:
<barChart “height=”4” showLegend="true" stacked=”true” title=”Top Clients”
width=”12”>
<subtitle>Average bitrate for our main clients</subtitle>
<limit number=”10”>
<sortingStat direction=”request” sort=”descending” type=”packet-bitrate”/>
</limit>
<grouping>
<groupBy tagType="Client"/>
<groupBy time="true"/>
</grouping>
<stat direction=”request” type=”packet-bitrate”/>
<stat direction=”response” type=”packet-bitrate”/>
</barChart>
© 2023 Pico Quantitative Trading LLC. All rights reserved 218 .
Hiding the Graph Legend (Optional)
Use the showLegend="false" parameter in the timeSeriesChart element to optionally hide the
graph legend.
For example:
<barChart “height=”4” showLegend="false" stacked=”true” title=”Top Clients”
width=”12”>
<sortingStat direction=”request” sort=”descending” type=”packet-bitrate”/>
<grouping>
<groupBy tagType="Client"/>
</grouping>
<stat direction=”request” type=”packet-bitrate”/>
</barChart>
Grouping Results
Use the grouping and groupBy attributes to group the displayed results according to a specified tag-
type or session and by time. The bar chart allows the following grouping options - groupBy tagType,
groupBy sessions and groupBy time. You must select at least one groupBy attribute (known as
the Primary grouping) for displaying your results. If you only select one grouping, note that grouping by
time only is not allowed. If you select two groupings, the bar chart will display these results as stacked. The
first groupBy attribute is known as the primary grouping, the second is known as the secondary
grouping.
If you select a primary grouping of sessions or tagType, you can then optionally select a secondary
grouping. If you select a primary grouping of time, you must also select a secondary grouping. Grouping
by time will be by hour, day or week, based on the selected global or local time period. If Live View is
selected, the group by time selection is ignored and the x-axis shows group by tag or session instead.
In the first example below, the packet bitrate results for the request direction for the past 7 days is shown,
grouped by Client with no secondary grouping.
© 2023 Pico Quantitative Trading LLC. All rights reserved 219 .
Here's the equivalent XML:
<barChart “height=”4” showLegend="false" stacked=”true” title=”Top Clients”
width=”12”>
<sortingStat direction=”request” sort=”descending” type=”packet-bitrate”/>
<grouping>
<groupBy tagType="Client"/>
</grouping>
<stat direction=”request” type=”packet-bitrate”/>
</barChart>
In the second example, the same results are shown but this time a secondary grouping of Time has been
configured for the widget.
Here's the equivalent XML:
© 2023 Pico Quantitative Trading LLC. All rights reserved 220 .
<barChart “height=”4” showLegend="false" stacked=”true” title=”Top Clients”
width=”12”>
<sortingStat direction=”request” sort=”descending” type=”packet-bitrate”/>
<grouping>
<groupBy tagType="Client"/>
<groupBy time="true"/>
</grouping>
<stat direction=”request” type=”packet-bitrate”/>
</barChart>
NOTE: The resolution of the bars is automatically selected based on the time range selected on the
global time period selector. For example, if you have selected to display results for the last 60 or 30
days, or have create a custom period longer than 14 days, the bars are grouped into weeks. For
anything less than 14 days, the bars are grouped by day, but if less than 48 hours, the bars are not
grouped by time.
Changing the Session Display Name (Optional)
[Supported in release 9.5.x and later]
The displayNameTagType attribute allows you to use an alternative name for a session(s) for display
on the legend and graph of the bar chart. The displayed name is based on a tag defined for the session.
Set the attribute to the tag-type that you want to use for renaming the session.
For example, the bar chart here will display the tag name in tag-type "User" instead of the session name,
for any sessions configured with this tag-type. If a session doesn't have this tag type defined, the original
session name will be displayed.
<barChart displayNameTagType="User" “height=”4” showLegend="false" stacked=”true”
title=”Top Sessions” width=”12”>
<sortingStat direction=”request” sort=”descending” type=”packet-bitrate”/>
<grouping>
<groupBy session="true"/>
<groupBy time="true"/>
</grouping>
<stat direction=”request” type=”packet-bitrate”/>
</barChart>
You can define a tag-type and tag value for a session on the Manage Tags administration page or via CLI
command.
You can display the same session with a different name on other widgets by configuring a different tag-
type.
The new display name is not preserved on click-through to Inspect Data or Session dashboards.
© 2023 Pico Quantitative Trading LLC. All rights reserved 221 .
NOTE: If you want to see the original name of a session, click on a point on the bar for that session. The
new display name and original session name are both shown in the tooltip.
Changing the Statistic Display Names (Optional)
[Supported in release 9.6.x and later]
If you have configured dictionaries of custom statistic names for changing the display name for some of
your statistics, you can select which dictionary you want to use for your bar chart widget using the
statConfig attribute. The list of available dictionaries is listed when you type the attribute.
Selecting this option replaces the system-defined or configurable statistic names displayed in the legend
and tooltips of the chart with the new names configured in the selected dictionary.
NOTE: If you do not configure a dictionary for your widget, the dictionary selected for the dashboard is
used instead (if configured), otherwise, the global dictionary is used (if configured).
Limiting the Number of Sessions Displayed (Optional)
The maximum number of sessions that can be displayed on a bar chart is
l 100 - if only one grouping is configured
l 20 - if two groupings are configured
In both cases you can (optionally) set your own limit, if you want to further reduce the number of bars
displayed.
Note, however, that the optional value that you can set for the session limit (<limit></limit>) is
determined by the number of stats or aspects configured for the widget, the number of groupings and
whether stacking is enabled.
l If stacking is disabled and only one grouping is defined, the product of the number of statistics
defined and the configured session limit cannot be greater than 100. For example, if you set the
session limit to its maximum value of 100, you can only select one statistic for display, or if you
configure 10 statistics, you can only set the session limit to a maximum of 10 sessions. In this
scenario, the range for (<limit></limit>) is 1-100, but the value you enter determines the
maximum number of statistics that you can configure.
l If stacking is enabled and only one grouping is defined, the number of stats does not impact the
session limit and you can set it to max 100. In this case, the number of sessions
(<limit></limit>) to be displayed can be any value in range from 1 to 100.
© 2023 Pico Quantitative Trading LLC. All rights reserved 222 .
l If two groupings are defined, the product of the number of statistics defined and the configured
session limit cannot be greater than 20, so the range for (<limit></limit>) is 1-20 in this
case. For example, if you set the session limit to its maximum value of 20, you can only select one
statistic for display, or if you configure 10 statistics, you can only set the session limit to a
maximum of 2 sessions.
If you do not define a session limit, the bar chart will display as many bars as possible, based on the
available screenspace, up to 100 bars.
When a limit is defined it requires a sortingStat (statistic) to be defined. That statistic has an additional
optional attribute sort (ascending/descending) set to descending by default. This allows you to control
which session results are displayed on the widget by sorting the results in descending (or ascending)
order for the chosen statistic, and then displaying the sessions with the highest (or lowest) values. For
example, if the widget is set to display a limit of 10 sessions and sortingStat is set to packet-bitrate in
descending order, the widget will display the top 10 sessions with the highest bitrate. Similarly, if
ascending order is selected, the widget displays data from the top 10 sessions with the lowest bitrate.
If the sorting statistic requires an aspect then only one aspect can be defined using parameter <aspect>
under the sortingStat context. If a limit is applied implicitly then the first statistic (or first aspect of the
first statistic if present) is used as the sorting statistic, descending by default.
In the following example, a limit of ten sessions is applied.
<barChart “height=”4” showLegend="true" stacked=”true” title=”Top Clients”
width=”12”>
<subtitle>Average bitrate for our main clients</subtitle>
<limit number=”10”>
<sortingStat direction=”request” sort=”descending” type=”packet-bitrate”/>
</limit>
<grouping>
<groupBy tagType="Client"/>
<groupBy time="true"/>
</grouping>
<stat direction=”request” type=”packet-bitrate”/>
<stat direction=”response” type=”packet-bitrate”/>
</barChart>
Context Settings (Optional)
Bar charts can have an optional context element that specifies filtering and time-related settings, similar
to that available at the dashboard level.
© 2023 Pico Quantitative Trading LLC. All rights reserved 223 .
For more information on the available filtering and time settings, please refer to the section "Dashboard
Context Settings - XML" on page 143.
Example Bar Chart Widgets
In the following example, a bar chart named Latency per Venue displays minimum, mean, maximum
and percentile latency measurements for up to four sessions starting with the minimum values, grouped
by venue:
Here's the corresponding XML configuration:
<barChart height="4" showLegend="true" stacked="false" title="Latency per Venue"
width="12">
<limit number="4">
<sortingStat direction="request" sort="descending"
type="latency">
<aspect type="min"/>
</sortingStat>
</limit>
<grouping>
<groupBy tagType="Client"/>
</grouping>
<stat direction="request" type="latency">
<aspect type="min"/>
<aspect type="mean"/>
<aspect type="max"/>
<aspect type="percentile" value="50.00000"/>
</stat>
</barChart>
© 2023 Pico Quantitative Trading LLC. All rights reserved 224 .
In the following example, the same statistics are shown but this time the results are stacked (overlaid
results) and are grouped by venue and time:
Here's the corresponding XML configuration:
<barChart height="4" showLegend="true" stacked="true" title="Latency per Venue"
width="12">
<limit number="4">
<sortingStat direction="request" sort="descending"
type="latency">
<aspect type="min"/>
</sortingStat>
</limit>
<grouping>
<groupBy tagType="Client"/>
<groupBy time="true"/>
</grouping>
<stat direction="request" type="latency">
<aspect type="min"/>
<aspect type="mean"/>
<aspect type="max"/>
<aspect type="percentile" value="50.00000"/>
</stat>
</barChart>
In the following example, a bar chart named Message and Packet Count displays multiple statistics in
the same chart and where the session display name has been changed to use the "Client" tag name:
© 2023 Pico Quantitative Trading LLC. All rights reserved 225 .
Here's the corresponding XML configuration. In this example, similar statistics are used so that the one y-
axis – “Counts” – can be used:
<barChart displayNameTagType="Client" height="4" showLegend="true"
stacked="false" title="Message and Packet Count" width="12">
<limit number="10">
<sortingStat direction="request" sort="descending" type="packet-
count"/>
</limit>
<grouping>
<groupBy session="true"/>
</grouping>
<stat direction="request" type="message-count"/>
<stat direction="request" type="packet-count"/>
</barChart>
In the following example, a bar chart displays statistics with customized names:
© 2023 Pico Quantitative Trading LLC. All rights reserved 226 .
Here's the corresponding XML configuration. In this example, the selected dictionary "english", contains
custom names for the Orders statistics:
<barChart height="4" showLegend="true" stacked="false" statsConfig="english"
title="Orders chart" width="12">
<grouping>
<groupBy sessions="true"/>
</grouping>
<stat direction="request" name="Cancels"/>
<stat direction="request" name="Orders"/>
</barChart>
CANVAS-BASED DASHBOARD EXAMPLE
If you are adding a bar chart widget to a canvas-based dashboard, its location will always default to the
top left corner of the displayed screen. Note that the width of the bar chart will determine how many bars
are visible on the width. If you are displaying a lot of sessions or statistics, widen the widget.
In the following example, a simple bar chart widget is added, displaying request and response packet
bytes, grouping by session and time:
<barChart height="550" showLegend="true" stacked="true" title="" width="400" x="-
579" y="-530">
<grouping>
<groupBy sessions="true"/>
<groupBy time="true"/>
</grouping>
<stat direction="request" type="packet-bytes"/>
<stat direction="response" type="packet-bytes"/>
</barChart>
In the canvas dashboard you can see the widget is added to the top left of the displayed canvas.
© 2023 Pico Quantitative Trading LLC. All rights reserved 227 .
DEFINING A SESSION TABLE USING THE WIDGET
EDITOR
NOTE: Session table widgets can be added to grid-based and canvas-based dashboards. The widget
editor contents are slightly different depending on which type of dashboard you are adding the widget
to. These differences are highlighted below. Canvas-based dashboards are supported in 9.6.1 and
later releases.
You can add a session table widget to a user-defined dashboard on the Dashboards screen by clicking
and selecting Add a Widget.
Note: The Add a Widget option is only available for user defined dashboards.
Note: The session table widget is not available in Inspect Data dashboards.
© 2023 Pico Quantitative Trading LLC. All rights reserved 228 .
Select the Session Table icon from the widget menu. This opens a dashboard editor to the Add Session
Table window. The example below shows the session table widget editor launched from the Dashboards
screen.
The settings in the editor window are divided into required and optional settings. Using the guidelines
given below for each setting, make the appropriate updates to create the session table that you require,
then click SAVE to apply the changes and view your session table.
NOTE: You can view/edit the XML code for your chart from the widget editor by clicking </> XML
VIEW. You must save your changes in the GUI EDITING mode before switching to XML editing mode
and vice versa.
You can also edit an existing user-defined session table widget using the GUI editor by clicking on the
arrow on the top right of the widget and selecting Edit. The widget editor will open an Edit Session
Table window, containing the settings options below.
Session Table Required Settings
To create a session table widget using the widget editor, you must configure some basic settings before
you will be allowed to save the new widget. These fields are generally indicated by a * or flagged as
Required.
NOTE: If adding a session table to a canvas-based dashboard only the Statistic values are mandatory.
© 2023 Pico Quantitative Trading LLC. All rights reserved 229 .
NAME AND DIMENSIONS
Specify the title and dimensions of the session table widget.
Title
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specify the display name of the session table.
Height
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the height of the widget. The default height is 2.
Width
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the width of the widget. The default width is 3.
NOTE: For grid-based dashboards, the recommended minimum dimensions are: 3x2 (width x height).
The recommended maximum dimensions are: 12x10 (width x height).
For canvas-based dashboards, the dimensions are based on pixels and can only be changed in the
XML editor.
SPECIFYING THE STATISTICS TO REPORT
[Mandatory for grid-based and canvas-based dashboards]
Specify the statistics and session directions that you want to report in your table. Click ADD STATISTICS
to see the list of available statistics. The statistics are grouped into Packet, Configurable, EQ, Message,
PNQM- Latency and Loss, Microburst and TCP statistics, and most are available in the request and
response session direction. Enable Expand All to see the full list of statistics. You can filter the list of
statistics by entering a string in the Filter by name box on the top right of the ADD STATISTICS
window.
To select a statistic for display, click ADD REQUEST or ADD RESPONSE for each required statistic. You
can only add one statistic at a time and the window will return to the main widget editing page after you
make your selection. Click ADD STATISTICS again to select another statistic. For statistics already
selected, the text will have changed to green and will say RESPONSE/REQUEST ADDED.
© 2023 Pico Quantitative Trading LLC. All rights reserved 230 .
You can select up to 30 statistics for your session table. For each statistic, you can specify the display
method (for example, a bar graph), minimum column width and sort order (ascending or descending).
These options are described further on.
If you want to remove a statistic from the table, click DELETE on the statistic.
NOTE: Only available statistics are shown in the menu. If you want to see the unavailable statistics,
click Show Unavailable Statistics at the end of the statistics menu. This will show the unavailable
statistics in greyed out text. These statistics cannot be selected. For example, some configurable stats
may be hidden if the assigned sessions have been filtered in the dashboard.
NOTE: For more information on supported statistics, please refer to the section "Specifying Statistics
in Widgets Using XML" on page 317.
The ADD STATISTICS button will become greyed out once you have selected the maximum number of
statistics allowed.
Aspect Type
If you are displaying distribution statistics you need to select the type of aspect to display for the statistics.
For example, you can display the maximum, minimum, mean or percentile values for Latency type
statistics and some configurable statistics. If you select percentile, you must enter a percentile value.
Adding a Subtitle (Optional)
Subtitle
You can add an optional subtitle to the widget to clarify its purpose.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
Grouping Session Results by Tag-type (Optional)
Group By Tag
Use the Group By Tag toggle switch to optionally group session results according to a specified tag-
type, selectable from the drop down menu.
© 2023 Pico Quantitative Trading LLC. All rights reserved 231 .
Changing the Session Display Name (Optional)
[Supported in release 9.5.x and later]
Session Display Name
The Session Display Name option allows you to use an alternative name for the session name displayed
on the session table. The alternative display name is based on a tag defined for the session. If you have
already defined the tag name that you want to use for the session, click the toggle switch and select the
tag-type from the dropdown list. If you haven't yet defined a relevant tag for the session, use the tooltip
next to the toggle switch and click on the link that allows you to open the Manage Tags administration
page. Here you can add a tag to a session by selecting a tag-type and assigning a tag value. The session
table will display the tag name instead of the session name for sessions that have values assigned for the
selected tag-type. If a session doesn't have this tag-type defined, the original session name will be
displayed.
You can display the same session with a different name on other widgets by configuring and selecting a
different tag-type.
The new display name is preserved when navigating to a time-series chart from a cell value selected on
the session table.
The new display name is not preserved on click-through to Inspect Data or Session dashboards.
NOTE: If you want to see the original name of a session, click on the session name on the table. The
new display name and original session name are both shown in the tooltip.
NOTE: The Session Display Name option is not available for widgets created on Inspect Data
dashboards or for any templated by session dashboards.
Changing the Statistic Display Names (Optional)
[Supported in release 9.6.x and later]
If you have configured dictionaries of custom statistic names for changing the display name for some of
your statistics, you can select which dictionary you want to use for your session table widget by enabling
the Use Custom Statistic Names toggle and selecting a dictionary from the list of configured
dictionaries in the dropdown menu.
© 2023 Pico Quantitative Trading LLC. All rights reserved 232 .
Selecting this option replaces the system-defined or configurable statistic names displayed in the column
headers and tooltips of the table with the new names configured in the selected dictionary.
NOTE: If you do not configure a dictionary for your widget, the dictionary selected for the dashboard is
used instead (if configured), otherwise, the global dictionary is used (if configured).
If you want to check, edit or create a new dictionary, you can open the Dashboard XML editor directly
from a GUI widget editor (for widgets that support custom statistic naming) by selecting the tooltip next to
Use Custom Statistic Names and clicking the Dashboards XML Configuration link.
Specifying the Default Table Sort Order (Optional)
Sort By
You can sort the order of your table by selecting a statistic to sort your sessions by and setting Sort By to
Ascending or Descending. You can only set this for one statistic. If you do not set a sort order, then the
first statistic (or first aspect of the first statistic, if present) is used as the sorting statistic, descending by
default.
NOTE: The session table widget will display the top 100 sessions after the analytics for all the matching
sessions are analyzed and sorted. If you change to a different sorting statistic, the analytics from all
matching sessions are retrieved again, analyzed and the results are redisplayed, hence the sessions
displayed may change.
Setting Column Widths (Optional)
WIDTH OF FIRST COLUMN
Enable minimum width for primary column
By enabling the Enable minimum width for primary column toggle switch, you can set a minimum
width for the first (session name) column, in the range 60 - 400. The default width is 60.
© 2023 Pico Quantitative Trading LLC. All rights reserved 233 .
PER STATISTIC
Min. Column Width
You can set a minimum width for the column for each statistic that you add, in the range 60 - 400. The
default width is 60.
Defining Cell Visualization (Optional)
Display As
There are two types of cell visualization available for a statistic. Any statistic can be defined as a bar graph
by selecting Bar. If you are displaying Min-Mean-Max distribution statistics, Min-Mean-Max visualization
is selected by default. If you do not select an option, the statistics are displayed as numbers.
Expanding the Session Table in Exported Reports (Optional)
[Available on grid-based dashboards only for Corvil Analytics release 9.7.x and later]
By enabling the Expand vertically to show full content toggle switch, in the Expand PDF /
Scheduled Reporting section, the table will be automatically expanded vertically to show all sessions in
the table (up to the maximum 100 rows) on a dashboard PDF export or scheduled report. If not selected (it
is disabled by default), the PDF/report will only show the session rows visible on the dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 234 .
Advanced Settings
APPLYING TIME AND DATA FILTERS (OPTIONAL)
Your session table will use the time period and data filters set for the dashboard that it resides in. If you
want to use local time and data filters for your session table, you can set them here.
Setting a Time Filter
Enable Local Time Filter
You can set a time-related filter for your session table by selecting Enable Local Time Filter and
selecting a time period from the drop-down menu. The allowed options are described in Defining a
Dashboard or Widget Time Period in "Dashboard Context Settings - XML" on page 143. After setting and
saving a local time filter, the icon is displayed on top of the widget to indicate that the widget has its
own time period set.
NOTE: If you want to change the time period on the widget, you can click the or icon and make
a different selection. However, this does not override the local time period selected in the GUI widget
editor page. If you now edit and save changes to the widget using the GUI widget editor, the time
period will be reset to the value that you had originally selected in the GUI editor. If you want to keep
using the locally selected time period, ensure that you also set it within the widget editor.
Setting Data Filters
Enable Local Data Filters
You can set local data filters by selecting Enable Local Data Filters and adding filters, and/or you can
use the existing filters from the dashboard by setting the Inherit Global Filter button. Data filtering is
based on tags, tag-types, and sessions.
Refer to "Defining Data Filters" in "Dashboard Context Settings - XML" on page 143 for the full set of data
filters and some examples of how to apply them.
Inheriting Global Filters is enabled by default. After setting up local filters, the icon is displayed on
top of the widget to indicate that the widget has its own local data filters.
NAVIGATING TO INSPECT DATA VIEWS (OPTIONAL)
Inspect Data Target View
You can set a target view when navigating to Inspect Data from a session in the table. The view that is
opened in Inspect Data can be pre-selected by selecting one of the view options under Inspect Data
Target View. If you do not select an option here, the dashboard click through view will be used. If the
© 2023 Pico Quantitative Trading LLC. All rights reserved 235 .
dashboard's view does not exist, or none is given, then the first Inspect Data view defined is opened.
Example of a Session Table Widget Using the Widget Editor
The example below shows the creation of a simple session table using the widget editor, and the resulting
table on the dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 236 .
© 2023 Pico Quantitative Trading LLC. All rights reserved 237 .
DEFINING A SESSION TABLE USING XML
NOTE: Session table widgets can be added to grid-based and canvas-based dashboards. Canvas-
based dashboards require additional XML attributes highlighted below. Canvas-based dashboards
are supported in 9.6.1 and later releases.
You can add a session table widget to a user-defined dashboard on the Dashboards screen by clicking
and selecting Add a Widget. Select the Session table icon from the widget menu to open the
session table widget editor. Click </> XML VIEW to view/edit the XML code for your chart. You can also
define a session table for a dashboard by editing the Dashboard XML (select System Administration
mode, then the Dashboards editor).
You define a session table widget using the sessionTable element.
The session table widget is not available in Inspect Data dashboards.
In the following example, a session table named TCP Quality displays TCP zero window and out of
sequence packet counts along with the percentage of out of sequence packets, and the table is sorted
according to zero window packet count with the session seeing the largest number first.
© 2023 Pico Quantitative Trading LLC. All rights reserved 238 .
Here's the equivalent XML configuration:
<sessionTable height=”2” title=”TCP Quality” width=”6”>
<stat direction=”request” sort=”descending” type=”tcp-zero-window-packet-
count”/>
<stat direction=”response” type=”tcp-zero-window-packet-count”/>
<stat direction=”request” type=”tcp-out-of-sequence-packet-count”/>
<stat direction=”request” type=”tcp-retransmitted-oos-percent”/>
<stat direction=”response” type=”tcp-out-of-sequence-packet-count”/>
<stat direction=”response” type=”tcp-retransmitted-oos-percent”/>
</sessionTable>
Required Settings
The positioning of the elements within the XML configuration used to define your session table widget
must follow the order below:
1. context (optional)
2. subtitle (optional)
3. nameColumn (optional)
4. stat
NAME AND DIMENSIONS
The session table widget specifies
title=""
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specifies the displayed name of the widget.
height=""
Specifies the height of the widget.
The range is 100 to 4000 (pixels) on dashboards with a canvas layout.
© 2023 Pico Quantitative Trading LLC. All rights reserved 239 .
The range is 1 to 10 on grid-based dashboards.
width=""
Specifies the width of the widget.
The range is 200 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 12 on grid-based dashboards.
NOTE: For grid-based dashboards, the recommended minimum dimensions are: 3x2 (width x height).
The recommended maximum dimensions are: 12x10 (width x height). The maximum number of
statistics in a session table is 20.
For canvas-based dashboards, the dimensions are based on pixels. The default dimensions are:
400x250 (width x height). The minimum dimensions are 200x100 (width x height) and the maximum
dimensions are 4000x4000.
POSITION ON CANVAS
[Mandatory for canvas-based dashboards. Not supported for grid-based dashboards]
The x and y attributes determine the position of the widget on the canvas dashboard, where the center
point of the canvas is at coordinates x="0", y="0". When you add a widget it is placed by default in the top
left corner of the displayed canvas screen.
x=""
Specifies the x coordinate or horizontal position of the widget on the canvas. Attribute “x” must be
between -5000 and 5000.
y=""
Specifies the y coordinate or vertical position of the widget on the canvas. Attribute “y” must be between -
5000 and 5000.
NOTE: On canvas-based dashboards, be aware that changing the height and width or x and y
attributes using XML can result in the widget overlapping other elements on the dashboard (this also
happens if you use the mouse to resize or move a widget on the canvas). If this is not intended, you
can reposition the widget or the overlapped elements later when you view the canvas.
© 2023 Pico Quantitative Trading LLC. All rights reserved 240 .
SPECIFYING THE STATISTIC TO REPORT
There are also parameters used to specify the reported statistic and session direction.
stat direction=""
Specifies the required session direction: request or response
stat type=""
Specifies the system-defined statistic to report.
stat name=""
Specifies the name of a defined configurable statistic.
aspect type=""
Specifies the aspect of a distribution statistic: min, mean, max, percentile. If you specify a percentile
aspect, you use the value="" parameter to specify the percentile value.
NOTE: For more information on supported statistics, please refer to the section "Specifying Statistics
in Widgets Using XML" on page 317.
Adding a Subtitle (Optional)
You can add an optional subtitle to the widget to clarify its purpose. Enter the subtitle text between
<subtitle></subtitle> tags and place it on a separate line AFTER the basic widget
settings and BEFORE any other tags.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
For example:
<sessionTable height=”2” title=”TCP Quality” width=”6”>
<subtitle>Reporting key TCP stats per session</subtitle>
<stat direction=”request” sort=”descending” type=”tcp-zero-window-packet-
count”/>
<stat direction=”response” type=”tcp-zero-window-packet-count”/>
<stat direction=”request” type=”tcp-out-of-sequence-packet-count”/>
<stat direction=”request” type=”tcp-retransmitted-oos-percent”/>
<stat direction=”response” type=”tcp-out-of-sequence-packet-count”/>
© 2023 Pico Quantitative Trading LLC. All rights reserved 241 .
<stat direction=”response” type=”tcp-retransmitted-oos-percent”/>
</sessionTable>
Grouping Session Results by Tag-type (Optional)
Use the groupByTagType attribute to group session results in the table by tag type.
stat groupByTagType=""
Optionally specify a tag-type by which to group session results.
For example, to display session results grouped by client (via a Client tag-type):
<sessionTable groupByTagType=”Client” height=”2” title=”Client Sessions”
width=”5”>
Changing the Session Display Name (Optional)
[Supported in release 9.5.x and later]
The displayNameTagType attribute allows you to use an alternative name for the session name
displayed on the session table. The alternative display name is based on a tag defined for the session. Set
the attribute to the tag-type that you want to use for renaming the session.
For example, the session table here will display the tag name in tag-type "User" instead of the session
name, for any sessions configured with this tag-type. If a session doesn't have this tag type defined, the
original session name will be displayed.
<sessionTable displayNameTagType="User" height=”2” title=”TCP Quality” width=”6”>
<stat direction=”request” sort=”descending” type=”tcp-zero-window-packet-
count”/>
<stat direction=”response” type=”tcp-zero-window-packet-count”/>
<stat direction=”request” type=”tcp-out-of-sequence-packet-count”/>
<stat direction=”request” type=”tcp-retransmitted-oos-percent”/>
<stat direction=”response” type=”tcp-out-of-sequence-packet-count”/>
<stat direction=”response” type=”tcp-retransmitted-oos-percent”/>
</sessionTable>
You can define a tag-type and tag value for a session on the Manage Tags administration page or via CLI
command.
You can display the same session with a different name on other widgets by configuring a different tag-
type.
© 2023 Pico Quantitative Trading LLC. All rights reserved 242 .
The new display name is preserved when navigating to a time-series chart from a cell value selected on
the session table.
The new display name is not preserved on click-through to Inspect Data or Session dashboards.
NOTE: If you want to see the original name of a session, click on the session name on the table. The
new display name and original session name are both shown in the tooltip.
NOTE: This attribute is not available for widgets created on Inspect Data dashboards or for any
templated by session dashboards.
Changing the Statistic Display Names (Optional)
[Supported in release 9.6.x and later]
If you have configured dictionaries of custom statistic names for changing the display name for some of
your statistics, you can select which dictionary you want to use for your session table widget using the
statConfig attribute. The list of available dictionaries is listed when you type the attribute.
Selecting this option replaces the system-defined or configurable statistic names displayed in the column
headers and tooltips of the chart with the new names configured in the selected dictionary.
NOTE: If you do not configure a dictionary for your widget, the dictionary selected for the dashboard is
used instead (if configured), otherwise, the global dictionary is used (if configured).
Specifying the Default Table Sort Order (Optional)
You can specify the default table sort order with the sort attribute.
stat sort=""
Optionally specify the default sort order of the table contents: descending or ascending
aspect sort=""
Optionally specify the default sort order of the table contents based on a specified aspect of a distribution
statistic: descending or ascending
Setting Column Widths (Optional)
Column width can be set for statistics using the attribute minWidthPixels (Range: 60 -400):
<stat type="loss-percent" direction="request" minWidthPixels="80"/>
© 2023 Pico Quantitative Trading LLC. All rights reserved 243 .
Primary name column widths can also be set:
<nameColumn minWidthPixels="400"/>
Aspects and aspect groups can also be configured:
<stat direction="request" type="tcp-roundtrip-time">
<aspect type="min"/>
<aspect type="mean" minWidthPixels="80"/>
<aspect type="max"/>
</stat>
Defining Cell Visualization (Optional)
There are two types of cell visualizations available using the displayAs attribute. Any statistic can be
defined as a bar graph using the format below:
<stat direction="request" displayAs="bar" type="packet-bitrate"/>
The Min Mean Max visualization can be defined as an aspectGroup:
<stat direction="request" type="latency">
<aspectGroup displayAs="min-mean-max"/>
Expanding the Session Table in Exported Reports (Optional)
[Available on grid-based dashboards only for Corvil Analytics release 9.7.x and later]
You can set a session table to be automatically expanded vertically to show up to 100 session rows on a
dashboard PDF or report by setting the expandVerticallyInPdf attribute to "true". It is "false" by
default.
<sessionTable expandVerticallyInPdf="true" height="2" title="New York" width="3">
<stat direction="request" type="packet-bitrate"/>
<stat direction="request" type="packet-count"/>
</sessionTable>
Context Settings (Optional)
Session tables can have an optional context element that specifies filtering and time-related settings,
similar to that available at the dashboard level.
© 2023 Pico Quantitative Trading LLC. All rights reserved 244 .
For more information on the available filtering and time settings, please refer to the section Dashboard
Context Settings - XML.
Example Session Table Widgets
In the following example, a session table named TCP Roundtrip Times displays minimum, mean and
maximum request and response TCP roundtrip and TCP connection setup times, along with another
column in each case that displays the min, mean and max measurements in a single column.
Here is the corresponding XML configuration. In this example the session table is also sorted by the mean
request TCP roundtrip time. The aspectGroup attribute is used to display the Min Mean Max columns.
<sessionTable height="2" title="TCP Roundtrip Times" width="12">
<stat direction="request" type="tcp-roundtrip-time">
<aspect type="min"/>
<aspect sort="descending" type="mean"/>
<aspect type="max"/>
<aspectGroup displayAs="min-mean-max"/>
</stat>
<stat direction="response" type="tcp-roundtrip-time">
<aspect type="min"/>
<aspect type="mean"/>
<aspect type="max"/>
<aspectGroup displayAs="min-mean-max"/>
</stat>
<stat direction="request" type="tcp-total-roundtrip-time">
<aspect type="min"/>
<aspect type="mean"/>
<aspect type="max"/>
<aspectGroup displayAs="min-mean-max"/>
</stat>
</sessionTable>
In the following example, a session table named MOS Scores displays results grouped by the tag-type
VoIP-Site with associated tags like Whitefriars, Tokyo, Frankfurt and Chicago.
© 2023 Pico Quantitative Trading LLC. All rights reserved 245 .
Here's the corresponding XML configuration. In this case the table can be sorted on the Loss column. The
displayed results include minimum, maximum and percentile values:
<sessionTable groupByTagType="VoIP-Site" height="4" title="MOS Scores"
width="12">
<stat direction="response" name="MOS-LQ x10">
<aspect type="min"/>
</stat>
<stat direction="request" name="RTP-MOS x100">
<aspect type="min"/>
</stat>
<stat direction="response" name="RTP-MOS x100">
<aspect type="min"/>
</stat>
<stat direction="request" name="Registration"/>
<stat direction="request" sort="descending" type="loss"/>
<stat direction="request" type="latency">
<aspect type="max"/>
<aspect type="percentile" value="99"/>
<aspect type="mean"/>
</stat>
</sessionTable>
In the following example, a session table displays statistics with customized names:
Here's the corresponding XML configuration. In this example, the selected dictionary "spanish", contains
custom names for the Canceled and Rejected Orders statistics:
© 2023 Pico Quantitative Trading LLC. All rights reserved 246 .
<sessionTable height="2" statsConfig="spanish" title="Informacion de Ordenes"
width="5">
<stat direction="request" name="Cancels"/>
<stat direction="response" name="Rejects"/>
</sessionTable>
CANVAS-BASED DASHBOARD EXAMPLE
If you are adding a session table widget to a canvas-based dashboard, its location will always default to
the top left corner of the displayed screen.
In the following example, a simple session table widget is added, displaying request and response packet
bytes:
<sessionTable height="250" title="" width="400" x="-1333" y="-341">
<stat direction="request" type="packet-bytes"/>
<stat direction="response" type="packet-bytes"/>
</sessionTable>
In the canvas dashboard you can see the widget is added to the top left of the displayed canvas.
DEFINING A NOTE USING THE WIDGET EDITOR
NOTE: Notes widgets can be added to grid-based and canvas-based dashboards. The widget editor
contents are slightly different depending on which type of dashboard you are adding the widget to.
These differences are highlighted below. Canvas-based dashboards are supported in 9.6.1 and later
releases.
The notes widget enables you to put informational content on a dashboard. Up to ten notes widgets can
be defined on a given dashboard.
You can add a notes widget to a user-defined dashboard on the Dashboards or Inspect Data screens by
clicking and selecting Add a Widget.
© 2023 Pico Quantitative Trading LLC. All rights reserved 247 .
Note: The Add a Widget option is only available for user defined dashboards.
Select the Notes icon from the widget menu. This opens a dashboard editor to the Add Notes window.
The example below shows the notes widget editor launched from the Dashboards screen.
The settings in the editor window are divided into required and optional settings. Using the guidelines
given below for each setting, make the appropriate updates to create the notes widget that you require,
then click SAVE to apply the changes and view your widget.
If you add a notes widget to a canvas-based dashboard (release 9.6.1 and later only) you will see the
additional option of Background Color.
© 2023 Pico Quantitative Trading LLC. All rights reserved 248 .
NOTE: You can view/edit the XML code for your chart from the widget editor by clicking </> XML
VIEW. You must save your changes in the GUI EDITING mode before switching to XML editing mode
and vice versa.
You can also edit an existing user-defined notes widget using the widget editor by clicking on the
arrow on the top right of the widget and selecting Edit. The widget editor will open an Edit Notes
window, containing the settings options below.
Notes Required Settings
To create a notes widget using the widget editor, you must configure some basic settings before you will
be allowed to save the new widget. These fields are generally indicated by a * or flagged as Required.
NOTE: If adding a notes widget to a canvas-based dashboard, there are no mandatory settings.
NAME AND DIMENSIONS
Specify the title and dimensions of the notes widget.
Title
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specify the display name of the notes widget.
Height
© 2023 Pico Quantitative Trading LLC. All rights reserved 249 .
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the height of the widget. The default height is 1.
Width
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the width of the widget. The default width is 2.
NOTE: For grid-based dashboards, the recommended minimum dimensions are: 2x1 (width x height).
The recommended maximum dimensions are: 12x10 (width x height).
For canvas-based dashboards, the dimensions are based on pixels and can only be changed in the
XML editor.
Adding a Subtitle (Optional)
Subtitle
You can add an optional subtitle to the widget to clarify its purpose.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
Changing the Background Color (Optional)
[Supported in release 9.6.1 and later]
Available for widgets being added to canvas-based dashboards only, you can change the background
color of the note. This can be useful if you want to group related items on the dashboard canvas by adding
a colored Notes widget to act as a background palette for those items.
Adding Content to a Notes Widget
You define the note content using a supported version of Markdown. You can enter text, hyperlinks,
images and video content in notes.
If the text is too long for the widget width it wraps the line. If the content is longer than the widget height, a
vertical scrollbar is inserted (grid-based dashboards only - see note below). Note widgets are static in the
sense that when no data updates are received to the page, the note widget does not change (unless it has
been edited or modified).
© 2023 Pico Quantitative Trading LLC. All rights reserved 250 .
Markdown notation is translated into HTML. Since this content is static in nature, the widgets local menu
has no options for local widget time periods, only to edit or delete the widget.
Lightbox mode is available for full screen viewing of the widget content.
You cannot change the font face or color and font size is adjusted using the pre-styled header tag
markdown.
Images imported using Manage Images can be included and can be re-dimensioned by appending a
scaling factor to the image file name.
If you want to include video content from Youtube, you use the image syntax and insert the youtube video
URL for the image URL. Image dimension syntax is also supported.
NOTE: Whether embedded video content can be played back will be dictated by the content owners
and Youtube. For more information see Youtube's help center for additional documentation.
NOTE: Notes widgets on canvas-based dashboards do not have a scrollbar, hence when you add a
notes widget, the full note is displayed even if the content overflows the widget height. However,
clicking the autofit button may not display the overflown part of the note on the dashboard, and a PDF
export of the dashboard may not show the full note in the PDF. This can happen if the widget is at the
edge of the dashboard screen, for example. To prevent this, Pico recommends that you resize the
notes widget to fit the contents.
The following sections describe the supported Markdown format for
l Text
l Paragraphs
l Headings
l Blockquotes
l Bold text
l Italic text
l Hyperlinks
l Images
l XML
l Video
PARAGRAPHS
Up to 5000 characters of text content can be added to the Content box. The HTML converted content
appears as entered in <p> tags and the resulting text displayed in the widget mirrors the text typed in the
Content box, except where special characters are used for the cases described below.
© 2023 Pico Quantitative Trading LLC. All rights reserved 251 .
For example:
Line 1
Still line 1
Line 2
To start on a new line, type 2 spaces at the end of the previous line, or if you want to start a new
paragraph, add a blank line after the previous paragraph.
For example:
Line 1
New line
New paragraph
HEADINGS
Indicate headings with #. The number of '#' characters indicates the header level. Header levels 1-6 are
supported.
For example:
#header
BLOCKQUOTES
Indicate blockquotes with >. The '>' must be at the start of the line, and new line notation is the same as
<p>.
For example:
>Text
BOLD TEXT
Use ** or __ to create bold text.
© 2023 Pico Quantitative Trading LLC. All rights reserved 252 .
For example:
**bold text** or __bold text__
ITALIC TEXT
Use * or _ to create italic text.
For example:
*italic text* or _italic text_
LISTS
You can make an unordered list by preceding list items with '*', '-' or '+' (can be used interchangeably).
For example:
+ item one
+ item two
will display a bulleted list in the note widget.
You can make an ordered list by preceding list items with a number.
For example:
1. text
2. text
HYPERLINKS
You can define an inline link by putting the link text in square brackets ( `[ ]` ), and then putting the link in
parentheses ( `( )` ).
For example, use this code to
l create a hyperlink to www.pico.net
l with link text that says "Pico Home”
© 2023 Pico Quantitative Trading LLC. All rights reserved 253 .
l and tooltip text (clarifying the purpose of the link)"Go to PicoHome"
[Pico Home](http://www.pico.net/ "Go to Pico Home")
Reference:
You can also use references. For example:
This is a [link to pico][id]
.
.
.
[id]: http://www.pico.net
IMAGES
Images of type GIF, PNG, SVG, JPG or JPEG that have been imported via the Manage Images screen
can be displayed in a notes widget.
The image syntax is similar to the syntax for links, and also supports inline linking in the same browser tab
or to a new browser tab, and reference options.
Including an Unlinked Image
To include an unlinked image in a note, the syntax is:
An exclamation mark: (!) followed by a set of square brackets, containing the alt attribute text for the
image (shown if the image cannot be displayed for some reason) followed by a set of parentheses,
containing the filename of the image and tooltip text for the image (shown if you hover the cursor over the
image). You can rescale the image in the note by following the file name with an equals sign and the
scaling % or you can set absolute x and y dimensions.
Adding tooltip text and a scaling factor is optional.
You can copy the name of the image file from the Manage Images screen by selecting the action Copy
File Name for the image, then pasting it into the image Markdown notation in the widget.
NOTE: The full path name for the image is not required as all images imported via the Manage
Images screen are stored in the same pre-defined folder on your appliance.
© 2023 Pico Quantitative Trading LLC. All rights reserved 254 .
Rescaling the image on the Notes widget
Every type of image included on the widget can be rescaled or resized within the context of the widget by
adding a scaling factor after the filename. Dimensions can be defined in % and pixels units. For example:
=100%x* - auto-scales the image to 100% of the width of the notes widget
=80%x* - auto-scales the image to 80% of the width of the notes widget
=100x100 – sets an absolute height and width in px units
Note that setting the height and width to absolute values can result in a blurred or skewed image. Also,
some image types can become blurred when the size is increased, if the imported image is small.
For example, if you want to include an imported image file "spark.png" in your note, displayed in its original
size, use
To scale the image to half the width of the note, use
and to fill the width of the note
Including a Linked Image
Your image can contain an inline link that can be opened in the same browser tab or in a new browser tab.
.. in a new browser tab
To include a linked image that opens the link in a new browser tab, the syntax is:
An exclamation mark: (!) followed by a set of square brackets, containing the alt attribute text for the
image followed by a set of parentheses, containing the filename of the image followed by a rescaling value
if required. After the closing square bracket, another set of parentheses, containing the URL to the link
followed by tooltip text for the link (shown if you hover the cursor over the image). After the closing
parenthesis, curly brackets containing the fixed text {:target="_blank"}.
For example:
© 2023 Pico Quantitative Trading LLC. All rights reserved 255 .
[](URL "tooltip text"){:target="_
blank"}
Adding tooltip text and a scaling factor is optional.
For example:
[](https://www.example.com "Go to example.com")
{:target="_blank"}
.. in the same browser tab
To include a linked image in a note that opens the link in the same browser tab, the syntax is:
An exclamation mark: (!) followed by a set of square brackets, containing the alt attribute text for the
image followed by a set of parentheses, containing the filename of the image followed by a rescaling value
if required. After the closing square bracket, another set of parentheses, containing the URL to the new
page and then tooltip text for the link (shown if you hover the cursor over the image).
[](URL "tooltip text")
Adding tooltip text and a scaling factor is optional.
This option can be used if you want the link to open another dashboard screen (on the same tab), for
example:
[](ui#/dashboard?dashboard=TCP%20detail
"Go to TCP detail dashboard")
You can reference a simple image in a note, but not a linked image. For example:
Here is the logo ![alt text][id]
.
.
.
[id]: logo.svg "spark logo"
© 2023 Pico Quantitative Trading LLC. All rights reserved 256 .
XML
Use ``` to display text in XML format. This option is useful for displaying a command or a string of code.
For example:
```<notes height="10" title="Pico Notes" width="12"><content>#Markdown
Notation Examples</content></notes>```
displays the XML code in the note as
VIDEO
Use an exclamation mark (!) followed by a set of square brackets, containing the alt attribute text for the
video (shown if the video cannot be displayed for some reason) followed by a set of parentheses,
containing the URL or path to the Youtube video. You can also specify the video dimensions, using the
image dimension syntax to customize how the video is displayed.
Video content is rendered inside an iframe.
For example:
NOTE: Currently only Youtube is supported for embedding video.
Reference:
Here is the video ![alt text][id]
.
.
.
[id]: https://www.youtube.com/watch?v=video-id =100%x100%
© 2023 Pico Quantitative Trading LLC. All rights reserved 257 .
NOTE: If you want to use Markdown characters in their literal sense, for example, to use underscore
characters for "a_file_name" (in this case Markdown translates the word ‘file’ to italics), escape the
relevant character(s) with a backslash symbol. For example, use: a\_file\_name
Example of a Notes Widget Using the Widget Editor
The example below shows the creation of a notes widget using the widget editor, and the resulting widget
on the dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 258 .
DEFINING A NOTE USING XML
NOTE: Notes widgets can be added to grid-based and canvas-based dashboards. Canvas-based
dashboards require additional XML attributes highlighted below. Canvas-based dashboards are
supported in 9.6.1 and later releases.
You can add a notes widget to a user-defined dashboard on the Dashboards screen by clicking and
selecting Add a Widget. Select the Notes icon from the widget menu to open the notes widget editor.
Click </> XML VIEW to view/edit the XML code for your chart. You can also define a notes widget for a
dashboard by editing the Dashboard XML (select System Administration mode, then the Dashboards
editor).
The notes widget enables you to put informational content on a dashboard. Use the notes element to
define a notes widget. Up to ten notes widgets can be defined on a given dashboard.
Here's an example notes widget displayed in a dashboard:
© 2023 Pico Quantitative Trading LLC. All rights reserved 259 .
Here is the equivalent XML configuration:
<notes height=”4” title=”Example Notes Widget” width=”6”>
<content>The notes widget enables you to put informational content on a
dashboard.
Use the *notes* element to define a notes widget. Up to ten notes widgets can be
defined on a given dashboard.
Notes widgets are not available for __Inspect Data__ dashboards.
</content>
</notes>
Notes Required Settings
The positioning of the elements within the XML configuration used to define your notes widget must follow
the order below:
1. subtitle (optional)
2. content
NAME AND DIMENSIONS
The basic notes widget settings define:
title=""
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specifies the displayed name of the widget.
height=""
Specifies the height of the widget.
The range is 100 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 10 on grid-based dashboards.
width=""
Specifies the width of the widget.
The range is 200 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 12 on grid-based dashboards.
© 2023 Pico Quantitative Trading LLC. All rights reserved 260 .
NOTE: For grid-based dashboards, the recommended minimum dimensions are: 2x1 (width x height).
The recommended maximum dimensions are: 12x10 (width x height).
For canvas-based dashboards, the dimensions are based on pixels. The default dimensions are:
300x100 (width x height). The minimum dimensions are 200x100 (width x height) and the maximum
dimensions are 4000x4000.
POSITION ON CANVAS
[Mandatory for canvas-based dashboards. Not supported for grid-based dashboards]
The x and y attributes determine the position of the widget on the canvas dashboard, where the center
point of the canvas is at coordinates x="0", y="0". When you add a widget it is placed by default in the top
left corner of the displayed canvas screen.
x=""
Specifies the x coordinate or horizontal position of the widget on the canvas. Attribute “x” must be
between -5000 and 5000.
y=""
Specifies the y coordinate or vertical position of the widget on the canvas. Attribute “y” must be between -
5000 and 5000.
NOTE: On canvas-based dashboards, be aware that changing the height and width or x and y
attributes using XML can result in the widget overlapping other elements on the dashboard (this also
happens if you use the mouse to resize or move a widget on the canvas). If this is not intended, you
can reposition the widget or the overlapped elements later when you view the canvas.
Adding a Subtitle (Optional)
You can add an optional subtitle to the widget to clarify its purpose. Enter the subtitle text between
<subtitle></subtitle> tags and place it on a separate line AFTER the basic widget settings and
BEFORE any other tags.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
© 2023 Pico Quantitative Trading LLC. All rights reserved 261 .
Changing the Background Color (Optional)
[Supported in release 9.6.1 and later]
Available for widgets being added to canvas-based dashboards only, you can change the background
color of the note by using the backgroundColor attribute. This can be useful if you want to group
related items on the dashboard canvas by adding a colored Notes widget to act as a background palette
for those items. The color options you can set are "White", "Grey", "Blue", "Blue 2", "Yellow", "Yellow 2",
"Brown", "Green", "Green 2", "Purple" or "Purple 2".
Adding Content to a Notes Widget
You define the note content inside a pair of <content> tags, within the <notes> tags. You can enter
text, hyperlinks, images and video content in notes using a supported version of Markdown.
If the text is too long for the widget width it wraps the line. If the content is longer than the widget height, a
vertical scrollbar is inserted (grid-based dashboards only - see note below). Note widgets are static in the
sense that when no data updates are received to the page, the note widget does not change (unless it has
been edited or modified).
Markdown notation is translated into HTML. Since this content is static in nature, the widgets local menu
has no options for local widget time periods, only to show/edit/delete the XML.
Lightbox mode is available for full screen viewing of the widget content.
You cannot change the font face or color and font size is adjusted using the pre-styled header tag
markdown.
If you want to include video content from Youtube, you use the image syntax and insert the youtube video
URL for the image URL. Image dimension syntax is also supported.
NOTE: Whether embedded video content can be played back will be dictated by the content owners
and Youtube. For more information see Youtube's help center for additional documentation.
NOTE: Notes widgets on canvas dashboards do not have a scrollbar, hence when you add a notes
widget, the full note is displayed even if the content overflows the widget height. However, clicking the
autofit button may not display the overflown part of the note on the dashboard, and a PDF export of the
dashboard may not show the full note in the PDF. This can happen if the widget is at the edge of the
dashboard screen, for example. To prevent this, Pico recommends that you resize the notes widget to
© 2023 Pico Quantitative Trading LLC. All rights reserved 262 .
fit the contents.
The following sections describe the supported Markdown format for
l Text
l Paragraphs
l Headings
l Blockquotes
l Bold text
l Italic text
l Hyperlinks
l Images
l Video
PARAGRAPHS
Content appears as entered in <p> tags. Up to 5000 characters of text content can be added. XML
reserved characters such as ‘<’ and ‘&’ must be in their escaped format (‘<’ and ‘&’ respectively).
Use blank lines to indicate a new line.
For example:
Line 1
Still line 1
Line 2
HEADINGS
Indicate headings with #. The number of '#' characters indicates the header level. Header levels 1-6
supported.
For example:
#header
© 2023 Pico Quantitative Trading LLC. All rights reserved 263 .
BLOCKQUOTES
Indicate blockquotes with >. The '>' must be at the start of the line, and new line notation is the same as
<p>.
For example:
>Text
BOLD TEXT
Use ** or __ to create bold text.
For example:
**bold text** or __bold text__
ITALIC TEXT
Use * or _ to create italic text.
For example:
*italic text* or _italic text_
LISTS
You can make an unordered list by preceding list items with '*', '-' or '+' (can be used interchangeably).
For example:
+ item one
+ item two
You can make an ordered list by preceding list items with a number.
For example:
© 2023 Pico Quantitative Trading LLC. All rights reserved 264 .
1. text
2. text
HYPERLINKS
You can define an inline link by putting the link text in square brackets ( `[ ]` ), and then putting the link in
parentheses ( `( )` ).
For example, use this code to
l create a hyperlink to www.pico.net
l with link text that says "Pico Home”
l and tooltip text (clarifying the purpose of the link)"Go to PicoHome"
[Pico Home](http://www.pico.net/ "Go to Pico Home")
Reference:
You can also use references. For example:
This is a [link to pico][id]
.
.
.
[id]: www.pico.net
IMAGES
The image syntax is similar to the syntax for links, and also supports inline and reference options.
Use an exclamation mark: (!) followed by a set of square brackets, containing the alt attribute text for the
image (shown if the image cannot be displayed for some reason) followed by a set of parentheses,
containing the URL or path to the image.
For example:
![alt text](URL "tooltip text" =100x100)
“tooltip text” is optional
© 2023 Pico Quantitative Trading LLC. All rights reserved 265 .
=100x100 image will be height of 100x100 pixels
Images can be dimensioned after the image hyperlink.
Dimensions can be defined in % or px units, for example, 100% or 100 (for px units)
You can use 100%x* (*sets the height to auto based on the widget provided)
For example:
You can also use references. For example:
![alt text][id]
.
.
.
[id]: Image URL "tooltip text" =100x100
VIDEO
Use an exclamation mark (!) followed by a set of square brackets, containing the alt attribute text for the
video (shown if the video cannot be displayed for some reason) followed by a set of parentheses,
containing the URL or path to the Youtube video. You can also specify the video dimensions, using the
image dimension syntax to customize how the video is displayed.
Video content is rendered inside an iframe.
For example:
NOTE: Currently only Youtube is supported for embedding video.
Reference:
© 2023 Pico Quantitative Trading LLC. All rights reserved 266 .
![alt text][id]
.
.
.
[id]: https://www.youtube.com/watch?
v=video-id =100%x100%
NOTE: If you want to use Markdown characters in their literal sense, for example, to use underscore
characters for "a_file_name" (in this case Markdown translates the word ‘file’ to italics), escape the
relevant character(s) with a backslash symbol. For example, use: a\_file\_name
CANVAS-BASED DASHBOARD EXAMPLE
If you are adding a notes widget to a canvas-based dashboard, its location will always default to the top
left corner of the displayed screen.
In the following example, a simple text note with a yellow background is added:
<notes backgroundColor="Yellow" height="200" title="" width="300" x="-1114" y="-
464">
<content>This dashboard contains summary information for connection bandwidth
only</content>
</notes>
In the canvas dashboard you can see the widget is added to the top left of the displayed canvas.
© 2023 Pico Quantitative Trading LLC. All rights reserved 267 .
DEFINING A TOPN TABLE USING THE WIDGET
EDITOR
The TopN table widget enables you to display byte and packet counts for Top Applications, Top
Conversations, Top Listeners, Top Message Types and Top Talkers. The bytes results are displayed as a
bar graph and a number.
You can add a TopN table widget to a user-defined dashboard on the Dashboards or Inspect Data
screens by clicking and selecting Add a Widget.
Note: The Add a Widget option is only available for user defined dashboards.
NOTE: TopN tables do not support live view and multiple sessions.
Select the TopN icon from the widget menu. This opens a dashboard editor to the Add TopN window.
The example below shows the TopN table widget editor launched from the Dashboards screen.
© 2023 Pico Quantitative Trading LLC. All rights reserved 268 .
NOTE: When you open the widget editor for TopN you get a message advising you that TopN tables
are per session only (TopN tables do not support multiple sessions). If you add this widget to a
dashboard with multiple sessions enabled, the TopN table will remain empty with an alert message
"This table cannot show multiple sessions". To display results, you can add a filter to the dashboard to
only display a specific session. Alternatively, edit the Context Settings of your dashboard to make it a
per-session dashboard. See "Specifying Per-Session and Per-tag Dashboards - XML" on page 139.
The settings in the editor window are divided into required and optional settings. Using the guidelines
given below for each setting, make the appropriate updates to create the TopN table widget that you
require, then click SAVE to apply the changes and view your widget.
NOTE: You can view/edit the XML code for your widget from the GUI editor by clicking </> XML
VIEW. You must save your changes in the GUI editor before switching to XML editing mode and vice
versa.
You can also edit an existing user-defined TopN table widget using the GUI editor by clicking on the
arrow on the top right of the widget and selecting Edit. The widget editor will open an Edit TopN
Table window, containing the settings options below.
TopN Table Required Settings
To create a TopN table widget using the widget editor, you must configure some basic settings before you
will be allowed to save the new widget. These fields are generally indicated by a * or flagged as Required.
© 2023 Pico Quantitative Trading LLC. All rights reserved 269 .
NAME AND DIMENSIONS
Specify the title and dimensions of the TopN table widget.
Title
Specify the display name of the TopN table widget.
Height
Specify the height of the widget in the 12 unit wide dashboard layout grid. The default height is 2.
Width
Specify the width of the widget in the 12 unit wide dashboard layout grid. The default width is 4.
NOTE: The recommended minimum dimensions are: 4x2 (width x height). The recommended
maximum dimensions are: 12x4 (width x height).
SPECIFYING THE STATISTIC TO REPORT
Specify the statistic and session direction that you want to report in your widget. Click the dropdown menu
for Statistic Name to see the list of available statistics. You can select from Top Applications, Top
Conversations, Top Listeners, Top Message Types and Top Talkers, in the request or response session
direction.
Adding a Subtitle (Optional)
Subtitle
You can add an optional subtitle to the widget to clarify its purpose.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
Expanding the TopN Table in Exported Reports (Optional)
[Available on grid-based dashboards only from Corvil Analytics release 9.7.0]
By enabling the Expand vertically to show full content toggle switch, in the Expand PDF /
Scheduled Reporting section, the table will be automatically expanded vertically to show the maximum
number of rows in the table on a dashboard PDF export or scheduled report. If not selected (it is disabled
by default), the PDF/report will only show the topn rows visible on the dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 270 .
Advanced Settings
APPLYING TIME AND DATA FILTERS (OPTIONAL)
Your widget will use the time period and data filters set for the dashboard that it resides in. If you want to
use local time and data filters for your widget, you can set them here.
Setting a Time Filter
Enable Local Time Filter
You can set a time-related filter for your widget by selecting Enable Local Time Filter and selecting a
time period from the drop-down menu. The allowed options are described in Defining a Dashboard or
Widget Time Period in "Dashboard Context Settings - XML" on page 143. After setting and saving a local
time filter, the icon is displayed on top of the widget to indicate that the widget has its own time period
set.
NOTE: You cannot change the local time period for the TopN table by clicking on the icon. You
must edit it in the GUI widget editor.
Setting Data Filters
Enable Local Data Filters
You can set local data filters by selecting Enable Local Data Filters and adding filters, and/or you can
use the existing filters from the dashboard by setting the Inherit Global Filter button. Data filtering is
based on tags, tag-types, and sessions.
Refer to "Defining Data Filters" in "Dashboard Context Settings - XML" on page 143 for the full set of data
filters and some examples of how to apply them.
Inheriting Global Filters is enabled by default. After setting up local filters, the icon is displayed on
top of the widget to indicate that the widget has its own local data filters.
NOTE: On TopN widgets on Dashboard Views, TopN data is only available for time periods aligned to
30 minute boundaries. If the time period (or business hours) selected in the GUI does not align to a 30
minute boundary, the results displayed in the TopN chart will use a time period / business hours
adjusted to start and end on 30 minute boundaries. The end of the time period used by the TopN chart
is displayed in the "Last updated at ..." text shown below the chart. TopN widgets on Inspect Data
dashboards do not have this limitation.
© 2023 Pico Quantitative Trading LLC. All rights reserved 271 .
Example of a TopN Table Widget Using the Widget Editor
The example below shows the creation of a TopN table widget using the widget editor, and the resulting
widget on the dashboard UI.
From release 9.5.0, the Bytes column results include a bar visualization as well as a number.
© 2023 Pico Quantitative Trading LLC. All rights reserved 272 .
DEFINING A TOPN TABLE USING XML
Use the topNTable element to define a TopN table to display byte and packet counts for Top
Applications, Top Conversations, Top Listeners, Top Message Types and Top Talkers. In release 9.5.0 or
later, the bytes results are also displayed as a bar graph as well as a number.
The following example shows a table of top listeners:
Here's the equivalent XML:
<topNTable height=”2” title=”Top Listeners (in)” width=”6”>
<stat direction=”request” type=”top-listeners”/>
</topNTable>
Required Settings
The positioning of the elements within the XML configuration used to define your topN table widget must
follow the order below:
1. context (optional)
2. subtitle (optional)
3. stat
NAME AND DIMENSIONS
The TopN table widget specifies
title=""
Specifies the displayed name of the widget.
© 2023 Pico Quantitative Trading LLC. All rights reserved 273 .
height=""
Specifies the height of the widget.
width=""
Specifies the width of the widget.
NOTE: The recommended minimum dimensions are: 4x2 (width x height). The recommended
maximum dimensions are: 12x4 (width x height).
NOTE: TopN tables do not support live view and multiple sessions.
SPECIFYING THE STATISTIC TO REPORT
There are also parameters used to specify the reported statistic and session direction.
stat direction=""
Specifies the required session direction: request or response
stat type=""
Specifies the system-defined statistic to report.
The TopN table supports the following statistics:
l top-applications
l top-conversations
l top-listeners
l top-message-types
l top-talkers
Adding a Subtitle (Optional)
You can add an optional subtitle to the widget to clarify its purpose. Enter the subtitle text between
<subtitle></subtitle> tags and place it on a separate line AFTER the basic widget settings and
BEFORE any other tags.
© 2023 Pico Quantitative Trading LLC. All rights reserved 274 .
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
For example:
<topNTable height=”2” title=”Top Applications (in)” width=”6”>
<subtitle>Reporting rate information per application</subtitle>
<subtitle/>
<stat direction=”request” type=”top-applications”/>
</topNTable>
Expanding the TopN Table in Exported Reports (Optional)
[Available on grid-based dashboards only for Corvil Analytics release 9.7.x and later]
You can set a top-n table to be automatically expanded vertically to show up to maximum number of rows
on a dashboard PDF or report by setting the expandVerticallyInPdf attribute to "true". It is "false" by
default.
<topNTable expandVerticallyInPdf="true" height="2" title="New York" width="4">
<stat direction="request" type="top-conversations"/>
</topNTable>
Context Settings (Optional)
Top N tables can have an optional context element that specifies filtering and time-related settings,
similar to that available at the dashboard level.
For more information on the available filtering and time settings, please refer to the section "Dashboard
Context Settings - XML" on page 143
Example TopN Table Widgets
In the following example from the default dashboard configuration, the top applications seen on the Corvil
appliance's physical port A are displayed:
© 2023 Pico Quantitative Trading LLC. All rights reserved 275 .
Here's the corresponding XML configuration. In this case, the dashboard includes results for all Corvil
appliance physical ports, so to display results for PortA only, the filter is included:
<topNTable height="2" title="Top Applications - PortA" width="6">
<context inherits="true">
<filters>
<filter operator="is" session="true" value="PortA"/>
</filters>
</context>
<stat direction="request" type="top-applications"/>
</topNTable>
NOTE: On TopN widgets on Dashboard Views, TopN data is only available for time periods aligned to
30 minute boundaries. If the time period (or business hours) selected in the GUI does not align to a 30
minute boundary, the results displayed in the TopN chart will use a time period / business hours
adjusted to start and end on 30 minute boundaries. The end of the time period used by the TopN chart
is displayed in the "Last updated at ..." text shown below the chart. TopN widgets on Inspect Data
dashboards do not have this limitation.
DEFINING A PIE CHART USING THE WIDGET EDITOR
NOTE: Pie chart widgets can be added to grid-based and canvas-based dashboards. The widget
editor contents are slightly different depending on which type of dashboard you are adding the widget
to. These differences are highlighted below. Canvas-based dashboards are supported in 9.6.1 and
later releases.
Pie charts can show results for a specified statistic broken down by session or tag-type. The chart can
include an optional outer pie tier (the inner pie tier is mandatory). The pie chart can specify tag-types or
sessions that contribute to the inner and outer pie segments, and the primary statistic that contributes to
© 2023 Pico Quantitative Trading LLC. All rights reserved 276 .
the chart.
You can add a pie chart widget to a user-defined dashboard on the Dashboards screen by clicking
and selecting Add a Widget.
Note: The Add a Widget option is only available for user defined dashboards.
Note: Pie charts are not available for Inspect Data dashboards.
Select the Pie Chart icon from the widget menu. This opens a widget editor to the Add Pie Chart
window. The example below shows the pie chart widget editor launched from the Dashboards screen.
The settings in the editor window are divided into required and optional settings. Using the guidelines
given below for each setting, make the appropriate updates to create the pie chart that you require, then
click SAVE to apply the changes and view your pie chart.
© 2023 Pico Quantitative Trading LLC. All rights reserved 277 .
NOTE: You can view/edit the XML code for your chart from the widget editor by clicking </> XML
VIEW. You must save your changes in the GUI EDITING mode before switching to XML editing mode
and vice versa.
You can also edit an existing user-defined time series widget using the widget editor by clicking on the
arrow on the top right of the widget and selecting Edit. The widget editor will open an Edit Time
Series window, containing the settings options below.
Pie Chart Required Settings
To create a pie chart widget using the widget editor, you must configure some basic settings before you
will be allowed to save the new widget. These fields are generally indicated by a * or flagged as Required.
NOTE: If adding a pie chart to a canvas-based dashboard only the Statistic value and chart type are
mandatory.
NAME AND DIMENSIONS
Specify the title and dimensions of the pie chart widget.
Title
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specify the display name of the pie chart.
Height
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the height of the widget. The default height is 3.
Width
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the width of the widget. The default width is 3.
NOTE: For grid-based dashboards, the recommended minimum dimensions are: 3x3 (width x height).
The recommended maximum dimensions are: 12x4 (width x height).
For canvas-based dashboards, the dimensions are based on pixels and can only be changed in the
XML editor.
© 2023 Pico Quantitative Trading LLC. All rights reserved 278 .
DISPLAY STYLE
CHARTTYPE (REQUIRED)
Choose how you would like to display the pie chart.
The pie chart can specify tag-types or sessions that contribute to the inner (and outer, if configured) pie
segments:
Group by
Define a basic (inner) pie chart to break down the reported result by choosing a tag-type or sessions in the
Group by menu.
Optional Inner Pie
You can optionally create an outer pie that also breaks down the reported results by tag or session by
selecting an option from the Optional Inner Pie menu.
NOTE: If you select Sessions for the Group by (inner) statistic, you cannot select it for the outer tier
and vice versa.
SPECIFYING THE STATISTIC TO REPORT
Specify the statistic and session direction that you want to report in your widget. Click ADD STATISTICS
to see the list of available statistics. The statistics are grouped into Packet, Configurable, Message,
PNQM- Latency and Loss and TCP statistics, and most are available in the request and response session
direction. Enable Expand All to see the full list of statistics. You can filter the list of statistics by entering a
string in the Filter by name box on the top right of the ADD STATISTICS window.
To select a statistic for display, click ADD REQUEST or ADD RESPONSE for the required statistic. You
can only add one statistic for a pie chart widget. Once selected, the text in the ADD STATISTICS list will
have changed to green and will say RESPONSE/REQUEST ADDED.
If you want to display a different statistic, click CHANGE on the current statistic and select a different
statistic from the list.
© 2023 Pico Quantitative Trading LLC. All rights reserved 279 .
NOTE: Only available statistics are shown in the menu. If you want to see the unavailable statistics,
click Show Unavailable Statistics at the end of the statistics menu. This will show the unavailable
statistics in greyed out text. These statistics cannot be selected. For example, some configurable stats
may be hidden if the assigned sessions have been filtered in the dashboard.
NOTE: For more information on supported statistics, please refer to the section "Specifying Statistics
in Widgets Using XML" on page 317.
Adding a Subtitle (Optional)
Subtitle
You can add an optional subtitle to the widget to clarify its purpose.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
Changing the Session Display Name (Optional)
[Supported in release 9.5.x and later]
Session Display Name
The Session Display Name option allows you to use an alternative name for the session name displayed
on the pie chart and on the legend. The alternative display name is based on a tag defined for the session.
If you have already defined the tag name that you want to use for the session, click the toggle switch and
select the tag-type from the dropdown list. If you haven't yet defined a relevant tag for the session, use the
tooltip next to the toggle switch and click on the link that allows you to open the Manage Tags
administration page. Here you can add a tag to a session by selecting a tag-type and assigning a tag
value. The pie chart will display the tag name instead of the session name for sessions that have values
assigned for the selected tag-type. If a session doesn't have this tag-type defined, the original session
name will be displayed.
You can display the same session with a different name on other widgets by configuring and selecting a
different tag-type.
The new display name is not preserved on click-through to Inspect Data or Session dashboards.
NOTE: If you want to see the original name of a session, click on a point on the chart for that session.
The new display name and original session name are both shown in the tooltip.
© 2023 Pico Quantitative Trading LLC. All rights reserved 280 .
NOTE: The Session Display Name option is not available for widgets created on Inspect Data
dashboards or for any templated by session dashboards.
Changing the Statistic Display Names (Optional)
[Supported in release 9.6.x and later]
If you have configured dictionaries of custom statistic names for changing the display name for some of
your statistics, you can select which dictionary you want to use for your pie chart widget by enabling the
Use Custom Statistic Names toggle and selecting a dictionary from the list of configured dictionaries in
the dropdown menu.
Selecting this option replaces the system-defined or configurable statistic name displayed in the tooltip of
the chart with the new name configured in the selected dictionary.
NOTE: If you do not configure a dictionary for your widget, the dictionary selected for the dashboard is
used instead (if configured), otherwise, the global dictionary is used (if configured).
If you want to check, edit or create a new dictionary, you can open the Dashboard XML editor directly
from a GUI widget editor (for widgets that support custom statistic naming) by selecting the tooltip next to
Use Custom Statistic Names and clicking the Dashboards XML Configuration link.
Advanced Settings
APPLYING TIME AND DATA FILTERS (OPTIONAL)
Your pie chart will use the time period and data filters set for the dashboard that it resides in. If you want to
use local time and data filters for your pie chart, you can set them here.
© 2023 Pico Quantitative Trading LLC. All rights reserved 281 .
Setting a Time Filter
Enable Local Time Filter
You can set a time-related filter for your pie chart by selecting Enable Local Time Filter and selecting a
time period from the drop-down menu. The allowed options are described in Defining a Dashboard or
Widget Time Period in "Dashboard Context Settings - XML" on page 143. After setting and saving a local
time filter, the icon is displayed on top of the widget to indicate that the widget has its own time period
set.
NOTE: If you want to change the time period on the widget, you can click the or icon and make
a different selection. However, this does not override the local time period selected in the GUI widget
editor page. If you now edit and save changes to the widget using the GUI widget editor, the time
period will be reset to the value that you had originally selected in the GUI editor. If you want to keep
using the locally selected time period, ensure that you also set it within the widget editor.
Setting Data Filters
Enable Local Data Filters
You can set local data filters by selecting Enable Local Data Filters and adding filters, and/or you can
use the existing filters from the dashboard by setting the Inherit Global Filter button. Data filtering is
based on tags, tag-types, and sessions.
Refer to "Defining Data Filters" in "Dashboard Context Settings - XML" on page 143 for the full set of data
filters and some examples of how to apply them.
Inheriting Global Filters is enabled by default. After setting up local filters, the icon is displayed on
top of the widget to indicate that the widget has its own local data filters.
NAVIGATING TO INSPECT DATA VIEWS (OPTIONAL)
Inspect Data Target View
You can set a target view when navigating to Inspect Data from a data point on the chart. The view that is
opened in Inspect Data can be pre-selected by selecting one of the view options under Inspect Data
Target View. If you do not select an option here, the dashboard click through view will be used. If the
dashboard's view does not exist, or none is given, then the first Inspect Data view defined is opened.
© 2023 Pico Quantitative Trading LLC. All rights reserved 282 .
Example of a Pie Chart Widget Using the Widget Editor
The example below shows the creation of a pie chart using the widget editor, and the resulting chart on
the dashboard UI.
© 2023 Pico Quantitative Trading LLC. All rights reserved 283 .
DEFINING A PIE CHART USING XML
NOTE: Pie chart widgets can be added to grid-based and canvas-based dashboards. Canvas-based
dashboards require additional XML attributes highlighted below. Canvas-based dashboards are
supported in 9.6.1 and later releases.
You can add a pie chart widget to a user-defined dashboard on the Dashboards screen by clicking
and selecting Add a Widget. Select the Pie Chart icon from the widget menu to open the pie chart
widget editor. Click </> XML VIEW to view/edit the XML code for your chart. You can also define a pie
chart for a dashboard by editing the Dashboard XML (select System Administration mode, then the
Dashboards editor).
Pie charts can show results for a specified statistic broken down by session or tag-type. The chart can
include an optional outer pie tier (the inner pie tier is mandatory). Use the pieChart element to define a
pie chart widget.
The pie chart can specify tag-types or sessions that contribute to the inner and outer pie segments, and
the primary statistic that contributes to the chart.
© 2023 Pico Quantitative Trading LLC. All rights reserved 284 .
Pie charts are not available for Inspect Data dashboards.
In the following example, appropriately-tagged session message counts are grouped and reported by
venue:
Here's the equivalent XML:
<pieChart height=”3” title=”Requests” width=”6”>
<innerPie tagType=”Venue”/>
<primaryStat direction=”request” type=”message-count”/>
</pieChart>
Required Settings
The positioning of the elements within the XML configuration used to define your pie chart widget must
follow the order below:
1. context (optional)
2. subtitle (optional)
3. innerPie
© 2023 Pico Quantitative Trading LLC. All rights reserved 285 .
4. outerPie (optional)
5. primaryStat
NAME AND DIMENSIONS
The pie chart widget specifies
title=""
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specifies the displayed name of the widget.
height=""
Specifies the height of the widget.
The range is 100 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 4 on grid-based dashboards.
width=""
Specifies the width of the widget.
The range is 200 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 12 on grid-based dashboards.
NOTE: For grid-based dashboards, the recommended minimum dimensions are: 3x3 (width x height).
The recommended maximum dimensions are: 12x4 (width x height).
For canvas-based dashboards, the dimensions are based on pixels. The default dimensions are:
300x300 (width x height). The minimum dimensions are 200x100 (width x height) and the maximum
dimensions are 4000x4000
POSITION ON CANVAS
[Mandatory for canvas-based dashboards. Not supported for grid-based dashboards]
The x and y attributes determine the position of the widget on the canvas dashboard, where the center
point of the canvas is at coordinates x="0", y="0". When you add a widget it is placed by default in the top
left corner of the displayed canvas screen.
x=""
© 2023 Pico Quantitative Trading LLC. All rights reserved 286 .
Specifies the x coordinate or horizontal position of the widget on the canvas. Attribute “x” must be
between -5000 and 5000.
y=""
Specifies the y coordinate or vertical position of the widget on the canvas. Attribute “y” must be between -
5000 and 5000.
NOTE: On canvas-based dashboards, be aware that changing the height and width or x and y
attributes using XML can result in the widget overlapping other elements on the dashboard (this also
happens if you use the mouse to resize or move a widget on the canvas). If this is not intended, you
can reposition the widget or the overlapped elements later when you view the canvas.
DEFINING THE PIE CHART STRUCTURE
The pie chart can specify tag-types or sessions that contribute to the inner (and outer, if configured) pie
segments:
innerPie tagType=""
Defines a basic pie chart that breaks reported results down by the chosen defined tag-type.
innerPie sessions="true"
Defines a basic pie chart that breaks down reported results by session.
outerPie tagType=""
Defines a pie chart that also includes an outer pie that breaks reported results down by the chosen
defined tag-type.
outerPie sessions="true"
Defines a pie chart that also includes an outer pie that breaks down reported results by session.
SPECIFYING THE STATISTIC TO REPORT
[Mandatory for grid-based and canvas-based dashboards]
There are also parameters used to specify the reported statistic and session direction.
© 2023 Pico Quantitative Trading LLC. All rights reserved 287 .
primaryStat direction=""
Specifies the required session direction: request or response
primaryStat type=""
Specifies the system-defined statistic to report.
primaryStat name=""
Specifies the name of a configurable statistic to report.
Pie charts support measure-count and measure-total configurable statistics and the following:
Statistic Name Dashboard Editing Statistic Name Lens
message-sequence-gap Gaps
message-sequence-count Sequences
message-count Messages
tcp-out-of-sequence-packet-count TCP OOS
tcp-zero-window-packet-count TCP Zero Window
packet-count Packets
Adding a Subtitle (Optional)
You can add an optional subtitle to the widget to clarify its purpose. Enter the subtitle text between
<subtitle></subtitle> tags and place it on a separate line AFTER the basic widget settings and
BEFORE any other tags.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
For example, here's a pie chart with a subtitle:
© 2023 Pico Quantitative Trading LLC. All rights reserved 288 .
Here's the equivalent XML:
<pieChart height=”3” title=”Requests” width=”6”>
<subtitle>Count of request messages per Venue</subtitle>
<innerPie tagType=”Venue”/>
<primaryStat direction=”request” type=”message-count”/>
</pieChart>
Changing the Session Display Name (Optional)
[Supported in release 9.5.x and later]
The displayNameTagType attribute allows you to use an alternative name for the session name
displayed on the pie chart and on the legend. The alternative display name is based on a tag defined for
the session. Set the attribute to the tag-type that you want to use for renaming the session.
For example, the pie chart here will display the tag name in tag-type "User" instead of the session name,
for any sessions configured with this tag-type. If a session doesn't have this tag type defined, the original
session name will be displayed.
<pieChart displayNameTagType="User" height=”3” title=”Requests” width=”6”>
<subtitle>Count of request messages per Venue</subtitle>
<innerPie tagType=”Venue”/>
<primaryStat direction=”request” type=”message-count”/>
</pieChart>
© 2023 Pico Quantitative Trading LLC. All rights reserved 289 .
You can define a tag-type and tag value for a session on the Manage Tags administration page or via CLI
command.
You can display the same session with a different name on other widgets by configuring a different tag-
type.
The new display name is not preserved on click-through to Inspect Data or Session dashboards.
NOTE: If you want to see the original name of a session, click on a point on the chart for that session.
The new display name and original session name are both shown in the tooltip.
NOTE: This attribute is not available for widgets created on Inspect Data dashboards or for any
templated by session dashboards.
Changing the Statistic Display Names (Optional)
[Supported in release 9.6.x and later]
If you have configured dictionaries of custom statistic names for changing the display name for some of
your statistics, you can select which dictionary you want to use for your pie chart widget using the
statConfig attribute. The list of available dictionaries is listed when you type the attribute.
Selecting this option replaces the system-defined or configurable statistic name displayed in the tooltip of
the chart with the new name configured in the selected dictionary.
NOTE: If you do not configure a dictionary for your widget, the dictionary selected for the dashboard is
used instead (if configured), otherwise, the global dictionary is used (if configured).
Context Settings (Optional)
Pie charts can have an optional context element that specifies filtering and time-related settings, similar
to that available at the dashboard level.
For more information on the available filtering and time settings, please refer to the section "Dashboard
Context Settings - XML" on page 143.
Example Pie Chart Widgets
In the following example, the pie chart displays packet byte counts for each protocol and server:
© 2023 Pico Quantitative Trading LLC. All rights reserved 290 .
Here's the corresponding XML configuration:
<pieChart height="3" title="Network Bytes: Client to server" width="3">
<innerPie tagType="Server"/>
<outerPie tagType="Protocol"/>
<primaryStat direction="request" type="packet-bytes"/>
</pieChart>
In the following example, the pie chart displays message counts for each protocol:
© 2023 Pico Quantitative Trading LLC. All rights reserved 291 .
Here's the corresponding XML configuration:
<pieChart height="4" title="Protocol Message Count" width="7">
<innerPie tagType="Protocol"/>
<primaryStat direction="request" type="message-count"/>
</pieChart>
In the following example, the pie chart displays message counts for each session:
© 2023 Pico Quantitative Trading LLC. All rights reserved 292 .
Here's the corresponding XML configuration:
<pieChart height="4" title="Message Count" width="7">
<innerPie sessions="true"/>
<primaryStat direction="request" type="message-count"/>
</pieChart>
In the following example, a pie chart displays statistics with customized names:
© 2023 Pico Quantitative Trading LLC. All rights reserved 293 .
Here's the corresponding XML configuration. In this example, the selected dictionary "spanish", contains
custom names for the Orders statistics. The "Cancels" statistic, with custom name "Ordenes Canceladas",
can be seen on the tooltip when you hover the cursor over the chart:
<pieChart height="3" statsConfig="spanish" title="Orders Info" width="3">
<innerPie sessions="true"/>
<primaryStat direction="request" name="Cancels"/>
</pieChart>
CANVAS-BASED DASHBOARD EXAMPLE
If you are adding a pie chart widget to a canvas-based dashboard, its location will always default to the top
left corner of the displayed screen.
In the following example, a simple pie chart widget is added, displaying request packet bytes for each
session:
<pieChart height="300" title="" width="300" x="-1290" y="-401">
<innerPie sessions="true"/>
<primaryStat direction="request" type="packet-bytes"/>
</pieChart>
© 2023 Pico Quantitative Trading LLC. All rights reserved 294 .
In the canvas dashboard you can see the widget is added to the top left of the displayed canvas.
DEFINING RECENT STREAM EVENTS USING THE
WIDGET EDITOR
The recent events widget specifies a Corvil Stream name and one or more events in that stream to
monitor.
You can add a recent events widget to a user-defined dashboard on the Dashboards screen by clicking
and selecting Add a Widget.
Note: The Add a Widget option is only available for user defined dashboards.
Note: The recent events widget is not supported on Corvil Management Center and not available for
Inspect Data dashboards.
Select the Recent Events icon from the widget menu. This opens a dashboard editor to the Add Recent
Events window. The example below shows the recent events widget editor launched from the
Dashboards screen.
© 2023 Pico Quantitative Trading LLC. All rights reserved 295 .
The settings in the editor window are divided into required and optional settings. Using the guidelines
given below for each setting, make the appropriate updates to create the recent events widget that you
require, then click SAVE to apply the changes and view your widget.
NOTE: You can view/edit the XML code for your widget from the GUI editor by clicking XML VIEW.
You must save your changes in the GUI editor before switching to XML editing mode and vice versa.
You can also edit an existing user-defined recent events widget using the GUI editor by clicking on the
arrow on the top right of the widget and selecting Edit. The widget editor will open an Edit Recent
Events window, containing the settings options below.
Recent Events Required Settings
To create a recent events widget using the widget editor, you must configure some basic settings before
you will be allowed to save the new widget. These fields are generally indicated by a * or flagged as
Required.
NAME AND DIMENSIONS
Specify the title and dimensions of the recent events widget.
Title
Specify the display name of the recent events widget.
© 2023 Pico Quantitative Trading LLC. All rights reserved 296 .
Height
Specify the height of the widget. The default height 2.
Width
Specify the width of the widget. The default width is 4.
NOTE: The recommended minimum dimensions are: 4x2 (width x height). The recommended
maximum dimensions are: 12x4 (width x height).
SPECIFYING THE STREAM EVENTS TO REPORT
Specify the stream events that you want to report in your widget. Select a stream from the Stream Name
drop down list. Select the Events that you want to report on and click ADD. You can select a number of
events. For each event you can also select an optional Field Name to display. If you do not select a field
name, the event type is displayed.
The event and field names listed match those configured in the relevant Corvil Stream event in the CLI.
For example, in the MarketData stream specified below, there is an OrderCancelRequest event, which
has the following configuration in the CLI:
event OrderCancelRequest
string SrcIP
string DstIP
string ClOrdID
string SecurityID
string CorrelatedId
unsigned-integer CorvilOrderId
string Symbol
unsigned-integer OrderQty
Any of these fields can be specified in the widget configuration.
Adding a Subtitle (Optional)
Subtitle
You can add an optional subtitle to the widget to clarify its purpose.
© 2023 Pico Quantitative Trading LLC. All rights reserved 297 .
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
Violation Reporting (Optional)
Click the Filter by violations toggle switch to only report Stream events that are in violation of a defined
threshold.
Advanced Settings
APPLYING A TIME FILTER (OPTIONAL)
Your widget will use the time period filter set for the dashboard that it resides in. If you want to use a local
time filter for your widget, you can set it here.
Setting a Time Filter
Enable Local Time Filter
You can set a time-related filter for your recent events widget by selecting Enable Local Time Filter and
selecting a time period from the drop-down menu. The allowed options are described in Defining a
Dashboard or Widget Time Period in "Dashboard Context Settings - XML" on page 143. After setting and
saving a local time filter, the icon is displayed on top of the widget to indicate that the widget has its
own time period set.
NOTE: If you want to change the time period on the widget, you can click the or icon and make
a different selection. However, this does not override the local time period selected in the GUI widget
editor page. If you now edit and save changes to the widget using the GUI widget editor, the time
period will be reset to the value that you had originally selected in the GUI editor. If you want to keep
using the locally selected time period, ensure that you also set it within the widget editor.
NOTE: The Recent Stream Events widget does not support the business hours reporting feature
introduced in release 9.5.0.
© 2023 Pico Quantitative Trading LLC. All rights reserved 298 .
Example of a Recent Events Widget Using the Widget Editor
The example below shows the creation of a recent events widget using the GUI widget editor, and the
resulting widget on the dashboard UI.
© 2023 Pico Quantitative Trading LLC. All rights reserved 299 .
DEFINING RECENT STREAM EVENTS USING XML
You define a Recent Events widget using the recentEvents element. The Recent Events widget
specifies a Corvil Stream name and one or more events in that stream to monitor.
The Recent Events widget is not supported on Corvil Management Center and is not available for Inspect
Data dashboards.
In the following example, a live stream of events named Malicious Indicators (LIVE) is displayed, showing a
list of event types, a description of the event and a timestamp:
Here is the equivalent XML, specifying the name of the source Stream (Threat Detection), the Stream
event types (Emerging Threats and iSIGHTPartners) and the contents of a specified event field (the
Indicates field) to report. This example also includes context settings specifying that the widget is set to
live mode and the age of displayed data is no more than ten minutes:
<recentEvents analyticsStreamName=”Threat Detection” height=”2” title=”Malicious
Indicators (LIVE)” width=”6”>
<context inherits=”true”>
<time>
<liveMode historySize=”10 min”/>
</time>
</context>
<event field=”Indicates”>Emerging_Threats</event>
<event field=”Indicates”>iSIGHTPartners</event>
</recentEvents>
Required Settings
The positioning of the elements within the XML configuration used to define your recent stream events
widget must follow the order below:
© 2023 Pico Quantitative Trading LLC. All rights reserved 300 .
1. context (optional)
2. subtitle (optional)
3. event
STREAM NAME, WIDGET NAME AND DIMENSIONS
analyticsStreamName=""
Specifies the name of the Corvil Stream from which to display events.
title=""
Specifies the displayed name of the widget.
height=""
Specifies the height of the widget.
width=""
Specifies the width of the widget.
NOTE: The recommended minimum dimensions are: 4x2 (width x height). The recommended
maximum dimensions are: 12x4 (width x height).
SPECIFYING THE STREAM EVENTS TO REPORT
Use the event element to specify the Stream events to report. For example:
<recentEvents title="Recent Events" width="4" height="4"
analyticsStreamName="Alpha">
<event>AlphaAll</event>
<event>anotherEvent</event>
</recentEvents>
For each of the stream events an optional field attribute can be included to specify any of the defined
event fields. This must match the name of the field of interest as configured in the relevant Corvil Stream
event in the CLI.
For example, in the Alpha stream specified above, there is an AlphaAll event, which has the following
configuration in the CLI:
© 2023 Pico Quantitative Trading LLC. All rights reserved 301 .
event AlphaAll
string type
string account
string currency
string symbol
string senderIP
unsigned-integer senderPORT
string receiverIP
unsigned-integer receiverPORT
report-statistic latency
report-statistic loss
report-statistic message-sequence-gap
Any of these fields can be specified in the widget configuration. For example:
<recentEvents title="Recent Events" width="4" height="4"
analyticsStreamName="Alpha">
<event field="message-sequence-gap">AlphaAll</event>
</recentEvents>
The field attribute is optional and, if not present, the event type is displayed.
Adding a Subtitle (Optional)
You can add an optional subtitle to the widget to clarify its purpose. Enter the subtitle text between
<subtitle></subtitle> tags and place it on a separate line AFTER the basic widget settings and
BEFORE any other tags.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
For example:
<recentEvents analyticsStreamName=”TradingEvents” height=”4” title=”Trading
Events” width=”4” violations=”true”>
<subtitle>Report trades with venue response latency over 250ms</subtitle>
<event>Trades</event>
</recentEvents>
© 2023 Pico Quantitative Trading LLC. All rights reserved 302 .
Violation Reporting (Optional)
Use the violations="true" parameter to only report Stream events that are in violation of a defined
threshold.
In the following example, a Recent Events widget named Cancel Latency displays only those events from
the Stream named TradingAlerts where the measured latency value exceeds the defined threshold:
<recentEvents analyticsStreamName=”TradingAlerts” height=”3” title=”Cancel
Latency” violations=”true” width=”4”>
Context Settings (Optional)
Recent Event widgets can have an optional context element that specifies filtering and time-related
settings, similar to that available at the dashboard level.
For more information on the available filtering and time settings, please refer to the section "Dashboard
Context Settings - XML" on page 143.
Example Recent Events Widget
In the following example, Slow_Transaction events from a Corvil Stream named Database are displayed:
© 2023 Pico Quantitative Trading LLC. All rights reserved 303 .
Here's the corresponding XML configuration:
<recentEvents analyticsStreamName="Database" height="3" title="Slow Queries"
width="6">
<event>Slow_Transaction</event>
</recentEvents>
DEFINING A MESSAGE/PACKET TABLE USING THE
WIDGET EDITOR
[From Corvil Analytics release 9.7.0, the message table has been replaced with a combined
message/packet table. For earlier releases, the widget created is for a message table only]
Message/Packet tables can be included (in Inspect Data dashboards only) by simply specifying a title,
width and height.
NOTE: Message and/or packet results are displayed for a session depending on how the session has
been configured (for example, if the session is not configured to measure messages or to include
packets).
NOTE: The message/packet table widget is only available for Inspect Data dashboards and only one
table can be added per dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 304 .
You can add a message/packet table widget to a user-defined dashboard on Inspect Data by clicking
and selecting Add a Widget.
NOTE: The Add a Widget option is only available for user-defined dashboards.
Select the Message/Packet Table icon from the widget menu. This opens a dashboard editor to the Add
Message/Packet Table window. The example below shows the message/packet table widget editor
launched from an Inspect Data dashboard.
The settings in the editor window are divided into required and optional settings. Using the guidelines
given below for each setting, make the appropriate updates to create the message/packet table widget
that you require, then click SAVE to apply the changes and view your widget.
NOTE: You can view/edit the XML code for your widget from the widget editor by clicking </> XML
VIEW. You must save your changes in the widget editor before switching to XML editing mode and
vice versa.
You can also use the widget editor to edit an existing user-defined message/packet table widget by
clicking on the arrow on the top right of the widget and selecting Edit. The widget editor will open an
© 2023 Pico Quantitative Trading LLC. All rights reserved 305 .
Edit Message/Packet Table window, containing the settings options below.
Message/Packet Table Required Settings
When you create a message/packet table widget using the widget editor, you must configure some basic
settings before you will be allowed to save the new widget. These fields are generally indicated by a * or
flagged as Required.
NAME AND DIMENSIONS
Specify the title and dimensions of the message/packet table widget.
Title
Specify the display name of the message/packet table widget.
Height
Specify the height of the widget. The default height is 2.
Width
Specify the width of the widget. The default width is 6.
NOTE: The recommended minimum dimensions are: 6x2 (width x height). The recommended
maximum dimensions are: 12x10 (width x height).
Adding a Subtitle (Optional)
Subtitle
You can add an optional subtitle to the widget to clarify its purpose.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
Showing or Hiding Empty Columns (Optional)
Show Empty Columns
© 2023 Pico Quantitative Trading LLC. All rights reserved 306 .
The message/packet table hides columns that contain no values. This is the default setting. To display
columns that have no values in the table, enable Show Empty Columns by clicking the toggle switch.
Example of a Message/Packet Table Widget Using the Widget Editor
The example below shows the creation of a message/packet table widget using the widget editor, and the
resulting widget on an Inspect Data dashboard.
DEFINING A MESSAGE/PACKET TABLE USING XML
[From Corvil Analytics release 9.7.0, the message table has been replaced with a combined
message/packet table. For earlier releases, the widget created is for a message table only]
Message/Packet tables can be included (in Inspect Data dashboards only) by simply specifying a title,
width and height.
© 2023 Pico Quantitative Trading LLC. All rights reserved 307 .
NOTE: Message and/or packet results are displayed for a session depending on how the session has
been configured (for example, if the session is not configured to measure messages or to include
packets).
Required Settings
NAME AND DIMENSIONS
title=""
Specifies the displayed name of the widget.
height=""
Specifies the height of the widget.
width=""
Specifies the width of the widget.
NOTE: The recommended minimum dimensions are: 6x2 (width x height). The recommended
maximum dimensions are: 12x10 (width x height).
Showing or Hiding Empty Columns (Optional)
By default, the message/packet table hides columns that contain no values. To display columns that have
no values in the message/packet table, use the showEmptyColumns=true setting.
You can edit message/packet table XML by opening the GUI widget editor for the message/packet table
widget and selecting XML View. You can also use the System Administration - Dashboards screen
to edit message/packet table XML.
For example:
<messagesTable height=”4” title=”Messages/Packets” width=”12”
showEmptyColumns=”true”/>
Use the (default) showEmptyColumns=false setting to hide empty columns.
© 2023 Pico Quantitative Trading LLC. All rights reserved 308 .
Example Message/Packet Table
The following example shows a per-session Inspect Data dashboard named Messages and Packets
that includes a message/packet table.
Here's the corresponding XML configuration for dashboard. This Inspect Data dashboard is set to show
results for the last hour and includes a time-series chart of message counts named Message Count and
a message table named Message/Packet – Analytics.
<dashboard groupName="VIEWS" hidden="true" layout="grid" name="Messages and
Packets" source="user" type="networkdata">
<templating by="session"/>
<timeSeriesChart area="false" height="2" preferredResolution="default"
showLegend="true" showThreshold="true" stacked="false" title="Message Count"
width="12">
<stat direction="request" type="message-count"/>
</timeSeriesChart>
<messagesTable height="3" showEmptyColumns="false" title="Messages/Packet
- Analytics" width="12"/>
</dashboard>
DEFINING AN ACTION WIDGET USING THE WIDGET
EDITOR
NOTE: Action widgets can be added to grid-based and canvas-based dashboards. The widget editor
contents are slightly different depending on which type of dashboard you are adding the widget to.
These differences are highlighted below. Canvas-based dashboards are supported in 9.6.1 and later
releases.
The Action widget enables you to display specific Actions on a dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 309 .
You can add an Action widget to a user-defined dashboard on the Dashboards or Inspect Data screens by
clicking and selecting Add a Widget.
NOTE: The Add a Widget option is only available for user defined dashboards.
Select the Action icon from the widget menu. This opens a dashboard editor to the Add Action window.
The example below shows the Action widget editor launched from the Dashboards screen.
The settings in the editor window are divided into required and optional settings. Using the guidelines
given below for each setting, make the appropriate updates to create the big number widget that you
require, then click SAVE to apply the changes and view your widget.
NOTE: You can view/edit the XML code for your chart from the widget editor by clicking </> XML
VIEW. You must save your changes in the GUI EDITING mode before switching to XML editing mode
and vice versa.
You can also edit an existing user-defined Action widget using the widget editor by clicking on the
arrow on the top right of the widget and selecting Edit. The widget editor will open an Edit Action
window, containing the settings options below.
© 2023 Pico Quantitative Trading LLC. All rights reserved 310 .
Action Widget Required Settings
To create an Action widget using the widget editor, you must configure some basic settings before you will
be allowed to save the new widget. These fields are generally indicated by a * or flagged as Required.
NOTE: If adding an Action widget to a canvas-based dashboard only the Action type and in some
cases, parameters are mandatory.
NAME AND DIMENSIONS
Specify the title and dimensions of the Action widget.
Title
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specify the display name of the Action widget.
Height
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the height of the widget. The default height is 2.
Width
[Not displayed in the widget editor for canvas-based dashboards. See note]
Specify the width of the widget. The default width is 4.
NOTE: For grid-based dashboards, the recommended minimum dimensions are: 4x2 (width x height).
The recommended maximum dimensions are: 12x10 (width x height).
For canvas-based dashboards, the dimensions are based on pixels and can only be changed in the
XML editor.
SPECIFYING THE ACTION TO DISPLAY
[Mandatory for grid-based and canvas-based dashboards]
Specify the Action that you want to display in your widget. Click Select an Option to see the list of
Actions that can be displayed as a widget.
© 2023 Pico Quantitative Trading LLC. All rights reserved 311 .
SPECIFYING THE PARAMETER TO DISPLAY FOR THE ACTION
[Mandatory for grid-based and canvas-based dashboards, where required]
For some Actions you must set a parameter to configure what is displayed on the widget. Under
Parameters, click ADD PARAMETER, then enter a Parameter Name and the required Parameter
Value for any mandatory and optional parameters that you want to set. For some Actions, the parameter
names are already displayed and parameter values can entered or selected from a drop-down menu.
NOTE: Refer to the Corvil Actions Guide or the specific Action topic for details about the parameters
for your Action. Not all Actions require parameters to be set.
Adding a Subtitle (Optional)
Subtitle
You can add an optional subtitle to the widget to clarify its purpose.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
Example of an Action Widget Using the Widget Editor
The example below shows the creation of an Action widget using the widget editor, and the resulting
widget on the dashboard. The example shows a Network Health widget. No parameters are required for
this Action.
© 2023 Pico Quantitative Trading LLC. All rights reserved 312 .
Refer to the Corvil Actions Guide for information on how to use specific Actions.
DEFINING AN ACTION WIDGET USING XML
NOTE: Action widgets can be added to grid-based and canvas-based dashboards. Canvas-based
dashboards require additional XML attributes highlighted below. Canvas-based dashboards are
supported in 9.6.1 and later releases.
You can add an Action widget to a user-defined dashboard on the Dashboards screen by clicking
and selecting Add a Widget. Select the Action icon from the widget menu to open the Action widget
editor. Click </> XML VIEW to view/edit the XML code for your chart. You can also define an Action
widget for a dashboard by editing the Dashboard XML (select System Administration mode, then the
Dashboards editor).
You define an Action widget using the action element.
© 2023 Pico Quantitative Trading LLC. All rights reserved 313 .
In the following example, the dashboard shows an Action widget for the Action TCP Health:
Here is the equivalent XML configuration:
<action height="6" name="Analyze/tcp-health" title="TCP Health" width="12">
<subtitle>State of TCP Connections</subtitle>
</action>
Action Widget Required Settings
The positioning of the elements within the XML configuration used to define your Action widget must follow
the order below:
1. subtitle (optional)
2. parameter (required for some Actions)
NOTE: The context element is not supported in the Action XML.
NAME AND DIMENSIONS
The Action widget settings define:
title=""
[Mandatory for grid-based dashboards. Optional for canvas-based dashboards]
Specifies the displayed name of the widget.
height=""
Specifies the height of the widget.
The range is 100 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 10 on grid-based dashboards.
width=""
© 2023 Pico Quantitative Trading LLC. All rights reserved 314 .
Specifies the width of the widget.
The range is 200 to 4000 (pixels) on dashboards with a canvas layout.
The range is 1 to 12 on grid-based dashboards.
NOTE: For grid-based dashboards, the recommended minimum dimensions are: 4x2 (width x height).
The recommended maximum dimensions are: 12x10 (width x height).
For canvas-based dashboards, the dimensions are based on pixels. The default dimensions are:
300x300 (width x height). The minimum dimensions are 200x100 (width x height) and the maximum
dimensions are 4000x4000.
POSITION ON CANVAS
[Mandatory for canvas-based dashboards. Not supported for grid-based dashboards]
The x and y attributes determine the position of the widget on the canvas dashboard, where the center
point of the canvas is at coordinates x="0", y="0". When you add a widget it is placed by default in the top
left corner of the displayed canvas screen.
x=""
Specifies the x coordinate or horizontal position of the widget on the canvas. Attribute “x” must be
between -5000 and 5000.
y=""
Specifies the y coordinate or vertical position of the widget on the canvas. Attribute “y” must be between -
5000 and 5000.
NOTE: On canvas-based dashboards, be aware that changing the height and width or x and y
attributes using XML can result in the widget overlapping other elements on the dashboard (this also
happens if you use the mouse to resize or move a widget on the canvas). If this is not intended, you
can reposition the widget or the overlapped elements later when you view the canvas.
SPECIFYING THE ACTION TO DISPLAY
[Mandatory for grid-based and canvas-based dashboards]
Specify the Action that you want to display in your widget.
© 2023 Pico Quantitative Trading LLC. All rights reserved 315 .
name=""
Specifies the Action group name and name of the Action, separated by a '/'. For example:
name="Action group name/Action name"
SPECIFYING THE PARAMETER TO DISPLAY FOR THE ACTION
[Mandatory for grid-based and canvas-based dashboards, where required]
There are also parameters used to specify what is displayed for a specific Action. Setting the parameter
value is mandatory for some Actions. Enter the parameter settings within the <parameter></> tags.
name=""
Specifies the name of the parameter
value=""
Specifies the parameter value
Adding a Subtitle (Optional)
You can add an optional subtitle to the widget to clarify its purpose. Enter the subtitle text between
<subtitle></subtitle> tags and place it on a separate line AFTER the basic widget settings and
BEFORE the parameter tag.
Subtitles have a limit of 250 characters. If the subtitle is longer than the widget width you can hover over
the visible subtitle text to see the remainder of the string.
Here is an XML configuration showing subtitle and parameter configuration for the Authentication
Heatmap Action widget:
<action height="6" name="Analyze/auth-heatmap" title="Authentication" width="12">
<subtitle>Successful User Logins</subtitle>
<parameter name="dataset" value="user-succeeded"/>
</action>
CANVAS-BASED DASHBOARD EXAMPLE
If you are adding an Action widget to a canvas-based dashboard, its location will always default to the top
left corner of the displayed screen.
In the following example, a Network Health table is added with default parameter settings:
© 2023 Pico Quantitative Trading LLC. All rights reserved 316 .
<action height="400" name="Analyze/network-health" title="" width="800" x="-756"
y="-450">
<parameter name="max_number_of_rows" value="100"/>
<parameter name="column_names" value=""/>
<parameter name="default_aggregation" value="Applications"/>
<parameter name="default_cql_filter" value=""/>
<parameter name="default_sort_by_column" value="Bitrate"/>
<parameter name="default_sort_by_clientserver" value="Server"/>
<parameter name="default_sort_order" value="desc"/>
<parameter name="default_sort_by_min-mean-max" value="min"/>
<parameter name="default_table" value="tcp"/>
</action>
In the canvas dashboard you can see the widget is added to the top left of the displayed canvas.
SPECIFYING STATISTICS IN WIDGETS USING XML
The following section describes how statistics are specified in the various widgets using XML.
The topN tables widget allows only the list of top statistics:
l top-applications
l top-conversations
l top-listeners
l top-message-types
l top-talkers
© 2023 Pico Quantitative Trading LLC. All rights reserved 317 .
The pieChart and timeSeriesChart specify a statistic which has
l a required direction (request|response)
l a name
l a type
l and an optional ‘displayAs’ which allows the specification of a different display label for that
statistic on the particular widget.
If the statistic is one of the fixed statistics then the type attribute has to correspond to the name of the
statistic. If the statistic is one of the configurable statistics then the name attribute specifies the name of
the configurable statistic.
Min/mean/max configurable statistics and distribution types must specify one or more aspects
min|mean|max in the case of both distribution and min/mean/max configurable statistics, and additionally
a percentile for distribution statistics, with a corresponding percentile value.
For example, here’s a latency distribution statistic specified using the type attribute with two aspect types
(maximum and 99th percentile):
<stat direction="request" type="latency">
<aspect type="percentile" value="99"/>
<aspect type="max"/>
</stat>
Here's an example of a min/mean/max configurable statistic specified using the name attribute with two
aspect types (maximum and 99th percentile):
<stat direction="request" name="My-min-mean-max-stat">
<aspect type="percentile" value="99"/>
<aspect type="max"/>
</stat>
The Session table uses an almost identical scheme but allows an optional sort attribute
(ascending|descending) on the statistic. This can be either on the <stat/> element if there are no
aspects, or otherwise on one of the aspects. This dictates the sort order of the table.
In addition the <stat/> element can optionally have
l a displayAs attribute, which allows the specification of a different display label for that stat-
istic on the particular widget. This can only be set to bar
l a minWidthPixels attribute, which can be between 60 and 400
© 2023 Pico Quantitative Trading LLC. All rights reserved 318 .
For example, here's a latency statistic (including maximum and 99th percentile values) with sorting
specified:
<stat direction="request" type="latency">
<aspect type="percentile" value="99" sort="ascending"/>
<aspect type="max"/>
</stat>
Here's an example of a min/mean/max configurable statistic specified using the name attribute with two
aspect types (maximum and 99th percentile) and sorting applied:
<stat direction="request" name="My-min-mean-max-stat">
<aspect type="percentile" value="99" sort="ascending"/>
<aspect type="max"/>
</stat>
The following example shows a distribution latency statistic with min, mean, max aspects displayed as an
aspect group in a graph:
<stat type="latency" direction="request">
<aspectGroup displayAs="min-mean-max"/>
</stat>
Supported Statistics
Certain Corvil Dashboard widgets include the definition of statistics. The following tables list the statistics
that are supported for those widgets:
NOTE: Statistics are supported in both request and response directions unless otherwise noted.
CONFIGURABLE STATISTICS
The following table lists the configurable statistics support in widgets:
Time-series and Session Pie (primary
Configurable Statistic Type Numbers
Bar chart table statistic)
measure-count ✔ ✔ ✔ ✔
measure-total ✔ ✔ ✔ ✔
© 2023 Pico Quantitative Trading LLC. All rights reserved 319 .
Time-series and Session Pie (primary
Configurable Statistic Type Numbers
Bar chart table statistic)
measure-min-mean-max
NOTE:
✔ ✔ ✔ ✘
At least one of min, mean, or max
aspect must be defined.
measure-ratio ✔ ✔ ✔ ✘
TCP STATISTICS
The following table lists the TCP statistic support in widgets:
Time-series and Session Pie (primary
TCP Statistic Type Numbers
Bar chart table statistic)
tcp-roundtrip-time
NOTE:
request direction = right roundtrip time
✔ ✔ ✔ ✘
response direction = left roundtrip time
At least one of min, mean, or max
aspect must be defined.
tcp-out-of-sequence-packet-count ✔ ✔ ✔ ✔
tcp-zero-window-packet-count ✔ ✔ ✔ ✔
tcp-packet-count ✔ ✔ ✔ ✔
tcp-retransmitted-oos-percent ✔ ✔ ✔ ✘
tcp-total-goodput ✔ ✔ ✔ ✘
tcp-total-roundtrip-time
NOTE:
Supported in request direction only. ✔ ✔ ✔ ✘
At least one of min, mean, or max
aspect must be defined.
tcp-total-throughput ✔ ✔ ✔ ✘
tcp-connections-exited ✔ ✔ ✔ ✔
tcp-connections-ignored ✔ ✔ ✔ ✔
tcp-connections-initiated ✔ ✔ ✔ ✔
tcp-connections-refused ✔ ✔ ✔ ✔
tcp-max-concurrent-connections ✔ ✔ ✔ ✘
© 2023 Pico Quantitative Trading LLC. All rights reserved 320 .
LATENCY AND LOSS
The following table lists the latency and loss statistic support in widgets:
Pie
Session
Statistic Type Time-series and Bar chart Numbers (primary
table
statistic)
latency
✔
NOTE:
Tag-based charts for mean ✔ ✔ ✘
At least one of min, mean, aspect in the response direction
max or percentile aspect are not supported
must be defined.
loss-percent ✔ ✔ ✔ ✘
loss ✔ ✔ ✔ ✔
NOTE: In software releases earlier than 9.6.2, negative latency reporting is not supported in bar chart,
session table, big numbers widgets and Lens, or in live time series charts for min/mean/max values.
EXPECTED QUEUING
The following table lists the expected queuing statistic support in widgets:
Time-series and Session Pie (primary
Statistic Type Numbers
Bar chart table statistic)
expected-queuing-delay
NOTE:
✔ ✔ ✔ ✘
At least one of min, mean or max
aspect must be defined.
expected-queuing-loss ✔ ✔ ✔ ✘
MESSAGES
The following table lists the message statistic support in widgets:
Time-series and Session Numbers (see Pie (primary
Message Statistic Type
Bar chart table note) statistic)
message-sequence-gap ✔ ✔ ✔ ✔
message-sequence-gap-
✔ ✔ ✔ ✘
percent
message-sequence-count ✔ ✔ ✔ ✔
message-sequence-rate ✔ ✔ ✔ ✘
© 2023 Pico Quantitative Trading LLC. All rights reserved 321 .
Time-series and Session Numbers (see Pie (primary
Message Statistic Type
Bar chart table note) statistic)
message-count ✔ ✔ ✔ ✔
message-rate ✔ ✔ ✔ ✘
message-rate-microburst ✔ ✔ ✔ ✘
message-rate-microburst-1s ✔ ✔ ✔ ✘
message-rate-microburst-
✔ ✔ ✔ ✘
delay-target
message-bitrate-microburst ✔ ✔ ✔ ✘
message-bitrate-microburst-
✔ ✔ ✔ ✘
1s
message-bitrate-microburst-
✔ ✔ ✔ ✘
delay-target
PACKETS
The following table lists the packet statistic support in widgets:
Time-series and Session Numbers (see Pie (primary
Packet Statistic Type
Bar chart table note) statistic)
packet-count ✔ ✔ ✔ ✔
packet-rate ✔ ✔ ✔ ✘
packet-bitrate ✔ ✔ ✔ ✘
packet-bytes ✔ ✔ ✔ ✔
packet-rate-microburst ✔ ✔ ✔ ✘
packet-rate-microburst-1s ✔ ✔ ✔ ✘
packet-rate-microburst-
✔ ✔ ✔ ✘
delay-target
packet-bitrate-microburst ✔ ✔ ✔ ✘
packet-bitrate-microburst-1s ✔ ✔ ✔ ✘
packet-bitrate-microburst-
✔ ✔ ✔ ✘
delay-target
NOTE: Some message and packet statistics can only be displayed in big number widgets if the widget
is displaying data for a single session only. For example, microburst statistics can only be displayed for
a single session because they cannot be aggregated.
NOTE: In release 9.4.3 or later, the values configured for microburst in the service objective applied to
your session are displayed in the legend of time series charts. For example, if you set a one-way
latency of 500ms in the service objective, and your time series chart is displaying results for the
statistic 'packet-bitrate-microburst-delay-target', it will display in the legend as 'session-name -
© 2023 Pico Quantitative Trading LLC. All rights reserved 322 .
Microburst (500ms). Similarly, if you set the User Microburst Minimum Duration to 10ms, the statistic
'message-bitrate-microburst' will display in the legend as 'session-name - Msg. Bitrate Microburst
(10ms)'.
Currently, Microburst threshold information is not shown in the legends of bar chart widgets.
DASHBOARD VALIDATION
Saving a Corvil Dashboard configuration fails in any of the following cases:
l the configuration file is not a well-formed XML document
l the configuration file doesn't conform to the defined XML schema
Disabling strict validation reports warnings rather than failures if configuration objects referenced in the
dashboard file are not defined on the system.
Failures are reported at the top of the screen and the editor indicates the line where the problem was
detected.
From release 9.7.2, management reports and schedules are included in the Dashboard XML
configuration. Errors and warnings related to the configured reports may be generated when you attempt
to install a saved configuration on another CMC. For example, if sessions configured in a report are not
present in any CNE managed by the new CMC, or if the maximum number of reports configured is
exceeded.
NOTE: You can comment out any part of the XML configuration by enclosing it between the following
tags:
<!--
-->
Dashboard Limits
Up to 40 widgets per dashboard, with the following additional limits for every widget type:
l Max 15 time series widgets
l Max 15 bar chart widgets
l Max 10 topN widgets
l Max 35 big number widgets
l Max 10 pie chart widgets
l Max 10 session table widgets
© 2023 Pico Quantitative Trading LLC. All rights reserved 323 .
l Max 10 recent events widgets
l Max 10 notes widgets
l Only one message table widget in Inspect Data
l Max 4 Action widgets
l Up to 20 sessions in an ungrouped time series charts (default value for <limit> element)
l Up to 20 tags in a grouped time series chart (default value for <limit> element)
l Up to 100 (50 in pre-9.6 releases) dashboards (source="user" only, both templated and
non-templated)
l Up to 40 plugin-supplied dashboards (max 40 of each type across all plugins)
l Up to 100 (50 in pre-9.6 releases) Inspect Data dashboards (source="user")
l Up to 10 statistics per time series and bar chart (min, mean, max counted as 3 statistics)
l Up to 30 statistics per session table
l Up to 100 sessions displayed per session table (see note)
l Up to 10 rules in the context filters
NOTE: When adding widgets to a dashboard using the GUI widget editor, once a limit for a dashboard
has been reached, the relevant widget selection will be disabled.
NOTE: For 9.6.x or later releases, you can display up to 100 dashboards on your system per
Dashboard View and 100 dashboards per Inspect Data View, including system-supplied and plugin-
supplied dashboards. In earlier releases, the limit it 50 dashboards. Once you exceed this limit, you will
get an error message and you will not be able to create additional dashboards. However, if you turn off
strict validation in the Dashboard XML file, then instead of an error message, you will get a warning
message saying that you have exceeded the limit and that some system-supplied and plugin-supplied
dashboards are being automatically hidden (these are listed), thus allowing to save your new
dashboards. The hidden dashboards will be removed from the Dashboards / Inspect Data side panels
and the Manage Dashboards screen. The dashboards are hidden starting from the one defined at
bottom of the Dashboard XML file, working upwards.
To view automatically hidden dashboards you will need to manually hide other dashboards on the
Manage Dashboards screen (click Hide on the dashboards) to make room for the automatically
hidden dashboards again.
Automatic hiding of dashboards is not applied to user-defined dashboards. If you try to create more
than 100 (50 in pre-9.6 releases) user-defined dashboards (of either Dashboard or Inspect Data
View), you will get an error message and you will be prevented from saving the dashboard.
© 2023 Pico Quantitative Trading LLC. All rights reserved 324 .
NOTE: The session table widget displays a maximum of 100 sessions. These are the top 100 sessions
after the analytics for all the matching sessions are analyzed and sorted. If you change to a different
sorting statistic, the analytics from all matching sessions are retrieved again, analyzed and the results
are redisplayed, hence the sessions displayed may change.
COPYING A CORVIL DASHBOARD XML
CONFIGURATION
You can copy a dashboard XML configuration from one CNE or Corvil Management Center and paste it to
another CNE or Corvil Management Center Corvil Dashboard screen. However, the dashboard only
displays results if the appropriate set of configuration objects are defined on the target CNE or Corvil
Management Center.
Copying a Dashboard XML Configuration
Step 1
Navigate to the Dashboard page in System Administration mode for the source dashboard XML
configuration.
Step 2
Click and drag to select the XML configuration.
Step 3
Press Ctrl+C or right click on the selected XML configuration and select Copy.
Step 4
Navigate to the Dashboard page in System Administration mode on the target CNE or Corvil
Management Center.
Step 5
Press Ctrl+V or right-click on the Dashboard page and select Paste.
Disabling strict validation reports warnings rather than failures if configuration objects referenced in the
dashboard file are not defined on the system.
© 2023 Pico Quantitative Trading LLC. All rights reserved 325 .
Step 6
Click Save.
WORKING WITH CORVIL DASHBOARD XML
CONFIGURATION FILES
To export a Corvil Dashboard configuration to the local cfg: directory or to a specified URL, use the
Corvil CLI copy command:
copy dashboard-config [cfg:<file-name> | <URL>]
To import a Corvil Dashboard configuration from the local cfg: directory or from a specified URL, use the
following:
copy [cfg:<file-name> | <URL>] dashboard-config
NOTE: To successfully move a Dashboard configuration from one Corvil appliance to another:
- The configuration must be identical on the two devices
- You must do a global replace on the local-cne name, or ip-address, before importing
NOTE: From release 9.7.2, if using this copy command in a CMC, any management report config
present is also copied.
URL can be one of the following:
tftp://<hostname> |<ip address>/<filename>
Specifies the parameters used to save or retrieve configurations. The file is specified by [<file
path>/]<file name>, relative to the directory determined for TFTP access at a TFTP server specified
by the DNS hostname or ip address parameter. The current timeout value for inactivity is approximately
20 minutes.
ftp://<username>@<hostname>/<filename>
Specifies the DNS host name or IPv4 address of a target FTP server. The user account must be specified
using the <username> parameter. The <filename> can be a relative or absolute path on the remote
target server. ftp is relative to the home directory of the user. If you want to use an absolute directory, use
the prefix // before the <filename>. A password prompt will appear once a connection with the server
has been established.
© 2023 Pico Quantitative Trading LLC. All rights reserved 326 .
scp://<username>@<hostname>/<filename>
Specifies the DNS host name or IPv4 address of a target SCP/SSH server. The user account must be
specified using the <username> parameter. scp is relative to the home directory of the user.
if you want to use an absolute directory, use the prefix // before the <filename>. A password prompt
will appear once a connection with the server has been established.
You can use ssh from a remote machine to install, replace, or download a Corvil Dashboard configuration
to or from a Corvil appliance or Corvil Management Center.
To install a Corvil Dashboard configuration on a Corvil appliance or Corvil Management Center using a
Linux, Cygwin, or Unix system, use the following command:
ssh admin@<device-name> install dashboard-config < [<file path>/]<filename>
To replace a Corvil Dashboard configuration on a Corvil appliance or Corvil Management Center using a
Linux, Cygwin, or Unix system, use the following command:
ssh admin@<device-name> install replace-dashboard-config < [<file
path>/]<filename>
To download a Corvil Dashboard configuration from a Corvil appliance or Corvil Management Center
using a Linux, Cygwin, or Unix system, use the following command:
ssh admin@<device-name> retrieve dashboard-config > [<file path>/]<filename>
NOTE: From release 9.7.2, any management report config present in the Dashboard XML of a CMC is
also downloaded and installed when using these commands.
Note that a Corvil Dashboard configuration retrieved in this way cannot be applied directly in the Corvil UI
on the System Adminstration – Dashboards page using copy/paste, due to an additional
<dashboard-config> element added to the downloaded file.
For Windows users, use the following command to install a Corvil Dashboard configuration on a Corvil
appliance:
type [<file path>/]<filename> | ssh admin@<device-name> install dashboard-config
© 2023 Pico Quantitative Trading LLC. All rights reserved 327 .
NOTE: For Windows users, we recommend using the Command Prompt (not Powershell) and the
OpenSSH client.The 'plink' client (part of the puTTY distribution) may not work when using redirects. If
you already have an ssh client installed (for example Cygwin), attempting to install OpenSSH may
cause problems.
If using Powershell, precede the command with cmd \C, for example, cmd \C 'type [<file
path>/]<filename>...'.
© 2023 Pico Quantitative Trading LLC. All rights reserved 328 .
Managing Tagging
Tagging in Corvil enables you to describe and categorize sessions in a meaningful way. You can tag by
whatever criteria you want — some typical examples are geographical region, user and venue.
Tags that have something in common can be included together in Groups, also known as tag-types. In
general, a tag-type is assigned to a broad category, such as Region, whereas a tag specifies the items
within a group, such as Europe.
In this way, tags allow you to to group sessions and, in so doing, return information to you in a meaningful
way.
Corvil automatically applies tags to sessions based on the session’s underlying configuration attributes,
including:
l Src/Dst Subnet
l Custom-signature
l Configurable-stats-maps
l Service-objectives
l Classification Policy
l Parent Session
l Network and Message Filters
For example, this means you can
l filter or define a Trading dashboard to show all sessions configured with specific trading met-
rics based on a common configurable statistic configuration
l filter or define a Market Data dashboard to show all sessions doing gap detection based on a
common service objective that applies that configuration
l define a Corvil Management Center Lens view broken down by CNE and Subnet
l find all sessions measuring a specific type of latency
Tagging can be managed from Corvil Management Center or from individual CNEs. In the UI, you manage
tagging by selecting System Administration from the menu.
© 2023 Pico Quantitative Trading LLC. All rights reserved 329 .
Then, in the Sys Admin screen, click Manage Tags.
Here you can view, add, remove, and filter tags and tag-types.
NOTE: On the CMC, tag changes are pushed to managed CNEs immediately. For releases 9.6.2 or
later, tag changes are not pushed for CNEs that are not currently in sync with the CMC due to local
configuration changes on the CNE.
On the Corvil Discovery screen, you can click on the Manage Tags button to go directly to the Sys Admin
Manage Tags page.
© 2023 Pico Quantitative Trading LLC. All rights reserved 330 .
VIEWING TAGGING INFORMATION
The Manage Tags screen has the following columns:
Name
At the group level, displays the name(s) of the group(s) into which sessions have been categorized.
At the session level, displays the name of the session as manually defined, or derived from the Discovery
session-key rule defined in the UI or CLI.
#Sessions
When sessions are organized into groups, displays the number of sessions in each group.
Tags
The tags and tag-types associated with each session. Up to 10 tags are permitted. The format is as
follows:
Tag-type: tag
Note that system tags are grayed out and not editable.
Hover over the Tag column for any session to quickly view its tags and tag-types in a tooltip.
In the example above, note that the session “Berlin” has the following associated tag-types and tags:
l Country - Germany
l Region - Europe
l Site - Berlin
l ClassificationPolicy - default
l DestinationSubnet - any
l ServiceObjectives - network-service-objective-default
l SourceSubnet - Berlin
© 2023 Pico Quantitative Trading LLC. All rights reserved 331 .
To view all sessions grouped with a particular tag-type, select the tag-type – for example, Country – from
the Group drop-down menu, and click Apply.
The sessions are now grouped by Country.
To expand any country, for example, USA, click . This enables you to view its member sessions and their
associated tags and tag-types:
© 2023 Pico Quantitative Trading LLC. All rights reserved 332 .
Note that when you select any group, additional group drop-down menus appear, allowing you to display
results for up to two more groups. For example, you can view sessions grouped by country, site, and
classification policy.
ADDING AND REMOVING A TAG AND TAG-TYPE
To add a tag to a session, select the check box beside the session and click Add Tag.
A screen displays, allowing you to select an existing tag type and add a tag to it. For example, to add a
new gateway called GW1, select the Gateway tag-type, type the new tag, and click Add Tag.
NOTE: It is recommended to tag all defined sessions so that the tags can be used to create relevant
Dashboard and Lens views.
If you don’t see a suitable tag-type, you can create a new one. Select Create a new tag-type… from the
drop-down list.
© 2023 Pico Quantitative Trading LLC. All rights reserved 333 .
Then add your new tag-type, plus the associated tag, and click Add Tag.
To remove a tag and its tag-type, select the session and click Remove Tag. In the screen that displays,
select the tag-type and click Remove Tag. Both it and its tag are removed.
NOTE: If adding or removing a tag from the CMC, the tag changes are pushed to managed CNEs
immediately. For releases 9.6.2 or later, tag changes are not pushed for CNEs that are not currently in
sync with the CMC due to local configuration changes on the CNE. A message will display on the
© 2023 Pico Quantitative Trading LLC. All rights reserved 334 .
Add/Remove tag window informing you of this and recommending you to manually sync the affected
CNEs.
FILTERING TAGGING INFORMATION
You can filter the information displayed on the Manage Tags screen.
Select Filter and then define one or more filters based on group names, session names or tags and click
Apply. For example, you could define a filter to display all sessions except ones for North America.
Or you can focus on a particular policy (for example, setting a filter: ClassificationPolicy is newyork-
policy).
If you have a large number of tags and tag-types, this allows you to find certain sessions quickly and
efficiently. You can also find sessions by applying a session filter (for example, Session Contains BNK).
MANAGING TAGGING USING THE CLI
Tagging can be managed from the CMC or from individual CNEs using the CLI.
Viewing Tagging Information
To view current tag-types, use the show tag-type command.
host(config)$ show tag-type
tag-type Class
tag-type ClassGroup
tag-type ClassificationPolicy
tag-type Client
© 2023 Pico Quantitative Trading LLC. All rights reserved 335 .
tag-type ConfigurableStats
tag-type CustomSignature
tag-type DestinationSubnet
tag-type Gateway
tag-type MessageFilter
tag-type NetworkFilter
tag-type ParentSession
tag-type Protocol
tag-type ServiceObjectives
tag-type SourceSubnet
tag-type Team
tag-type Venue
tag-type physical-port
host(config)$
To view tag-types, and associated tags, tags for a particular session, use the show session command.
In the example below, the session Bergman has two associated tag-types, Client and Gateway, tagged
“Bergman” and “GW1”, respectively. This allows you to group sessions by client and gateway to get a per-
client view of performance.
session Bergman
session-operation online
attached-port PortA
session-type bidirectional-symmetric
.
.
.
tag Client Bergman
tag Gateway GW1
Adding and Removing a Tag and Tag-Type
To create a new tag-type, use the tag-type command:
host(config)$ tag-type Team
To add a tag-type to a session, first use the session command to configure the session, and then use
the tag command to add tags, specifying existing tag-types. For example:
© 2023 Pico Quantitative Trading LLC. All rights reserved 336 .
host(config)$ session Bergman
host(config-session)$ tag Team US-West
host(config-session)$ tag physical-port A
host(config-session)$
To remove a tag and its tag-type, use the no tag command, specifying the tag-type:
no tag <tag-type>
For more information about tagging in the CLI, please refer to the section Defining Tag-types for
Application Session Discovery in the Corvil Configuration Guide.
NOTE: If adding or removing a tag from the CMC, the tag changes are pushed to managed CNEs
immediately. For releases 9.6.2 or later, tag changes are not pushed for CNEs that are not currently in
sync with the CMC due to local configuration changes on the CNE. If you run the command show
detailed cne-status right after adding the tag, you will see a message stating that the config
push failed because the CNE has local changes.
© 2023 Pico Quantitative Trading LLC. All rights reserved 337 .
Configuring UI Reporting Periods
UI REPORTING PERIODS OVERVIEW
Corvil supports both built-in and user-defined UI reporting periods. The various UI reporting periods are
available to select from UI monitoring screens (for example, Dashboards)
The built-in reporting periods may be enabled or disabled via the Corvil Management Center and CNE
CLI. If a built-in reporting period is disabled, it remains on the system, but is not available to select via the
UI.
User-defined reporting periods are also configurable via the Corvil Management Center and CNE CLI and
can be defined, edited or deleted.
User-defined reporting periods are
l less than 24 hours and refer to the current day
l summarized every five minutes
NOTE: When using Corvil Management Center to browse CNE results, only those user-defined
reporting periods defined on Corvil Management Center are available.
REPORTING PERIOD BUDGET
Before a user-defined reporting period is added to the configuration, a budgeting check is performed. The
budgeting calculation only takes into account the number of reporting periods with five-minute updates.
For a maximum-sized configuration (that is, a configuration using the maximum number of runtime
classes on a given CNE) there is an overall budget of up to three reporting periods with five-minute
updates. The budget can be used by any combination of system- and user-defined reporting periods.
If the budget is exceeded by adding a new reporting period, you are notified via an error message. You
can then decide whether to delete an existing user-defined reporting period or disable a system-defined
reporting period to make room for the new one. For more information, refer to the sections "Displaying or
Suppressing System-Defined UI Reporting Periods" on page 343 and "Defining and Deleting User-Defined
Reporting Periods" on page 344.
© 2023 Pico Quantitative Trading LLC. All rights reserved 338 .
To establish the reporting period budget you have to work with:
l Check the maximum number of supported runtime classes on the CNE
l Check the number of runtime classes currently in use
To check the maximum number of runtime classes on a particular CNE, use the system-setting
command. In the following example the maximum number of runtime classes on this CNE is 800:
host(config)$ system-setting performance-class-limit ?
<10-800> max active classes
To check the number of runtime classes being used in the current configuration, use the status
command. In the following example, there are 262 runtime classes in the current configuration and 13
defined reporting periods (the enabled reporting periods number here includes both user-defined and
system-defined reporting periods):
host(config)$ status
CNE software: Version 9.0
CorvilMeter software: CDK_3_0_BUILD_67 (conf Jun 13 22:42:09 2014)
Application Recognition Module: ARM v6.82 (full)
.
.
.
Configuration totals:
nso-maps: 6 peer-interfaces: 0
subnet groups: 131 cnes: 1
custom applications: 47 sessions (max: 800): 6
matches: 169 unidirectional sessions: 0
class-maps: 35 bidirectional sessions: 3
configurable-stats-maps: 2 multihop groups: 0
measures: 11 hops: 0
policy-maps: 2 user access groups: 0
custom signatures: 1 multicast data feeds: 0
signature rules: 7 sessions (max: 400): 1
custom translations: 0 tag-types: 3
translation rules: 0 capture fields: 115
sites: 1 field patterns: 26
routers: 0 enabled reporting periods: 13
interfaces: 0 analytics streams: 1
configured classes: 2 active conf-min-mean-maxes: 4
active classes: 262 active conf-totals: 2
service policies: 0 active conf-ratios: 2
active conf-counts: 14
Packets dropped during disk capture: 0
© 2023 Pico Quantitative Trading LLC. All rights reserved 339 .
So in this example, the configuration is using around one-third of the available runtime classes (262/800),
so there is an effective upper limit of nine (3 * 3) reporting periods with 5-minute updates. If there were
around 400 runtime classes in use, then in this example you could have up to six reporting periods with 5-
minute updates.
When you define a new reporting period on Corvil Management Center, and the changed configuration is
pushed to the CNEs, if the budgeting checks fail on any of the CNEs, the configuration push is marked as
failed. For example, if you check the status of the configuration push using the show detailed cne-
status command, the following error message is displayed:
host(config)$ show detailed cne-status
nyc-cne:
-------------------------------------------------------------------
IP address: 192.168.2.98
Management mode: Monitor and configure (auto-push)
Status: Failed to apply configuration
Updated: 10 seconds ago
Pending updates: configuration upload
Error message: Updater error: CNE returned error: Too many reporting periods
enabled for a configuration of this size.
.
.
.
The system also checks when sessions and policy maps are configured to determine if adding a session
or class fits within the allowed reporting period budget. It is not possible to add or modify a session or a
policy map class if the change would result in the total exceeding the maximum allowed budget.
On a Corvil Management Center these budgeting checks are performed on each managed CNE after the
configuration is pushed. If the budgeting checks fail on the CNE the configuration push is marked as
failed.
NOTE: Corvil Management Center supports monitoring and managing up to 20 CNEs that have a
maximum-sized configuration. This includes support for up to three reporting periods with 5-minute
updates.
However, configuring additional user-defined reporting periods on Corvil Management Center
impacts proportionally on the number of supported CNEs with a maximum-sized configuration.
For example, let's say you define an extra three user-defined reporting periods without disabling any
system-defined reporting periods, giving a total of six reporting periods with 5-minute updates. This is
double the number of 5-minute reporting periods so in this case Corvil Management Center supports
© 2023 Pico Quantitative Trading LLC. All rights reserved 340 .
up to ten CNEs with a maximum-sized configuration.
CHECKING THE STATUS OF UI REPORTING PERIODS
To check the current status of system- and user-defined reporting periods, use the CLI show
reporting-period command:
host(config)$ show reporting-period
reporting-period "Last 7 days"
enable
reporting-period "Last 60 days"
enable
reporting-period "Last 48 hours"
enable
reporting-period "Last 30 days"
enable
reporting-period "Last 24 hours"
enable
default-view
reporting-period "Last 12 hours"
reporting-period "Last 1 hour"
enable
reporting-period "Business Day"
from 09:00
to 17:00
timezone use-default
enable
The preceding example shows the default status of system- and user-defined reporting periods.
The system-defined reporting periods are as follows:
l Last 7 days
l Last 60 days
l Last 48 hours
l Last 30 days
l Last 24 hours (the system-default reporting period when using UI monitoring screens)
l Last 12 hours (disabled by default)
l Last 1 hour
© 2023 Pico Quantitative Trading LLC. All rights reserved 341 .
An example user-defined reporting period named Business Day is provided by default. Like all user-
defined reporting periods, it has a fixed start and end time within a single day and is configured for a
particular time zone. In the preceding example, the default time zone is specified, that is, the currently
configured time zone on the Corvil Management Center or CNE being configured.
DEFINING, DISPLAYING AND SUPPRESSING UI
REPORTING PERIODS - EXAMPLE
To define a new UI reporting period:
l Name the new reporting period using the reporting-period command
l Specify the start time of the reporting period with the from command
l Specify the end time of the reporting period with the to command
l Specify the time zone of the reporting period using the timezone command
l Specify that the reporting period be displayed in the UI with the enable command, or specify
that the reporting period be suppressed with the no enable command
In the following example, a new reporting period named Working Day: 8am – 8pm is defined, and is
displayed as an available Reporting Period in the UI:
host(config)# reporting-period "Working Day: 8am – 8pm"
host(config-reporting-period)# from 08:00
host(config-reporting-period)# to 20:00
host(config-reporting-period)# timezone use-default
host(config-reporting-period)# enable
NOTE: It's a good idea to include the time period covered in the reporting period name so that it is clear
when the reporting period is displayed in the UI.
To display or suppress a built-in UI reporting period:
l Specify the reporting period of interest using the reporting-period command
l Specify that the reporting period be displayed in the UI with the enable command, or specify
that the reporting period be suppressed with the no enable command
© 2023 Pico Quantitative Trading LLC. All rights reserved 342 .
As noted above, the built-in reporting period named Last 12 hours is disabled by default. In the following
example, the Last 12 hours reporting period is enabled. This means that Last 12 hours is now available to
select as a reporting period in the UI:
host(config)# reporting-period "Last 12 hours"
host(config-reporting-period)# enable
In the following example, the built-in reporting period named Last 48 hours is disabled. This means that
the reporting period named Last 48 hours is not now available to select in the UI:
host(config)# reporting-period "Last 48 hours"
host(config-reporting-period)# no enable
In this example, the Last 48 hours option is no longer displayed, and the Working Day reporting period is
now available.
DISPLAYING OR SUPPRESSING SYSTEM-DEFINED UI
REPORTING PERIODS
You can choose whether to display or remove a given built-in reporting period from the UI. Built-in
reporting periods cannot be deleted from the system.
At least one built-in reporting period must remain enabled for display in the UI.
To display or suppress a built-in UI reporting period:
l Specify the reporting period of interest using the reporting-period command
l Specify that the reporting period be displayed in the UI with the enable command, or specify
that the reporting period be suppressed with the no enable command
To edit a built-in reporting period, first use the reporting-period command.
reporting-period <reporting-period-name>
reporting-period-name
Specify the name of the built-in reporting period to be edited.
The built-in reporting periods are as follows:
© 2023 Pico Quantitative Trading LLC. All rights reserved 343 .
l Last 7 days
l Last 60 days
l Last 48 hours
l Last 30 days
l Last 24 hours
l Last 12 hours (disabled by default)
l Last 1 hour
To specify whether a reporting period is available for selection when using the UI monitoring screens and
Corvil Lens, use the enable or no enable command.
DEFINING AND DELETING USER-DEFINED
REPORTING PERIODS
To define a new UI reporting period:
l Name the new reporting period using the reporting-period command
l Specify the start time of the reporting period with the from command
l Specify the end time of the reporting period with the to command
l Specify the time zone of the reporting period using the timezone command
l Specify that the reporting period be displayed in the UI with the enable command, or specify
that the reporting period be suppressed with the no enable command
To define or edit a user-defined reporting period that can be selected when using Corvil Lens, first use the
reporting-period command.
Use the no form of the command to delete user-defined reporting periods from the system.
reporting-period <reporting-period-name>
no reporting-period <reporting-period-name | *>
reporting-period-name
© 2023 Pico Quantitative Trading LLC. All rights reserved 344 .
Specifies the name of a new reporting period to be defined or the name of an existing reporting period to
be edited.
NOTE: It's a good idea to include the time period covered in the reporting period name so that it is clear
when the reporting period is displayed in the UI.
User-defined reporting periods require a fixed start and end time within a single day in a particular time
zone. Use the from, to and timezone commands to specify these details.
from <reporting-period-start-time>
to <reporting-period-end-time>
timezone <use-default | zone>
reporting-period-start-time
Specifies the start time of a user-defined reporting period.
Enter a time in the following format: HH:MM
reporting-period-end-time
Specifies the end time of a user-defined reporting period.
Enter a time in the following format: HH:MM
use-default
Specifies that the time zone defined on the Corvil Management Center or CNE is used.
This is the default setting if the timezone command is not used.
zone
Name of the time zone, as per Java. The complete list of available Java time zone names is as follows:
l IDLW (GMT-12:00) IDLW (International Date Line West)
l Pacific/SST (GMT-11:00) Midway Island, Samoa
l US/Hawaii (GMT-10:00) Hawaii
l US/Alaska (GMT-09:00) Alaska
l US/Pacific (GMT-08:00) Pacific Time (US & Canada); Tijuana
© 2023 Pico Quantitative Trading LLC. All rights reserved 345 .
l US/Arizona (GMT-07:00) Arizona
l US/Mountain (GMT-07:00) Mountain Time (US & Canada)
l America/Chihuahua (GMT-07:00) Chihuahua, Mazatlan
l Canada/Saskatchewan (GMT-06:00) Saskatchewan
l US/Central (GMT-06:00) Central Time (US & Canada)
l America/Mexico_City (GMT-06:00) Mexico City
l America/Central (GMT-06:00) Central America
l America/Indiana (GMT-05:00) Indiana (East)
l America/Bogota (GMT-05:00) Bogota, Lima, Quito
l America/EST (GMT-05:00) Eastern Standard Time (no daylight saving)
l US/Eastern (GMT-05:00) Eastern Time (US & Canada)
l America/VET (GMT-04:30) Caracas
l Canada/AST_ADT (GMT-04:00) Atlantic Time (Canada)
l America/CLT_CLST (GMT-03:00) Santiago
l America/ART (GMT-03:00) Buenos Aires
l Greenland (GMT-03:00) Greenland
l Brasil/BRT_BRST (GMT-02:00) Brasilia
l Atlantic/FNT (GMT-02:00) Mid-Atlantic
l Atlantic/CVT (GMT-01:00) Cape Verde Is.
l Atlantic/AZOT_AZOST (GMT-01:00) Azores
l UTC (GMT+00:00) Coordinated Universal Time
l GMT (GMT+00:00) Greenwich Mean Time
l Africa/WET (GMT+00:00) Casablanca, Monrovia
l Europe/UK (GMT+00:00) London, Edinburgh
l Europe/WET_WEST (GMT+00:00) Lisbon
l Europe/Ireland (GMT+00:00) Dublin
l Europe/CET_CEST_Ams (GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm
l Europe/CET_CEST_Bel (GMT+01:00) Belgrade, Bratislava, Budapest, Ljubljan
l Europe/CET_CEST_Bru (GMT+01:00) Brussels, Copenhagen, Madrid, Paris
l Europe/CET_CEST_Sar (GMT+01:00) Sarajevo, Skopje, Warsaw, Zagreb
l Africa/CET_CEST (GMT+01:00) West Central Africa
© 2023 Pico Quantitative Trading LLC. All rights reserved 346 .
l Europe/EET_EEST_Ath (GMT+02:00) Athens, Istanbul, Minsk
l Europe/EET_EEST_Buc (GMT+02:00) Bucharest
l Africa/EET_EEST (GMT+02:00) Cairo
l Africa/CAT (GMT+02:00) Harare, Pretoria
l Europe/EET_EEST_Hel (GMT+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vi
l Asia/Jerusalem (GMT+02:00) Jerusalem
l Asia/AST (GMT+03:00) Kuwait, Riyadh
l Africa/EAT (GMT+03:00) Nairobi
l Asia/AST_ADT (GMT+03:00) Baghdad
l Europe/MSK_MSD (GMT+04:00) Moscow, St. Petersburg, Volgograd
l Asia/GST (GMT+04:00) Muscat, Abu Dhabi
l Asia/AZT_AZST (GMT+04:00) Baku, Tbilisi, Yerevan
l Asia/PKT (GMT+05:00) Karachi, Islamabad, Tashkent
l Asia/YEKT_YEKST (GMT+06:00) Ekaterinburg
l Asia/BDT (GMT+06:00) Dhaka, Astana
l Asia/ALMT_ALMST (GMT+06:00) Almaty, Novosibirsk
l Asia/ICT (GMT+07:00) Bangkok, Hanoi, Jakarta
l Asia/KRAT_KRAST (GMT+08:00) Krasnoyarsk
l Asia/Hongkong (GMT+08:00) Hong Kong, Beijing, Chongqing, Urumqi
l Asia/SGT (GMT+08:00) Singapore, Kuala Lumpur
l Australia/Perth (GMT+08:00) Perth
l Asia/Taipei (GMT+08:00) Taipei
l Asia/IRKT_IRKST (GMT+09:00) Irkutsk, Ulaan Bataar
l Asia/JST (GMT+09:00) Tokyo, Osaka, Sapporo
l Asia/KST (GMT+09:00) Seoul
l Asia/YAKT_YAKST (GMT+10:00) Yakutsk
l Australia/Brisbane (GMT+10:00) Brisbane
l Pacific/ChST (GMT+10:00) Guam, Port Moresby
l Australia/Canberra (GMT+11:00) Canberra, Melbourne, Sydney
l Australia/Hobart (GMT+11:00) Hobart
l Asia/Vladivostok (GMT+11:00) Vladivostok
© 2023 Pico Quantitative Trading LLC. All rights reserved 347 .
l Asia/MAGT_MAGST (GMT+12:00) Magadan, Solomon Is., New Caledonia
l Pacific/FJT (GMT+12:00) Fiji, Kamchatka, Marshall Is.
l Pacific/NZST_NZDT (GMT+13:00) Auckland, Wellington
l Pacific/Nukualofa (GMT+13:00) Nuku'alofa
NOTE: No update to a user-defined reporting period is made if the Corvil Management Center or CNE
time zone is changed.
Finally, to specify that the reporting period is available for selection in Corvil Lens, use the enable
command.
enable
If you decide to suppress the display of the user-defined reporting period from Corvil Lens, use the no
enable command.
To remove a user-defined reporting period from the system, use the no reporting-period
command.
SETTING THE DEFAULT UI REPORTING PERIOD
The default reporting period when using the UI monitoring screens and Corvil Lens is Last 24 hours. To
change the default reporting period selected when using the UI monitoring screens and Corvil Lens, use
the default-view command in the reporting-period context.
default-view
In the following example, the default reporting period when using the UI monitoring screens or Corvil Lens
is changed from Last 24 hours (the system default) to Last 1 hour:
host(config)# reporting-period "Last 1 hour"
host(config-reporting-period)# default-view
In the following example, a new reporting period named Working Day is defined, including the defined time
period in the name. This new reporting period is also defined as the default reporting period when using
the UI monitoring screens and Corvil Lens:
© 2023 Pico Quantitative Trading LLC. All rights reserved 348 .
host(config)# reporting-period "Working Day: 9am – 6pm"
host(config-reporting-period)# from 09:00
host(config-reporting-period)# to 17:00
host(config-reporting-period)# timezone use-default
host(config-reporting-period)# enable
host(config-reporting-period)# default-view
© 2023 Pico Quantitative Trading LLC. All rights reserved 349 .
IP Host Resolution
IP HOST RESOLUTION OVERVIEW
You can enable IP Host Resolution to view host names in UI results as opposed to host IP addresses.
When IP host resolution is disabled, only IP addresses are displayed, as in the example shown below.
ENABLING IP HOST RESOLUTION
To enable IP Host Resolution via the UI, first ensure that a suitable DNS server is defined using the CLI
domain command. See the topic "domain" on the Customer Center or in the Corvil CLI Command
Reference Guide for details.
Once this is done, IP Host Resolution can be enabled or disabled via the menu.
© 2023 Pico Quantitative Trading LLC. All rights reserved 350 .
Once enabled, host names are resolved, as shown below.
IP Host resolution works across Corvil: that is, if you enable it in Dashboards, host names will also be
resolved in other views, such as Inspect Data and Streams.
CONFIGURING THE IP HOST RESOLVER TO
SHORTEN DISPLAYED FQDNS
Sometimes resolved fully qualified domain names (FQDN) may be lengthy and difficult to read at a glance
within the Corvil Dashboards.
The following example shows a set of fully qualified domain names in the Corvil dashboards, in their
original lengthy form.
© 2023 Pico Quantitative Trading LLC. All rights reserved 351 .
You can shorten these fully qualified names to just the host name to make them more legible using the CLI
metadata-translation-map command, which allows you to specify how metadata information
should be displayed.
To define a metadata-translation-map, use
metadata-translation-map <metadata-translation-map-name>
where <metadata-translation-map-name> must be set to the special name "IP host resolver" (the
name is case-sensitive).
Once you have defined this metadata-translation-map, you enter the metadata-translation-map context,
where you use the translate-text command to specify the alternative text to replace the original text,
as follows:
translate-text <source-text> <translated-text>
In the following example the ".local.corvil.com" text in the fully qualified domain names shown in the
preceding example is replaced with whitespace:
host(config)$ metadata-translation-map "IP host resolver"
host(config-metadata-translation-map)$ translate-text .local.corvil.com " "
The whitespace gets stripped out during UI display and in this example, the following is displayed in the UI:
© 2023 Pico Quantitative Trading LLC. All rights reserved 352 .
Corvil Discovery
Discovery Overview 354
Viewing the Application Session Discovery Screen 356
Monitoring Sessions 359
Promoting Discovered Sessions to Monitored Sessions 360
Deleting and Blacklisting Sessions 361
Configuring Automatic Session Monitoring 362
Disabling Automatic Session Monitoring 363
Filtering Discovery Information 364
Viewing Tagging Information From Discovery 365
© 2023 Pico Quantitative Trading LLC. All rights reserved 353 .
Discovery Overview
Discovery enables Corvil to produce a complete view of network performance from decoded network
data. Corvil non-intrusively monitors network data from aggregation switches, as well as taps, SPANs,
and other sources of packet capture. For example, Corvil can ingest data from hundreds of
instrumentation points in a single data center. Discovery processes all of this network data and provides
not only protocol identification, but complete application visibility.
Discovery builds and maintain a complete, live inventory of all applications and infrastructure, including
activity you didn’t know about.
Every time Corvil sees a new network data flow, Corvil initiates Discovery. Discovery initially identifies
network protocols and applications by inspecting packet payload. You may be familiar with traditional
deep packet inspection methods, but Corvil Discovery is different.
Corvil ships with pre-installed plugins so Discovery can automatically decode packet payload for a range
of protocols and applications. Discovery figures out which of the installed Corvil plugins is the best
candidate to fully decode the packet payload. Subseqent packets from a particular flow are then directed
to the same Corvil plugin for full decode. While the network data flows are decoded, Discovery extracts
information that identifies unique application sessions. Discovery then automatically tags and organizes
the application sessions for analysis in the Corvil UI.
If the initial choice of plugin is not successful, Discovery applies an alternative from the available
candidates installed on the system. If there’s no matching plugin available, the network flow data is stored
and shown in the UI as unknown. You can then use Corvil to do network-level analysis on any such flows.
Additional plugins are available for download from Corvil's extensive library, which is updated every
month.
The Corvil plugins employed by Discovery also automatically calculate application-specific analytics. So,
for example, Discovery can identify all incoming FIX traffic and summarize key metrics. Or summarize
Voice-over-IP call quality by user, site and gateway and automatically report Mean-Opinion-Score values.
© 2023 Pico Quantitative Trading LLC. All rights reserved 354 .
Corvil can also index the decoded application data generated by Discovery, making it searchable using
Data Search. For example, you can search for results based on transaction IDs, specific URLs or
customers.
Whenever Corvil sees a new network flow, Discovery begins the process again. Discovery automatically
updates its network activity inventory to reflect changes in the network as they happen. With Discovery
you can proactively monitor and manage network performance, deploying resources effectively and
addressing potential performance issues early.
For more information on using the Discovery screen, please refer to the following topics:
"Viewing the Application Session Discovery Screen" on the next page
"Monitoring Sessions" on page 359
"Promoting Discovered Sessions to Monitored Sessions" on page 360
"Configuring Automatic Session Monitoring" on page 362
"Filtering Discovery Information" on page 364
"Viewing Tagging Information From Discovery" on page 365
For more information on configuring application session discovery, please refer to the following topic:
"Configuring Application Session Discovery"
"Protocol Discovery"
© 2023 Pico Quantitative Trading LLC. All rights reserved 355 .
Viewing the Application Session Discovery
Screen
To open the Application Session Discovery screen, log in to the Corvil UI as an admin user and select
Discovery.
If you are logged in as an admin user, you can use the Discovery screen to manage the process. If you
are not logged in as an admin user, you can monitor Discovery results only.
The Application Session Discovery screen displays the discovered applications and protocols:
Discovery is live and refreshed every few seconds. Live updates may be paused and restarted at any time
by toggling the Pause/Play button.
Live message information is displayed for each detected session. Message rate information is also
displayed for individual sessions.
Discovery displays each detected protocol and application as an object called a parent session.
As new sessions are discovered for a particular application, they are grouped under the related parent
session.
By default the session information is grouped by parent session and session status, so results are initially
grouped under the parent measurement session into:
l Discovered – detected sessions with no measurement
© 2023 Pico Quantitative Trading LLC. All rights reserved 356 .
l Monitored – detected sessions with full measurement
NOTE: Discovered or monitored sessions that have no defined parent-session are displayed as
Unconfigured.
Corvil supplies a default naming scheme for discovered sessions based on information extracted from the
decoded data.
Initially, parent sessions are listed alphabetically but you can sort by any column.
When session discovery and automatic session monitoring are enabled, the system automatically starts
doing full measurement for a certain number of sessions (configurable using the UI or the CLI
generate-child-sessions max command) as soon as they are detected. If there are more
sessions detected, these are indicated as having been discovered, but no measurement is performed.
NOTE: If you are using Corvil Management Center, you select the appropriate CNE from the Select
CNE: drop-down. The list contains all managed-auto and managed-manual CNEs and for each CNE
displays the total number of sessions present on that CNE (monitored, discovered and blacklisted).
The Application Session Discovery table contains only sessions from the selected CNE.
If CNE is managed-manual, all actions performed on sessions only affect the local Corvil Management
Center configuration, except for deleting discovered sessions, which is pushed to the CNE
immediately.
The Application Session Discovery table displays all sessions retrieved from the CNE (local Corvil
Management Center configuration does not affect sessions displayed on the screen in any way).
If the Corvil Management Center configuration is out-of-sync with the CNE, a Sync Configs button is
displayed. Clicking Sync Configs results in the Corvil Management Center doing an immediate
configuration synchronize operation with the CNE. When the configurations are in sync again the
Sync Configs button is no longer active.
APPLICATION SESSION DISCOVERY SCREEN
INFORMATION
The session information displayed is as follows:
© 2023 Pico Quantitative Trading LLC. All rights reserved 357 .
Name
At the group level, displays the name(s) of the group(s) into which sessions have been categorized. At the
session level, displays the name of the session as derived from the session-key rule defined in the UI, or
CLI with the session-key-rule command.
#Sessions
When sessions are organized into groups, displays the number of sessions in each group.
Session Status
Displays the current status of the session:
l Discovered – indicates that the session has been automatically identified by the system but
is not currently monitoring measurements
l Monitored – indicates that the discovered session is fully-defined in the system and mon-
itoring measurements
l Blacklisted – indicates that the session has been marked as blacklisted in the UI, or CLI with
the blacklist-session-key command
l Unconfigured – indicates that the session has no session defined.
First Seen Msg.
Displays the time when the first message was seen for the session in either direction.
Last Seen Msg.
Displays the time when the last message was seen for the session in either direction.
Messages
Displays the message count.
Message Rate (msgs/s)
Displays the measured message rate for the session, measured over the lifetime of the session, measured
by taking message count in both directions of a session and dividing it by the time between the "first msg
seen" and "last message seen" in both directions.
The table can be sorted by any column.
© 2023 Pico Quantitative Trading LLC. All rights reserved 358 .
Monitoring Sessions
To start monitoring discovered sessions, click and specify how many sessions to automatically
monitor:
NOTE: Performing this action changes the analytics plug-in-supplied and managed configuration, and
this is indicated in the CLI when you use the show config command. Changes such as this may
block attempts to delete analytics plug-in configuration with the no import-decoder-config
command.
You can switch to the other Corvil screens to see monitoring results. For example, Corvil Lens results are
reported for the monitored application sessions.
NOTE: For more information on using Corvil Lens, refer to the section "Corvil Lens" on page 366. For
analytics plug-ins that do not include session discovery configuration, some additional CLI
configuration is required. For more information, refer to the section Configuring Application Session
Discovery in the Corvil Configuration Guide.
© 2023 Pico Quantitative Trading LLC. All rights reserved 359 .
Promoting Discovered Sessions to
Monitored Sessions
If you are logged in as an admin user, you can promote discovered sessions to monitored.
To promote a discovered session to a monitored session, select the check box to the left of the session
name.
Entire groups of sessions may be promoted by selecting the check box to the left of the group name.
You can also press the Shift key and click to select multiple sessions.
Select Monitor and click Apply.
© 2023 Pico Quantitative Trading LLC. All rights reserved 360 .
Deleting and Blacklisting Sessions
If you are logged in as an admin user you can delete and blacklist sessions.
Deleting a session removes it and all its measurements from Corvil. However, unless the associated
service has been removed from your network, Corvil will rediscover it and add another session in its place.
To delete a single session, select the check box to the left of the session name.
Entire groups of sessions may be deleted by selecting the check box to the left of the group name.
You can also press the Shift key and click to select multiple sessions.
Select Delete and click Apply.
However, if you no longer want to monitor a service that exists in your network, blacklisting is a better
option.
If you blacklist a session, any historical measurements are lost. But Corvil holds on to the session and you
can either remove it from the blacklist, leaving it as a discovered session, or start monitoring it again. If you
want to prevent certain sessions from being automatically generated, they can be blacklisted.
To blacklist a single session, select the check box to the left of the session name.
One or more session can be selected as described above and then select Blacklist and click Apply.
To remove one or more sessions from the blacklist, select them, select Unblacklist and click Apply.
© 2023 Pico Quantitative Trading LLC. All rights reserved 361 .
Configuring Automatic Session Monitoring
If you are logged in as an admin user, you can configure automatic session monitoring.
When the maximum number of monitored sessions for a parent session has been hit, the parent session
row is highlighted. Rolling over the parent session name displays the indication that automatic session
monitoring for the session is disabled because the maximum number of monitored sessions has been
reached.
To increase the maximum number of monitored sessions for the parent session, click .
Limit the number of monitored sessions to a new maximum value (up to the maximum number of
sessions supported on the CNE – use the status CLI command to check) and click Apply.
Attempting to reduce the number of monitored sessions displays a warning message.
© 2023 Pico Quantitative Trading LLC. All rights reserved 362 .
Disabling Automatic Session Monitoring
Click and clear the Monitor sessions automatically check box and click Apply to disable automatic
session monitoring.
Disabling automatic session monitoring stops the generation of new monitored sessions. Existing
sessions continue to be monitored.
© 2023 Pico Quantitative Trading LLC. All rights reserved 363 .
Filtering Discovery Information
You can filter the information displayed on the Discovery screen.
Select Filter and then define one or more filters based on group names, session names or tags and click
Apply.
For example, you could define a filter to display only blacklisted sessions.
Or you can focus on a particular application (for example, setting a filter: Application Is DNS).
Or you can check the status of certain sessions (for example, setting a filter: Session Contains BNK).
This is a great way of sorting through your discovered sessions efficiently.
© 2023 Pico Quantitative Trading LLC. All rights reserved 364 .
Viewing Tagging Information From
Discovery
Tagging in Corvil enables you to describe and categorize sessions in a meaningful way. You can tag by
whatever criteria you want — some typical examples are geographical region, user and venue. You can
also group tags into tag-types.
Corvil automatically applies tags to sessions based on the session’s underlying configuration attributes,
such as service objectives, subnets and message filters.
You can manage tagging for your discovered sessions by clicking on the Manage Tags button on the top
right of the Discovery screen. This opens the Manage Tags page of the System Administration screen.
Here you can view, add, remove, and filter tags and tag-types. For more information on tags and how to
manage them, please refer to the section "Managing Tagging" on page 329.
© 2023 Pico Quantitative Trading LLC. All rights reserved 365 .
Corvil Lens
What is Corvil Lens 367
Viewing Lens 368
Viewing Results By Group 376
Adding and Hiding Lens Columns 380
Filtering Lens Results 382
Defining Lens Views 384
Setting the Lens Table Reporting Period 386
Setting the Default Units for Displaying Corvil Lens Latency Results 388
Lens Live View 389
Viewing Latency Histogram Charts 390
Exporting Session Results 393
Navigating to Inspect Data and Event Inspection 394
Lens Errors and Measurement Warnings 396
Lens Alerting 398
© 2023 Pico Quantitative Trading LLC. All rights reserved 366 .
What is Corvil Lens
Corvil Lens provides real-time and historical summaries of network and application activity and
performance, presenting a concise tabular view of key metrics.
NOTE: Corvil Lens requires a separate license.
Lens uses the fact that Corvil tags data during the Discovery process. This means that related sessions
can be grouped together in different ways making it easier to view results in the most meaningful way. So,
for example, sessions might be grouped by application, by business unit, or by geographical region.
You can see key measurements and alerts for whole groups - and the sessions within those groups - at a
glance, and you can switch between views of the same data by choosing different groupings.
This enables you to manage and view large amounts of data at a glance, and helps you to identify
commonalities and outliers in large data sets.
NOTE: Access to Corvil Lens results may be restricted depending on configured Corvil login
privileges.
For example, Lens may only contain results for sessions which a user has the required privileges and
click-through access to Inspect Data may be restricted.
For more information on Corvil role-based access control, refer to the topic Role-based Access
Control for Restricted Users in the Corvil Administration Guide.
© 2023 Pico Quantitative Trading LLC. All rights reserved 367 .
Viewing Lens
Click Lens to open the Lens sessions table. Lens displays the list of all sessions that are being monitored
(both via Discovery and those manually defined).
NOTE: It may take up to 20 seconds for a new monitored session to be displayed in the Lens table.
Initially, each row represents one session (either identified by Discovery or manually defined). Each row
displays the session name and associated measurement.
NOTE: In general the Corvil Management Center Lens table is very similar to the CNE Lens table.
There are, however, a few main differences worth noting.
On Corvil Management Center a tooltip for each session indicates the CNE on which the session is
configured.
The configuration objects visible in the Lens table on Corvil Management Center are based on the
local Corvil Management Center configuration, not on collected data. For example, tag-types must be
defined in the Corvil Management Center configuration to be displayed in the Corvil Management
Center Lens table.
If a configurable statistic has a different definition on Corvil Management Center than on the CNE (for
example, the type or unit does not match), the Lens table displays the statistic as unavailable ('--') for
all sessions from a given CNE. Statistics that are not summarized on CNEs, but are part of the Corvil
Management Center configuration are displayed the same way.
Empty rows are created for all sessions which are defined in the Corvil Management Center
configuration for a given CNE but are not available in collected data. These rows are created for every
© 2023 Pico Quantitative Trading LLC. All rights reserved 368 .
reporting period, up to 20s after the session is defined in the Corvil Management Center CLI.
Lens Table Statistics
The following statistics are available to display in the Lens table.
Measurements available
Lens System
Description for both session Units
Statistic Statistic
directions?
The latency measurements for
the session during the chosen
reporting period.
Latency statistics show the
min, mean, max and percentile
values computed across all
messages in the entire time
period. The mean is not an
average of all 5-min means,
but the actual average of all
values in a given time range.
Latency latency Yes ns/us/ms/s
The percentile value is
configurable as part of the
packet protection target in the
service objective being applied
to the session. If none has
been configured, the system
defaults to the 99.9th
percentile. To add more
percentile values, see "Adding
Latency Measurement
Percentiles" on page 381.
© 2023 Pico Quantitative Trading LLC. All rights reserved 369 .
Measurements available
Lens System
Description for both session Units
Statistic Statistic
directions?
The measurements during the
chosen reporting period for a
user-defined statistic (for
example, Fills, Quotes,
Rejects). For more information
on defining configurable Configurable statistics are
statistics, refer to the section only available if they are
measure- Corvil Custom Metrics in the measured by at least one
count Corvil Configuration Guide. session. This takes the
reverse-direction into
user-
Configurable measure-min- account, so if for example all
defined or
statistic name mean-max Measure-min-mean-max sessions have the reverse-
ns/us/ms/s
measure-ratio statistics show the minimum, direction set to an empty
mean, and maximum values configurable-stats-map, Lens
measure-total computed across all messages table only displays the
in the entire time period. So, for request direction for each
example, the mean is not an statistic.
average of all 5-min means,
but the actual average of all
values in a given time range.
The count of accumulated
message- messages for the session(s)
Messages Yes no unit
count during the chosen reporting
period.
The measured microburst
peak bit rate based on the
packet-bitrate- user-defined timescale.
Microburst microburst- Yes kbps
user Microburst values are not
displayed in the aggregated
rows.
The measured microburst
peak message rate based on
the user-defined timescale.
message-rate-
Msg
microburst- Yes msgs/s
Microburst
user
Microburst values are not
displayed in the aggregated
rows.
The average bit rate measured
average-
Bitrate during the chosen reporting Yes kbps
bitrate
period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 370 .
Measurements available
Lens System
Description for both session Units
Statistic Statistic
directions?
Total bytes observed on the
Bytes byte-count session for the specified Yes KB
reporting period.
The per-packet latency
calculated by a simulation
expected-
based on the chosen class
EQ Delay queuing- Yes ns/us/ms/s
traffic. The calculation is made
latency
for every packet in the chosen
class measured by the system.
The expected packet loss due
to queue buffer overflow
calculated using a simulation
expected- based on the chosen class
EQ Loss Yes %
queuing-loss traffic. The expected packet
loss is presented as a
percentage of the total packets
measured by the system.
The count of accumulated
message- message sequence gaps for
Gaps Yes no unit
sequence-gap the session(s) during the
chosen reporting period.
The percentage of message
message- sequence gaps for the session
Gap % sequence- (s) with sequence decoding Yes %
gap-percent during the chosen reporting
period.
The message loss measured
Loss loss for the session (s) during the No no unit
chosen reporting period.
The message loss percentage
measured for the session (s)
Loss % loss-percent No %
during the chosen reporting
period.
packet-bitrate- The measured one-second
Microburst
microburst- peak bit rate microburst Yes kbps
(1s)
1sec values.
The measured peak bit rate
based on the timescale
packet-bitrate-
Microburst configured in the network
microburst- Yes kbps
(delay) service objective queuing
delay-target
targets for delay (for example,
500 ms).
© 2023 Pico Quantitative Trading LLC. All rights reserved 371 .
Measurements available
Lens System
Description for both session Units
Statistic Statistic
directions?
The measured peak message
message- bit rate based on the timescale
Msg. Bitrate bitrate- resolution configured in the
Yes kbps
Microburst microburst- network service objective for
user measuring microbursts (for
example, 50 ms)
message-
Msg. Bitrate The measured one-second
bitrate-
Microburst peak message bit rate Yes kbps
microburst-
(1s) microburst values.
1sec
The measured peak message
message-
Msg. Bitrate bit rate based on the timescale
bitrate-
Microburst configured in the service Yes kbps
microburst-
(delay) objective queuing targets for
delay-target
delay (for example, 500 ms).
Msg message-rate- The measured one-second
Microburst microburst- peak message rate microburst Yes msgs/s
(1s) 1sec values.
The measured peak message
Msg. message-rate- rate based on the timescale
Microburst microburst- configured in the service Yes msgs/s
(delay) delay-target objective queuing targets for
delay (for example, 500 ms)
The rate of messages (per
second) for the sessions(s)
Msg. Rate message-rate Yes msgs/s
during the chosen reporting
period.
The total number of packets
Packets packet-count Yes no unit
measured.
The measured peak packet
rate based on the timescale
packet-rate-
Pkt. resolution configured in the
microburst- Yes pkts/s
Microburst network service objective for
user
measuring microbursts (for
example, 50 ms).
Pkt. packet-rate- The measured one-second
Microburst microburst- peak packet rate microburst Yes pkts/s
(1s) 1sec values.
packet-rate- The measured peak packet
Pkt. microburst- rate based on the timescale
Microburst delay-target configured in the service Yes pkts/s
(delay) objective queuing targets for
delay (for example, 500 ms).
© 2023 Pico Quantitative Trading LLC. All rights reserved 372 .
Measurements available
Lens System
Description for both session Units
Statistic Statistic
directions?
The number of packets-per-
Pkt. Rate packet-rate second measured during the Yes pkts/s
chosen reporting period.
The rate of message sequence
message- numbers for the session(s)
Seq. Rate Yes seq/s
sequence-rate during the chosen reporting
period.
The count of accumulated
message-
message sequence numbers
Sequences sequence- Yes no unit
for the session(s) during the
count
chosen reporting period.
Displays the number of TCP
connections exited in a given
connections- class during the chosen
TCP Exited terminated reporting period. These are Yes no unit
defined by connections that
are exited due to FIN or RST
packets.
The total number of payload
bytes successfully delivered,
TCP Goodput goodput Yes kbps
minus any data that was lost or
re-transmitted.
Displays the number of TCP
connections that are ignored
connections- during the chosen reporting
TCP Ignored ignored period. This is defined as a Yes no unit
SYN packet that never
receives a SYN-ACK
response.
Displays the number of TCP
connections initiated on a
given class during the chosen
connections-
TCP Initiated reporting period. This is Yes no unit
started
defined as a count of
SYN/SYN-ACK/ACK
handshakes seen on the class.
The data received out of
sequence due to re-ordering or
out-of-
TCP OOS re-transmissions during the Yes no unit
sequence
selected reporting period as a
percentage of goodput.
© 2023 Pico Quantitative Trading LLC. All rights reserved 373 .
Measurements available
Lens System
Description for both session Units
Statistic Statistic
directions?
The number of out-of-
tcp-out-of-
sequence/retransmitted
TCP OOS % sequence- Yes %
packets detected during the
packet-count
chosen reporting period.
tcp-packet- The total number of TCP
TCP Pkt. count packets measured during the Yes no unit
Count
selected reporting period.
For the request direction ,
displays the measured round
trip time in milliseconds from
the appliance out to hosts at
the defined session destination
subnet-groups.
For the response direction ,
displays the measured round
trip time in milliseconds from
the appliance out to hosts at
tcp-roundtrip-
TCP RTT the defined session source Yes ns/us/ms/s
time
subnet-groups.
TCP RTT statistics show the
minimum, mean, and
maximum values computed
across all messages in the
entire time period. So, for
example, the mean is not an
average of all 5-min means,
but the actual average of all
values in a given time range.
Displays the number of TCP
connections refused by a
connections- server in a given class during
TCP Refused refused the chosen reporting period. Yes no unit
This is defined as a connection
which receives an RST in
response to a SYN.
The sum of the left/local (SYN-
connection- ACK - ACK) and right/remote
TCP Setup
setup- (SYN - SYN-ACK) TCP No ms
RTT
roundtrip-time connection setup roundtrip
times (in milliseconds).
© 2023 Pico Quantitative Trading LLC. All rights reserved 374 .
Measurements available
Lens System
Description for both session Units
Statistic Statistic
directions?
The total number of payload
TCP bytes successfully delivered
throughput Yes kbps
Throughput including TCP headers and re-
transmissions.
The total number of TCP
tcp-zero- packets with an advertised
TCP Zero
window- window size of zero measured Yes no unit
Window
packet-count during the selected reporting
period.
The maximum number of
tcp-max-
TCP Max. concurrent TCP connections
concurrent- Yes no unit
Concurrent during the selected reporting
connections
period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 375 .
Viewing Results By Group
You can rearrange the presentation of results by selecting up to five options from the Group drop-down
lists (for example, Region, Office, Client, Protocol).
The default set of groups are provided by the system. Corvil automatically applies tags to sessions based
on the session’s underlying configuration attributes:
l Src/Dst Subnet
l Custom-signature
l Configurable-stats-maps
l Service-objectives
l Classification Policy
l Parent Session
l Network and Message Filters
An administrator can also view, add, remove tags and tag-types. For more information on how to do this,
please refer to the topic "Managing Tagging" on page 329.
Select the appropriate groups and click Apply. The Lens table displays sessions in a hierarchy
constructed from tags belonging to tag-types as defined on the CLI.
Initially, the hierarchy is displayed collapsed. Only top level tags, or sessions, are displayed. The table
displays one row for each session associated with the top-level (first-chosen) tag-type. No other tags or
sessions are displayed.
Click the triangle beside a given level to open and close any tags to see the underlying sessions.
For example, the following screenshot shows a Lens table where VoIP signaling results are displayed
according to VoIP-Type (for example, Gatekeeper or Site) and then categorized by VoIP-Site (for
example, Frankfurt, Chicago) and Application (for example, VoIP control traffic).
© 2023 Pico Quantitative Trading LLC. All rights reserved 376 .
The VoIP-Type, VoIP-Site and Application names (for example Gatekeeper, London_DC, and VoIP-
Control) are either derived directly from the decoded wire data by Discovery or defined at the CLI using
tags. When groups are selected and applied, the Lens table indicates any sessions that have no tags
assigned.
The Name column in each row displays the tag name, indented according to the nesting level. The
#Sessions column indicates the number of sessions at each level. When a row represents a group
comprising multiple sessions, the displayed statistic values are aggregated across all of those sessions.
NOTE: All statistics except microburst and TCP Max. Concurrent are available in aggregated rows.
INCLUDING AND EXCLUDING SESSIONS FROM
AGGREGATED RESULTS
Specifying Sessions to Include or Exclude when Aggregating Results into Groups
Step 1
Click the triangle beside Group.
Define a filter by specifying the group (tag-type) and then which session tags to include or exclude. The
group filter does not offer the same range of options as the main Lens filters.
© 2023 Pico Quantitative Trading LLC. All rights reserved 377 .
Step 2
Click Apply.
When the filter is applied, only the results from the specified sessions contribute to the aggregated total at
the group level.
Session rows that no longer contribute to the group total are displayed in italics. Rolling over the session
name displays a tooltip indicating that the session's results are not being counted towards the group total.
RE-ORDERING LENS TABLE COLUMNS
You can re-order any of the columns, except the Name column.
NOTE: Min/mean/max statistics are displayed using separate min/mean/max/percentile columns.
These statistics always appear together and it is not possible to re-order them individually.
To re-order Lens table columns, click and drag the column heading to the required location in the table.
NOTE: Re-ordering columns preserves the current set of opened or closed tags.
SORTING LENS TABLE COLUMNS
Sorting is supported on all columns in both ascending and descending order. You can sort on any of the
following:
l Tag or session name
l Number of sessions
l Any statistic column except distributions (for example latency, TCP RTT)
Click in any column heading and select Sort Ascending or Sort Descending.
© 2023 Pico Quantitative Trading LLC. All rights reserved 378 .
The default ordering is by tag or session name.
The same column is used to sort all levels of the hierarchy. Rows with unavailable values in the sorting
column are sorted as if they had the smallest value. Rows with the same value of a sorting column are
sorted by name.
For example, sorting by microburst (which is not available for tags) sorts sessions by microburst and tags
by name, but sorting by number of sessions sorts tags by number of sessions and sessions by name.
© 2023 Pico Quantitative Trading LLC. All rights reserved 379 .
Adding and Hiding Lens Columns
Click any column heading and select Manage Columns.
Check the Select all check box to have all available statistics displayed in the Lens table.
Check the box beside a given measurement to display it, or clear the box to hide the measurement.
Typing characters in the search box filters the displayed list of statistics.
© 2023 Pico Quantitative Trading LLC. All rights reserved 380 .
Check the Show selected check box to see only the list of statistics you have currently selected.
When you have made your selection, click Apply.
Distribution statistics are displayed using separate min/mean/max/percentile columns. These statistics
always appear together and it is not possible to re-order them individually.
You can hide and re-order any of the other columns, except the Name column.
NOTE: Showing or hiding columns preserves the current set of opened or closed tags.
ADDING LATENCY MEASUREMENT PERCENTILES
Click the Latency (us) column.
Check the box beside a given percentile to display it, or clear the box to hide the measurement.
Percentiles always appear together and it is not possible to re-order them individually.
© 2023 Pico Quantitative Trading LLC. All rights reserved 381 .
Filtering Lens Results
Filtering is based only on tags, tag types and sessions.
Defining a Filter
Step 1
Click Filters. The number of currently applied filters is indicated on the button.
Step 2
Click Add Filter.
Step 3
Select a group (tag-type) or session from the first drop-down list.
Select a rule from the second drop-down list.
Depending on the rule selected, select a tag or session from the third drop-down list or enter text to be
matched. For example, you can filter on a partial session or tag name.
NOTE: Filters based on strings (for example, Contains, Does Not Contain) are case sensitive.
Step 4
Click Apply.
If you add subsequent filters, you first define whether the filter rules should be ANDed or ORed together.
Each filter row automatically excludes all sessions which do not have any tag from a tag-type specified in
the filter row (for example, "Venue is not NYSE" does not include any sessions without a Venue defined).
© 2023 Pico Quantitative Trading LLC. All rights reserved 382 .
In the example below, the Lens table is filtered on all sessions that contain the string BATS.
© 2023 Pico Quantitative Trading LLC. All rights reserved 383 .
Defining Lens Views
You can save the following settings in a Lens view:
l filters
l column used for sorting
l selection of tag types used for breakdown
l selection and order of columns
It is not possible to save a session view unless the breakdown by tag-types and filters match what is
displayed in the Lens table.
Lens views are identified by a view name. Views support renames of tags and tag-types (used in filters and
hierarchy definition) and configurable statistics, but changes are reflected only when the view is reloaded.
If there are multiple configurable statistics with the same name, the view only picks up the rename if they
are all renamed. Otherwise, if there is at least one configurable statistic left, the view retains the original
name.
Defining a View
Step 1
Click Save View As.
Step 2
Enter a name for the view.
Step 3
Click Save.
The Default view is editable. For example you can re-order or remove columns, click beside Default to
save the new Default view.
© 2023 Pico Quantitative Trading LLC. All rights reserved 384 .
Alternatively, you can re-instate the original Default view at any time by clicking beside Default and then
clicking the reset button.
© 2023 Pico Quantitative Trading LLC. All rights reserved 385 .
Setting the Lens Table Reporting Period
Select one of the standard reporting periods:
Reporting Period Updates
Live View 10 seconds
Last 1 hour 5 minutes
Last 12 hours 5 minutes (disabled by default)
Last 24 hours 5 minutes
Last 48 hours 30 minutes
Last 7 days 1 hour
Last 30 days 3 hours
Last 60 days 6 hours
Business Day 5 minutes
Session summary data is updated at intervals listed in the table above.
NOTE: Sorting, filtering and selection of tag types remains unchanged after changing the reporting
period.
The screen automatically refreshes at the relevant update period to show updated summary values (if
available). In live mode the automatic screen refresh may be paused by clicking the pause button.
NOTE: Reporting periods can be defined, displayed or suppressed using the CLI. For more
information on defining, enabling and suppressing reporting periods, refer to the section "Configuring
UI Reporting Periods" on page 338.
When a given reporting period is selected, all information displayed on the screen is updated to only
include data relevant to that period.
On Corvil Management Center, if a user-defined period is requested, the summary data displayed
comes from collected reporting period summaries of managed CNEs. Sessions and sessions from
monitor-only CNEs are not displayed in Corvil Lens.
Corvil Management Center collects the reporting period summary data, and after a reporting period is
applied, Corvil Management Center shows only data related to the selected user-defined period.
The data displayed, including alert timestamps, is always presented according to the time zone
configuration of the selected period. The "Last updated at" time is also displayed according to the time
© 2023 Pico Quantitative Trading LLC. All rights reserved 386 .
zone setting of the current reporting period selection.
When a user-defined reporting period on Corvil Management Center does not exist on a particular
managed CNE, the row is highlighted in red, with a warning indicating that the reporting period is not
defined on the CNE.
On a Corvil Management Center user-defined reporting periods are not supported on managed CNEs
running an earlier Corvil version.
© 2023 Pico Quantitative Trading LLC. All rights reserved 387 .
Setting the Default Units for Displaying
Corvil Lens Latency Results
By default, Corvil Lens displays time-based results (for example, latency, TCP RTT) in units of
milliseconds.
To change the default units, use the system-setting latency-display-unit command:
system-setting latency-display-unit {microseconds | milliseconds |
nanoseconds}
Refresh the UI screen to see the updated units.
The setting does not apply to results exported from the Corvil Lens in CSV format.
NOTE: The default time units set using the system-setting latency-display-unit
command are also used in management reports.
© 2023 Pico Quantitative Trading LLC. All rights reserved 388 .
Lens Live View
Select Live View as the reporting period to view Lens results that are updated every 10 seconds.
In Live View, use the history size options (default 5 minutes) to choose the age of the data set from which
the displayed live values are taken. The chosen setting specifies the duration of the sliding window used to
calculate the historical values displayed. For example, if you select a history size of one minute, then each
value displayed in the table is taken from the last one minute of history of aggregated values on the
system.
NOTE: The values displayed in Lens live mode for certain statistics (for example, TCP goodput) are
different from those displayed in a corresponding live Dashboard widget. For example, a live
Dashboard time series graph show results based on 10-second intervals versus a 10-minute average
value in the default Lens live mode.
The 10-second automatic screen refresh may be paused by clicking the pause button . Click the
same button again to enable the automatic screen refresh.
© 2023 Pico Quantitative Trading LLC. All rights reserved 389 .
Viewing Latency Histogram Charts
To view the histogram of latency measurements for a given session or tag, select the session or tag and
click
Histogram charts are available in live and historical modes.
The horizontal axis represents the latency of each message. The vertical axis represents the percentage
of messages that fall within a specific range of latency values.
The histogram chart is always displayed using 100 vertical bars of equal pixel width. Rolling over each bar
displays a tooltip indicating the range of values represented by that bar.
Click or to hide the histogram charts.
The histogram panel can be resized vertically by dragging the separator between the Lens table and the
histogram.
Clicking on any cell in any Lens table row displays the histogram for that session or tag.
© 2023 Pico Quantitative Trading LLC. All rights reserved 390 .
The total number of sessions included in the histogram (this is 1 for sessions and >=1 for tags) and the
total number of messages in the distribution is displayed (or packets, for packet-based sessions, or
"packets/messages" for tags with both message-based and packet-based sessions).
NOTE: The sessions included in the histogram reflect the configured Corvil login privileges and any
Lens filters that are currently applied.
CUMULATIVE DISTRIBUTIONS
By default, the height of each bar in the histogram is proportional to the number of messages in the
latency range covered by the width of the bar.
Click Cumulative to switch the histogram from cumulative mode, where the height of each bar is
proportional to the number of messages with latency less than or equal to the values covered by the bar.
ZOOM CONTROLS
Latency spikes and outliers can make it difficult to see all the details of the histogram chart at once.
© 2023 Pico Quantitative Trading LLC. All rights reserved 391 .
Both histogram and cumulative mode provide a horizontal and vertical zoom to enlarge the selected area
of the chart.
To zoom horizontally, click and drag across the chart.
To zoom vertically, click and drag across the chart while holding down the Ctrl key.
The vertical zoom enables you to select an arbitrary vertical range of values (unlike horizontal zoom,
where the x-axis always starts at zero).
Horizontal and vertical zooming may be combined.
Zoom settings are preserved as you click on other tags or sessions in the Lens table.
To reset any zooming and return to the original chart display, click Reset zoom.
The overall min/mean/max values shown above the histogram chart always show values based on the
unrestricted histogram.
© 2023 Pico Quantitative Trading LLC. All rights reserved 392 .
Exporting Session Results
To export session results in CSV format , click one of the following options, as required:
Export – Visible to export a CSV file with results for the sessions and aggregated groupings as currently
displayed in the Lens table.
Export – Expand All to export a CSV file with results for all sessions and aggregated groupings.
A browser dialog box is displayed.
The session information is saved to the browser's default download location.
NOTE: Latency values are exported without escaping or quoting.
© 2023 Pico Quantitative Trading LLC. All rights reserved 393 .
Navigating to Inspect Data and Event
Inspection
Click a session name and select Inspect Data to switch to network data information for the selected
session.
The selected Lens time period is retained when you switch to Inspect Data.
Click Event Inspection on the left-hand panel to launch Event Inspection for that session.
You can also click on a timestamp in an Inspect Data message table to launch Event Inspection.
Event Inspection displays the message table for the primary direction of the session, starting with the
message selected in the Inspect Data screen.
© 2023 Pico Quantitative Trading LLC. All rights reserved 394 .
If you have selected the Live view, then Event Inspection displays the same time period currently selected
for the Lens table with the History Size setting. For example, if the History is set to one minute, then
Event Inspection displays the same one minute of data extending up to the Last updated time indicated
at the top of the Lens table screen.
NOTE: If a session defined for a session is present in the Corvil Management Center configuration but
not in the CNE configuration (for example, because the CNE is out of sync with Corvil Management
Center), Event Inspection displays an error.
NOTE: Access to Event Inspection may be restricted depending on configured Corvil login privileges.
For more information on login privileges, refer to the section Role-based Access Control for Restricted
Users in the Corvil Administration Guide.
© 2023 Pico Quantitative Trading LLC. All rights reserved 395 .
Lens Errors and Measurement Warnings
Lens employs a system of highlighting and tooltips to indicate and describe issues with session data.
ERRORS
System and measurement errors are indicated by the session or group name being highlighted in red text.
When you roll over the session or group name a red tooltip provides information about the error.
The following conditions are indicated at row level; the entire row is highlighted and a tooltip with an error
message is available on the Name column:
l Session rows:
l (Corvil Management Center only) CNE <name> uncontactable.
l (Corvil Management Center only) Authentication failed on CNE <name>.
l (Corvil Management Center only) Unsupported CNE version on CNE <name>.
l (Corvil Management Center only) Missing license on CNE <name>.
MEASUREMENT WARNINGS
Warnings about the status of measurements are indicated by the session or group row being highlighted
in yellow. When you roll over the session or group name a tooltip provides information about the warning.
If you are using release 9.4.3 or later, you can hide the measurement warnings on the Lens screen by
clicking on the Warnings toggle button . This will turn off the yellow highlighting but the warning
tooltip information will still be visible when rolling over the session or group. Any errors or alerts on these
rows will retain their red text and highlighting.
Measurements may not be available and this is also indicated in tooltips on an individual Lens table cell:
l Session row cells:
l (Corvil Management Center only) Data from CNE <name> is stale. Displayed if collected
data is too old (occurs if collection cannot keep up or if it is experiencing failures for a longer
period)
l (CNE and Corvil Management Center) Session data not available yet.
© 2023 Pico Quantitative Trading LLC. All rights reserved 396 .
l (CNE and Corvil Management Center) Configurable statistic is not available for this ses-
sion. Occurs when configurable statistic is not configured for the session. (on Corvil Man-
agement Center this uses the local session object)
l (CNE and Corvil Management Center) Configurable statistic not available yet. On the
CNE: occurs if you add a new configurable statistic and opens the Lens table before the stat-
istic is summarized. On Corvil Management Center: occurs when you add a new con-
figurable statistic on Corvil Management Center but do not push the configuration, or if you
push the configuration and summarization or collection has not yet run
l (CNE and Corvil Management Center) Non-configurable statistics display '--' without a tool-
tip or highlighting in cases when statistic is not configured in the underlying session or if
there are no measurements for a given statistic.
l Aggregated row cells:
l (CNE and Corvil Management Center) Statistic is not available in one or more sessions.
Enabled if at least one session contains a missing value ('--') or one of the messages spe-
cified above for Session row cells
l (CNE and Corvil Management Center) Data for one or more sessions might be incomplete
or stale
NOTE: Microburst results in aggregated rows are always displayed as unavailable ('--'), but without
any highlighting or tooltips.
The following example shows a newly configured Lens table row. The measurement warning and tooltip
indicate that no data has been collected and displayed yet for the session.
Measurements reported by Corvil may be degraded due to various factors affecting specific sessions (for
example, misconfiguration or decoding issues) or the system as a whole (for example, clock
synchronization or connectivity issues). Measurement warnings are displayed in the UI if issues are
detected by the system and if the relevant warning is enabled using the system-setting CLI
command.
If you are using release 9.4.3 or later, to view the warnings at a glance, ensure that the Warnings toggle
button is enabled (it is on by default). For more information, refer to "Corvil Measurement
Warnings" on page 794.
© 2023 Pico Quantitative Trading LLC. All rights reserved 397 .
Lens Alerting
By default, Corvil alerting operates based on threshold violations. Each sample which violates a defined
hard threshold results in an alert. You can also soften this behavior for certain measurements by defining
an event policy. The event policy specifies what percentage of samples in a given time scale must violate
the defined threshold before any alert is generated.
For example, if a latency measurement is highlighted in Lens, an End to End Latency Threshold Violated
alert has been raised by the system.
SNMP trap, syslog and e-mail notification of alerts are configured at a system-wide level.
For more information on configuring alert notification, refer to the topic Configuring Fault Notification in the
Corvil Administration Guide.
For more information on configuring event policies, refer to the topic Managing Alerting and Fault
Notification in the Corvil Administration Guide.
SETTING THE ALERT HISTORY
To select the duration of time for which alerts should be displayed in the Lens table, use the Show Alerts
for selector.
© 2023 Pico Quantitative Trading LLC. All rights reserved 398 .
For example, if a 24-hour view is selected, you can specify that alerts are indicated in the Lens table for
only 30 minutes.
CURRENT SESSION ALERTS
If a session row has had an alert during the alert history, as defined with Show Alerts for, and within the
last update period, as indicated beside the selected Reporting Period, the row and measurements
violating the configured threshold are highlighted.
© 2023 Pico Quantitative Trading LLC. All rights reserved 399 .
Lens table Row
Lens table Cell Value Last Event
Highlighting
Red background and red
Value violating the defined event Occurred within the reporting period text
threshold update period
For example, let's say the chosen reporting period is the last hour, alerts are set to be displayed for one
hour and an alert has been raised in the last five minutes.
The tooltip indicates
l the configured threshold that has been violated
l the amount of time during the reporting period that alerts have been active (this is displayed
only when the Reporting Period and Show Alerts for settings are the same)
l the time and value of the most recent threshold violation (which, as in the example above, may
be different from the maximum value highlighted)
In the Lens table Live View, if a session row has had an alert within the last ten seconds, the row and
measurements violating the configured threshold are highlighted.
Lens table Row
Lens table Cell Value Last Event
Highlighting
Red background and red text
Value violating the defined event Occurred within the last 10
threshold seconds
For example, if an alert has been raised in the last ten seconds, the tooltip indicates
l the configured threshold that has been violated
l the time and value of the most recent threshold violation (which, as in the example above, may
be different from the maximum value highlighted)
When the selected age of live data and Show Alerts for settings are the same, the tooltip also displays
the amount of time during the period that alerts have been active.
© 2023 Pico Quantitative Trading LLC. All rights reserved 400 .
RECENT SESSION ALERTS
If the session row has had an alert during the chosen alert history, but not during the last update period,
the row background is highlighted. The numbers presented are not highlighted, even if one or more
numbers violate a defined threshold.
Lens table Row
Lens table Cell Value Last Event
Highlighting
Occurred before the last reporting period
update Red background only
Value violated the defined event
threshold and
within the defined Alert history period
For example, let's say
l the chosen reporting period is one hour
l alerts are set to be displayed for 20 minutes and
l an alert has been raised during the last 20 minutes but not in the last five minutes
The tooltip indicates
l the configured threshold that has been violated
l the time and value of the most recent threshold violation (which, as in the example above, may
be different from the maximum value shown)
When the selected reporting period and Show Alerts for settings are the same, the tooltip also displays
the amount of time during the period that alerts have been active.
In the Lens table Live View, if a session row has had an alert between ten seconds and the alert history, as
defined with Show Alerts for, the row background is highlighted. The numbers presented are not
highlighted, even if one or more numbers violate a defined threshold.
Lens table Row
Lens table Cell Value Last Event
Highlighting
Occurred more than 10 seconds
ago
Red background only
Value violated the defined event
and
threshold
within the defined Alert history
period
© 2023 Pico Quantitative Trading LLC. All rights reserved 401 .
For example, if an alert has been raised in the last ten minutes but not in the last ten seconds, the tooltip
indicates
l the configured threshold that has been violated
l the time and value of the most recent threshold violation
When the selected age of live data and Show Alerts for settings are the same, the tooltip also displays
the amount of time during the History period that alerts have been active.
SESSION ALERTS COMBINED WITH MEASUREMENT
WARNINGS
Alert and measurement warnings may be displayed together in a session row.
When you roll over the session name the tooltip indicates
l the measurement warning(s)
l session events
l the statistic for which the alert was raised
l the time and value of the most recent threshold violation
l the configured threshold that has been violated
If the selected reporting period and Show Alerts for settings are the same, the tooltip also displays the
amount of time during the period that alerts were active.
If the session is part of a group, the group name is highlighted in yellow and the session row is marked
yellow also to indicate the measurement warning alongside the alert (if, in release 9.4.3 or later, the
Warnings toggle button is enabled).
For example, if a session is included in a group, the session has a measurement warning and an alert has
also been raised within the last update period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 402 .
Corvil Data Search
Data Search Overview 404
Performing a Search 407
Data Search Results 409
Indexing Message Fields - UI 414
Indexing Message Fields – CLI 415
Enabling and Disabling Data Search 417
Configuring the Data Search Capture Disk Quota 418
© 2023 Pico Quantitative Trading LLC. All rights reserved 403 .
Data Search Overview
Use Corvil data search to perform a quick search for data (network-level, packet-based and application-
level, message-based) captured by Corvil. Application-level search is based on indexed message fields.
For example, you can search for source or destination IP addresses, transaction IDs, URLs or customers.
Message searching is available from the Data Search screen.
NOTE: Access to search results may be restricted depending on configured Corvil login privileges.
For example, the overall list of sessions is filtered to show only those which the logged in user is
allowed to view and click-through access to Inspect Data may be restricted.
For more information on Corvil role-based access control, refer to the topic Role-based Access
Control for Restricted Users in the Corvil Administration Guide.
The packet-based search supports the following
IP Layer Matches Description
operate on the individual source and destination address fields in the IPv4
message.ip.src
message.ip.dst header; example: message.ip.src == 192.168.1.1 checks for a specific source
IP address.
an expression of form message.ip.addr <operator> <operand> is equivalent to
message.ip.addr the expression: (message.ip.src <operator> <operand> or message.ip.dst
<operator> <operand>).
TCP and UDP Port
Description
Matches
message.tcp.srcport
message.tcp.dstport
message.udp.srcport numeric value from the TCP or UDP header
message.udp.dstport
message.tcp.port same behavior as for message.ip.addr - expands to a logical OR of
message.udp.port relational operators on the individual src/dst fields
message.vport
numeric value of Corvil virtual port when appliance deployed with an
aggregation switch.
© 2023 Pico Quantitative Trading LLC. All rights reserved 404 .
Literal-value searches are supported, with quotes ("") necessary for search strings including spaces or
other special characters.
The list of characters that do not need escaping is:
l Letters
l Digits
l Underscore
l Hash
l Dollar
l Percent
l Ampersand
l Star
l Plus
l Comma
l Dot
l Slash
l Colon
l Semicolon
l question mark
l at
l closing square bracket
l caret
l backtick
l curly brackets
l tilde
Other characters are permitted via quoting.
The message-based search supports
l exact full string, case insensitive matching only (no substring or regular expression matching).
Leading and trailing spaces are ignored.
© 2023 Pico Quantitative Trading LLC. All rights reserved 405 .
l numeric (signed + unsigned), ASCII and binary indexed message fields
NOTE: For more information on how to check and edit the current set of indexed message fields, refer
to the sections
l "Indexing Message Fields - UI" on page 414
l "Indexing Message Fields – CLI" on page 415
Search for Protocol.Field == value or Field == value (literal search on field value across protocols) on
indexed fields only. Protocol.Field = Value and Field = value are permitted as aliases.
If a field is indexed for some protocols but not others, only the results from the former are returned.
You can combine valid expressions using AND, OR (literal AND protocol.field==value, literal OR literal and
so on). You can also use parentheses (x AND (y OR z)).
© 2023 Pico Quantitative Trading LLC. All rights reserved 406 .
Performing a Search
To perform a packet-based or message-based search from Data Search mode, select Data Search.
Select the reporting period of interest, enter the search term of interest in the search field and click
Search or press Enter.
When using Corvil Management Center, there is an indication of how many CNEs have been searched
and any associated errors (for example, if a particular CNE is not contactable at the time of the search.)
The following network-level example is a search for a specified source IP address seen during the last
hour.
In the following application-level example, the search is for a specific Client Order ID seen during the last
hour.
To cancel a search, click Stop while the search is progressing.
Click Rescan to run the search again.
© 2023 Pico Quantitative Trading LLC. All rights reserved 407 .
NOTE: For more information on search results, refer to the section "Data Search Results" on the facing
page
© 2023 Pico Quantitative Trading LLC. All rights reserved 408 .
Data Search Results
The widget above the results displays the selected timeline, the parts of the timeline with supporting
captured data (upper solid bar and timeline shading), and vertical bars indicating any matches.
In the preceding example, capture data is available for the whole selected one-hour period. The vertical
bars indicate that matches were found throughout the period.
Roll over a vertical bar on the widget to display details of matches for the search along the timeline.
Click and drag over an area of the widget to zoom in to the selected time period. The list of results is
automatically updated as you zoom in.
(Zoom in) shortens the current time period by half. For example, with a 1 hour time period displayed,
zooming in displays 30 minutes of data.
(Zoom out) doubles the current time period. For example, with a 1 hour time period displayed,
zooming out displays 2 hours of data.
Use the and buttons to move back and forth along the available timeline of results.
The following describes the information presented with search results:
Time
Displays the timestamp of the matched message.
CNE
When using Corvil Management Center, displays the name of the CNE from which results were retrieved.
Session
Displays the session containing the message. Click the link to switch to Inspect Data for a time period of
one minute starting with the matched message.
© 2023 Pico Quantitative Trading LLC. All rights reserved 409 .
NOTE: If a matched session does not have capture enabled (for example, no trace-events defined at
the CLI), it is displayed in the search results but there are no results available in the Event Inspection
screen.
Src Addr
Displays the source IP address associated with the message.
Dst Addr
Displays the destination IP address associated with the message.
Src Port
Displays the source port associated with the message.
Dst Port
Displays the destination port associated with the message.
Application
Displays the name of the custom application (and decoded protocol) for the matched message.
Message Type
Displays the matched message type.
<Indexed Field Name>
The other columns display the available indexed message fields as defined in the relevant custom
application. Text that matches the search string is highlighted.
The search results are cleared when you start a new search or when the user browser session expires.
If a message is matched to multiple sessions, this is indicated in the session column.
© 2023 Pico Quantitative Trading LLC. All rights reserved 410 .
Search results are ordered by ascending timestamp. Each of the columns is sortable. The sort is
persisted between browser refreshes. Click and drag to re-order columns. Results are limited to a
maximum of 1000 entries on both Corvil Management Center and the CNE.
If you have installed Corvil Actions in your CNE or Corvil Management Center, clicking on a session name
link in your search results may show addition options in the context menu, allowing you to perform an
Action. For example, if you have installed the Action VoIP / View Ladder Diagram, clicking on a VoIP
session name in the search results, shows the additional context option View Ladder Diagram or VoIP -
View Ladder Diagram (if you have installed other VoIP Actions). Refer to the Corvil Actions Guide for
information on currently available Actions.
On Corvil Management Center the results are displayed after all of the responses are received and
collated from each of the CNEs. Each CNE returns at most 1000 entries. Once the full result set from all
CNEs has been retrieved, they are merged and sorted by message timestamp, with only the 1000 oldest
displayed initially. If there are more than 1000 results available, a message on the screen indicates the
situation.
Corvil Management Center displays a warning at the top of the screen if:
l the CNE response timed out
l Corvil Management Center cannot connect to the CNE
l the application port has changed on the CNE
l global data search is disabled on the CNE
l trust is not established with the CNE
l the CNE has an unsupported version installed
l the CNE does not have full coverage for the selected time period
l the CNE does not have data for the selected time period
SWITCHING TO INSPECT DATA FROM THE SEARCH
RESULTS PAGE
Click the session name link to switch to the Inspect Data screen for a time period of one minute starting
with the selected message.
If there are multiple matching sessions, click the link to select a specific session.
© 2023 Pico Quantitative Trading LLC. All rights reserved 411 .
Clicking on a message timestamp in the messages table allows you to launch the Event Inspection
window.
© 2023 Pico Quantitative Trading LLC. All rights reserved 412 .
NOTE: If a matched session does not have capture enabled (for example, no trace-events
defined at the CLI), it is displayed in the search results but there are no results available in the Inspect
Data or Event Inspection screens.
For more information on enabling capture for a session, refer to the sections "Disabling and Re-
enabling Capture" on page 551 and the trace-events command for the CLI.
CONSTRUCTING AN EXTERNAL DATA SEARCH URL
You can construct externally generated URLs for Data Search. If you are not logged in, you are redirected
to a login screen and from there to the search results.
URLs should be of the form:
http://<host>/ui#/datasearch?query=<search-term>
<search-term>
Specify the term for which to search.
The search supports:
l exact full string, case insensitive matching only (no substring or regular expression matching).
Leading and trailing spaces are ignored.
l numeric (signed + unsigned), ASCII and binary indexed message fields
For example, to perform a data search for ABC-123 on the Corvil appliance named cne01, use:
http://cne01/ui#/datasearch?query=ABC-123
© 2023 Pico Quantitative Trading LLC. All rights reserved 413 .
Indexing Message Fields - UI
Check or Editing Which Message Fields are Indexed Using the UI
Step 1
In the UI select System Administration mode, and then select Applications.
Step 2
Select the relevant custom application, for example FIX, and click edit.
Step 3
The Indexed check boxes beside the message field names indicate which fields are currently indexed.
Step 4
To change the settings, check or uncheck the relevant check boxes as required and click Save.
NOTE: Up to a maximum of 20 message fields can be indexed per analytics plugin and up to 500 fields
can be indexed in total. If a single field appears in several custom applications of a plugin, it counts as
just one of the total 20 allowed for that plugin.
© 2023 Pico Quantitative Trading LLC. All rights reserved 414 .
Indexing Message Fields – CLI
To check which message fields are currently indexed using the CLI, use the show config custom-
application command.
In the following example, the custom-application named HTTP has the following message fields indexed:
l ClOrdID
l BusinessRejectRefID
host(config)$ show config custom-application HTTP
custom-application match-any HTTP
! Managed by decoder: HTTP
precedence 400
message-decoder HTTP
capture-field Method
capture-field Request-URI
capture-field VirtRequestId
capture-field Host
capture-field Status-Code
capture-field Reason-Phrase
capture-field Server
capture-field ExtraHeaderFields
capture-field Referer
capture-field User-Agent
capture-field-pattern *
.
.
.
host(config)$
To index an analytics plug-in message field, define or edit a custom-application and use the capture-
field <message-field-name> indexed command.
capture-field <message-field-name> indexed
message-field-name
Specify the name of the message field to be added to the packet capture.
indexed
Configure capture file indexing for the specified message field.
© 2023 Pico Quantitative Trading LLC. All rights reserved 415 .
Specifying the indexed parameter enables enhanced searches for exact values of specified message
fields.
The indexing supports
l exact full string case insensitive matching only (no substring or regular expression matching).
Leading and trailing spaces are ignored.
l numeric (signed + unsigned), ASCII and binary fields
NOTE: Up to a maximum of 20 message fields can be indexed per analytics plugin and up to 500 fields
can be indexed in total for a custom application. If a single field appears in several custom applications
of a plugin, it counts as just one of the total 20 allowed for that plugin.
© 2023 Pico Quantitative Trading LLC. All rights reserved 416 .
Enabling and Disabling Data Search
The data search feature is enabled by default. To check the current setting use show system-
settings | include global-data-search.
To disable the global data search feature, use:
no system-setting global-data-search
Historical search results are not deleted if the global data search feature is disabled. No new indexing
takes place while the feature is disabled and the feature is unavailable in the UI.
To re-enable global data search, use:
system-setting global-data-search enabled
When using Corvil Management Center, to inherit the global data search setting for a specified CNE from
that configured on Corvil Management Center, use:
system-setting global-data-search use-global
Changing these settings does not require a system restart. The settings do not persist through a clear
config operation.
© 2023 Pico Quantitative Trading LLC. All rights reserved 417 .
Configuring the Data Search Capture Disk
Quota
The data search index shares the CNE capture storage volume. To configure the capture disk quota for
the data search feature, use
system-setting global-data-search-capture-quota percent <1 - 90> | default
The capture quota setting represents the percentage of the existing capture-settings event-
trace-quota percent value that is reserved for the data search feature.
To check the current setting use show system-settings | include global-data-search.
For example, if the following settings are configured:
capture-settings event-trace-quota percent 50
and
system-setting global-data-search-capture-quota percent 50
then 25% of the overall capture disk volume is reserved for data search.
The default value for the data search capture disk quota is 10% and the default capture-settings
event-trace-quota value is between 75% and 99% depending on the platform and configuration
mode (see "Setting Disk Space Quota for Capture Files" on page 555. For example, if using the default
value of 90% on a CNE-9000 ( Full Analytics mode), 9% of the overall capture disk volume is reserved for
the data search feature by default.
When using the Corvil Management Center to manage CNE configurations, you can configure different
settings for each CNE within the site -> cne context. By default the per-CNE setting is:
system-setting global-data-search-capture-quota use-global
which means that the CNE will use the top-level CMC system setting value.
Changing these settings does not require a system restart. The settings do not persist through a clear
config operation.
© 2023 Pico Quantitative Trading LLC. All rights reserved 418 .
CHECKING THE DATA SEARCH CAPTURE QUOTA
AND AMOUNT OF CAPTURED DATA
Use the show event-storage command to check the current quota setting and the amount of data
captured by the data search feature. In the following example, the current capture disk quota setting for
data search is 10% (the default):
host(config)$ show event-storage
Total : 465.5G
Reserved for system use : 46.5G 10.0% of overall disk
Manual capture quota : 41.8G 9.0% of overall disk
Configured Event Capture quota ( 90%): 377.0G 81.0% of overall disk
Configured Global Data Search quota ( 10%) : 37.7G ( 8.1% of overall
disk)
Remaining of the quota for session captures: 339.3G ( 72.9% of overall
disk)
When capture disk full, delete history older than: 365 days (unless session
has explicit quota)
Currently in use by Event Captures & Global Data Search: 361.8G ( 96.0%
of the quota)
Reserved: | Used: |
Min% | Cur% | Size | Size | Length | Rate/day| Session
-------+-------+--------+--------+--------+---------+-----------
10.00%| 10.00%| 37.7G| 94.3G| 21h29m| 105.3G| global-data-search
0.00%| 0.11%| 434.3M| 1.0G| 3h7m| 8.1G| local-cne[any] ->
[subnet-group001] session001-ab
0.00%| 0.11%| 434.3M| 1.0G| 3h7m| 8.1G| local-cne[any] <-
[subnet-group001] session001-ab
0.00%| 0.11%| 434.3M| 1.0G| 3h12m| 8.0G| local-cne[any] ->
[subnet-group001] session001-ba
.
.
.
host(config)$
© 2023 Pico Quantitative Trading LLC. All rights reserved 419 .
Analyzing Corvil Data
Using Inspect Data 421
Using Event Inspection 455
Legacy Corvil Screens 507
Corvil Multihop Analysis 534
Packet Capture Data Settings 551
PCAP Export Using the UI 562
PCAP Export Using the CLI 574
PCAP Analysis 592
Using Stored Data Analysis 600
Working with Manual Packet Captures 634
Volume Based PCAP Indexing 644
© 2023 Pico Quantitative Trading LLC. All rights reserved 420 .
Using Inspect Data
Corvil enables you to detect, record, analyze, and report on network and application events in the
monitored network. The Inspect Data screen is the part of Corvil that lets you drill-down and troubleshoot
problems at the network and application layer.
NOTE: Access to Inspect Data results and tools may be restricted depending on configured Corvil
login privileges.
For example, Inspect Data views may only contain results for sessions for which a user has the
required privileges, and click-through access to Inspect Data from other screens (for example Lens or
Data Search) may be restricted.
For more information on Corvil role-based access control, refer to the topic Role-based Access
Control for Restricted Users in the Corvil Analytics Administration Guide.
The default Corvil configuration employs always-on capture so that Inspect Data results are usually
available. This capture file provides Corvil with the detailed packet and decoded message data to support
detailed investigation using Inspect Data and Event Inspection.
NOTE: When using Inspect Data, blank widgets displaying "No data found" may be due to a lack of
packet capture availability for the selected time period or it can be due to older data being deleted
when the corresponding session has reached its quota. Enabling capture for a given session involves
using the trace-events always-on CLI command from the relevant session CLI configuration
context.
You can also configure event-triggered capture. In this case, when an event has been detected, a capture
file for the interval during which the event occurred is automatically logged to disk. The capture covers the
period of time over which the event was detected with an additional 10 seconds before and after the
event. In order to provide this feature a rolling, historical capture is provided for each session.
The default capture mode for a user-created session is event capture with the global-trace-events
snaplength setting (58 bytes by default, to allow the triggered packet captures to contain useful data such
as TCP headers). You can use the trace-events command to enable always-on capture and configure
the snaplength per session.
NOTE: If you use a zero snaplength, PCAP exports from the CNE may include some synthetic header
field values to enable the analyzer software to process the files. For information on the rules used to
generate complete exported capture files, indicating which values seen in network analyzer software
is actual data seen on the wire, and which values are generated by the system, refer to "Exporting
Always-On, Event and Manual Captures Using the CLI" on page 641.
© 2023 Pico Quantitative Trading LLC. All rights reserved 421 .
You can also log on to a CNE and define and start manual capture sessions. The capture file created in
this case is also made available for Inspect Data and Event Inspection.
Corvil Inspect Data provides access to all of the packet and message data decoded captured and stored
by Corvil.
Inspect Data provides application-level dashboards displaying information for a selected session and time
period. Inspect Data dashboards support per-session dashboards that use different widgets to display
results. The Inspect Data screen supports the following widget types:
l Time-series
l TopN table
l Message/Packet table
l Notes
l Action
NOTE: From Corvil Analytics release 9.7.0, the message table has been replaced by a
message/packet table allowing you to view detailed packet data in tabular form on Inspect Data. The
table will allow you to toggle between a Messages and Packets view for your session, if the session is
configured to measure messages with packets (measure-messages include-non-message-
packets). If measure-messages is not configured, the table will show packet information only. If
preferred, you can still use Event Inspection to drilldown further into the messages and packets.
For more information about configuring Inspect Data dashboards, please refer to the topic "Creating and
Editing Corvil Dashboards" on page 92.
© 2023 Pico Quantitative Trading LLC. All rights reserved 422 .
Note that IP addresses in Inspect Data widgets might be displayed without the host names. Refer to the
section "IP Host Resolution" on page 350 for information on how to also display host names.
You can analyze the results at message and packet level in the Inspect Data dashboard (see "Viewing
Message and Packet Table Results in Inspect Data Dashboards" on page 443), and if more detailed
information is required, you can drill in to Corvil Event Inspection to analyze and troubleshoot events of
interest in full context with all pre-configured Corvil graphs and charts available.
You can apply traffic, message and metric filters to the displayed results in Inspect Data and the filtered
results are preserved when navigating to Event Inspection. When navigating to Inspect Data from a
Dashboard View, existing metric filters from the Dashboard View are preserved in the Inspect Data
dashboard.
There are also tools for both packet capture export and analyzing imported packet capture files (PCAP
Analysis and Stored Data Analysis).
Inspect Data also allows you to launch Actions for relevant messages on the Message/Packet table. If
installed, the Actions are available in the contextual drop-down menu when you click on a message or
packet field for which an Action can be performed. You can also add some Actions as a widget to an
Inspect Data dashboard. Refer to the Corvil Actions Guide for information on currently available Actions.
FAST AND FULL SCAN IN INSPECT DATA
All decoded data in the Inspect Data dashboard is summarized on a per-session basis and depending on
the amount of capture data that needs to be analyzed, it may take several minutes for all the results to be
displayed on the dashboard. To make the analyzed data available more quickly, a fast scan is performed
allowing you to preview certain statistics while waiting for the dashboard to fully load. The fast scan only
occurs under certain conditions and depends on the statistics you have configured on your widgets and
whether traffic filters are configured on the dashboard or not. For example, you must have at least one
time-series chart configured on an unfiltered dashboard. For a filtered dashboard, you must have at least
one time-series chart or topn widget configured.
In releases earlier than 9.7.0, only an unfiltered fast scan can be performed. From release 9.7.0, the fast
scan can be filtered or unfiltered.
Unfiltered Fast scan – This preview phase occurs if the selected time period is greater than or equal to 1
minute and traffic filters are not configured on the dashboard. The FAST SCAN progress message with
percentage completion flashes at the top of the dashboard during the scan. Results are displayed down to
100 millisecond granularity.
The following statistics are available by the end of the unfiltered fast scan preview phase and you can
begin analysis without waiting for the full scan to complete:
l PNQM: latency
l PNQM: loss-percent
l EQ: expected-queuing-delay
l EQ: expected-queuing-loss
© 2023 Pico Quantitative Trading LLC. All rights reserved 423 .
l Packet: packet-bitrate
l Packet: packet-rate
l Packet: packet-count
l Packet: packet-bytes
l TCP: tcp-roundtrip-time
l TCP: tcp-packet-count
l TCP: tcp-out-of-sequence-packet-count
l TCP: tcp-retransmitted-oos-percent
l Message: message-count
l Message: message-rate
l Message: message-sequence-gap-percent
l Message: message-sequence-gap
l Message: message-sequence-rate
l Message: message-sequence-count
l Microburst: packet-bitrate-microburst-1s
l Microburst: packet-bitrate-microburst
l Microburst: packet-bitrate-microburst-delay-target
l Microburst: packet-rate-microburst-1s
l Microburst: packet-rate-microburst
l Microburst: packet-rate-microburst-delay-target
l Microburst: message-bitrate-microburst-1s
l Microburst: message-bitrate-microburst
l Microburst: message-bitrate-microburst-delay-target
Filtered Fast scan – Only available from Corvil Analytics 9.7.0, this preview phase occurs if the selected
time period is greater than or equal to 5 seconds and if traffic filters are configured on the dashboard (see
note). This scan is skipped if a comparison time period is selected on the dashboard. The analysis is
performed on flow index data, therefore to use this feature you must enable the flow index using the CLI
command system-setting global-data-search enabled with-flow-index. The
FAST SCAN progress message with percentage completion flashes at the top of the dashboard during
the scan. Results are displayed down to 1 second granularity.
© 2023 Pico Quantitative Trading LLC. All rights reserved 424 .
NOTE: The fast scan is not performed if any of the following traffic filters are configured - Outer VLAN
and VXLAN VNI. If these filters are used, a full scan is performed instead. See "Filtering Inspect Data
Results" on page 428
The following statistics are available by the end of the filtered fast scan preview phase, and you can begin
analysis without waiting for the full scan to complete:
l Packet: packet-bitrate
l Packet: packet-rate
l Packet: packet-count
l Packet: packet-bytes
l TCP: tcp-roundtrip-time
l TCP: tcp-zero-window-packet-count
l TCP: tcp-packet-count
l TCP: tcp-out-of-sequence-packet-count
l Message: message-count
l Message: message-rate
l top-applications*
l top-conversations*
l top-listeners*
l top-talkers*
* topn statistics are supported from Corvil Analytics 9.7.1
NOTE: If results for more than 10% of the packets in your flow data are unreliable (for example,
because multiple VLAN ID values were seen within single flow records when filtering by VLAN ID), the
filtered fast pass may contain inaccurate results and hence the scan will be skipped. You will see an
on-screen warning detailing the reason for skipping the scan.
Full Scan - The full scan starts immediately after the fast scan has completed but you can still view fast
scan updated charts for any of the above statistics are displayed while waiting for the final results to load.
The FULL SCAN progress message with percentage completion flashes at the top of the dashboard
during the scan. Results are shown down to 1 nanosecond (or per-packet) granularity.
All other statistics are available by the end of the full scan, including throughput and additional top-n
statistics.
© 2023 Pico Quantitative Trading LLC. All rights reserved 425 .
If you have included a message/packet table on your dashboard, the first page will load quickly (results
may even be displayed before the fast scan has completed), and will be fully updated by the end of the full
scan.
Once fast or full scan results are available, if you require more detailed analysis, you can also drill in to
Event Inspection to analyze events of interest in full context with pre-configured Corvil graphs and
charts.
SELECTING A TIME PERIOD ON INSPECT DATA UI
One of the preset time periods can be selected.
Or you can define a custom period by specifying a set of dates and times, up to a maximum time range of
70 days (for 9.6.x or later releases).
You can also compare results for different selected time periods.
© 2023 Pico Quantitative Trading LLC. All rights reserved 426 .
Click Compare to list the options and then select one. Widgets that support time period comparisons (for
example, time series charts) are updated to show the two selected time periods.
NOTE: In releases earlier than 9.6.0:
On Corvil Management Center, if you have more than 300 sessions on a dashboard, Compare mode,
Custom period and Recent Periods are unavailable.
On CNEs, if you have more than 300 sessions on a dashboard, custom periods and business hours
are not supported if the reporting period is greater than 7 days.
On CMCs running 9.6.x or later releases, when viewing data that was captured on CNEs running 9.5.x
or earlier, custom periods can only be used on dashboards that contain less than 300 sessions. This
also applies if any of the managed or monitored CNEs in the CMC configuration are running 9.5.x or
earlier releases.
You can also change the time zone of the display by clicking on the current time zone (UTC in the above
example) and selecting a new time zone from the Select a System Time Zone menu. You can also
change the time zone directly from the timestamp at the top of the Inspect Data screen.
It's also possible to click and drag across the displayed graphs to zoom in on a selected event or
timescale.
The other information on the dashboard updates automatically to reflect the new time period.
Inspect Data charts and tables can also be displayed full-screen.
Zooming in to shorter timescales is also available for full-screen charts.
SELECTING AND SWITCHING SESSIONS ON
INSPECT DATA
The Inspect Data charts and tables display information on a per-session basis. You can search for and
switch to a different session of interest at any time using the session dropdown menu or if you have Corvil
Analytics 9.7.x installed, you can select a session from the lefthand navigation panel.
© 2023 Pico Quantitative Trading LLC. All rights reserved 427 .
From the session dropdown menu on the dashboard, you can enter a search string or scroll down through
the full list of sessions (online and offline sessions are displayed) and select the required session.
From the lefthand navigation panel, switch to the SESSIONS panel and enter a search string (minimum of
3 characters must be entered to get a search result). Note that the session list has a sites-CNEs-sessions
tree structure (so when viewing Inspect Data results from a CMC, you can quickly select a session for a
particular CNE) which is collapsed down to site level by default. After a search, expand the site and CNE
levels to see the returned list of sessions. Fifty sessions are shown at a time, depending on how many
sessions are returned. Click More Sessions to expand the list.
The sessions listed are restricted to the RBAC users access level. Also, sessions may be automatically
hidden if filters are applied through dashboard config XML and the filter does not match these sessions.
You can display all the hidden sessions by selecting the Show all sessions checkbox.
When you select a session from the panel, the Inspect Data dashboard updates, with results filtered for
that session (although displayed results are affected by any data filters configured for the dashboard).
Alternatively, you can open the filtered Inspect Data dashboard in a new browser tab by clicking the icon
next to the session name. This allows you to compare analytics data for two different sessions for the
same time period.
Note that once a session is selected, the selected session persists across all Inspect Data dashboards
only (in the same browser tab). If you selected the filtered dashboard to open in a new browser tab, the
session persists on all Inspect Data dashboards in that tab only.
INSPECT DATA TOOLS
Inspect Data provides access to Corvil's packet capture export tool, PCAP Export.
In addition, you can access PCAP Analysis or Stored Data Analysis, where PCAP files from external
sources can be imported to Corvil and processed to produce Corvil results for review.
For more information about using PCAP Export, PCAP Analysis and Stored Data Analysis, please refer to
the following topics:
l "PCAP Export Using the UI" on page 562
l "PCAP Analysis" on page 592
l "Using Stored Data Analysis" on page 600
FILTERING INSPECT DATA RESULTS
You can filter the information displayed on the Inspect Data screen.
© 2023 Pico Quantitative Trading LLC. All rights reserved 428 .
You can filter Inspect Data results by
l defining and applying a traffic filter for layer 4, layer 3 and layer 2 – a set of traffic classification
rules similar to an access control list (ACL).
l defining and applying a message filter – a set of message classification rules.
l defining and applying a metric filter – configuring loss and delay thresholds to apply to PNQM,
EQ and TCP RTT results, or applying filters from configurable stats.
NOTE: Where a CMC is monitoring CNEs that have a different configuration, in order to apply
message filters and custom application filters in Inspect Data, the analytics plugins and custom
application names must also be defined on the CMC.
The filters are applied to all the Inspect Data dashboards but can be disabled if you wish to view a
dashboard without filtering. If enabled, the applied filters are preserved when navigating to Event
Inspection.
NOTE: Where the Inspect Data dashboard contains a message/packet table showing message and
packet views for a session, the filters selected apply to both views.
To view, define or edit filters, click the Inspect Data Filter button. The text on this button is NO FILTERS
SET or FILTERS APPLIED depending on whether filters have already been configured on the Inspect
Data dashboard. If navigating to Inspect Data from a Dashboard View with existing metric filters, these
filters are preserved on the Inspect Data screen and the filter button text reflects the applied filter (if a
single metric filter has been applied).
For an Inspect Data dashboard with no filters applied, the Inspect Data Filter popup window will display
as follows:
© 2023 Pico Quantitative Trading LLC. All rights reserved 429 .
Defining and Applying Traffic Filters to Inspect Data Results
You can filter Inspect Data results by defining and applying a set of traffic classification rules, similar to an
access control list (ACL).
The traffic filter window initially opens with a simple IP address and port traffic filter, as a quick set up
option, but an advanced traffic filter can also be applied.
Defining a Traffic Filter for Inspect Data
Step 1
Click the Inspect Data Filter button (click NO FILTERS SET or FILTERS APPLIED).
© 2023 Pico Quantitative Trading LLC. All rights reserved 430 .
Step 2
You can create a simple traffic filter for your Inspect Data results based on traffic to/from a specific IP
address and/or a port.
For IP Address, enter a single IP address. For Port you can enter a single port or a range of ports. In the
example below, data is displayed if it matches an IP source or destination address of 192.0.2.1, or if it
matches a source or destination port in the range 5100 to 5102.
Click APPLY to save the filter.
Step 3
To create a more advanced traffic filter, click ADVANCED.
NOTE: If you have already created a simple filter, the advanced filter popup box will display this filter.
Step 4
Click ADD to start configuring your filter options. The pop-up window below will display.
© 2023 Pico Quantitative Trading LLC. All rights reserved 431 .
Step 5
Set up the filter rules by entering values for the filter options that you require. Select IS if you want to filter
traffic that matches the entered values. Select IS NOT if you only want to show traffic that does not match
these values.
Source IP / Port / MAC
Specify a traffic source IP address with optional subnet, a source port number or a source MAC address.
If entering a port number, you can also enter a range of ports.
Destination IP / Port / MAC
Specify a traffic destination IP address with optional subnet, a destination port number or a destination
MAC address. If entering a port number, you can also enter a range of ports.
NOTE: MAC address filtering is supported from Corvil Analytics release 9.7.0.
For the MAC addresses, you can enter up to 17 characters. The allowed characters are:
a-f A-F 0-9 hyphen (-), colon (:) and white space ( )
IP Protocol
Select a protocol from the Protocol list.
Application
Select an application from the list of automatically recognized or custom-defined applications.
TOS
Select a TOS value from the list to identify traffic.
Inner /Outer VLAN ID (supported from Corvil Analytics release 9.7.0)
Specify an inner or outer VLAN ID in the range 0 to 4095.
© 2023 Pico Quantitative Trading LLC. All rights reserved 432 .
VXLAN VNI (supported from Corvil Analytics release 9.7.0)
Specify a VXLAN VNI in the range 0 to 16777215.
Each filter rule that you add is ANDed with the other filter rules, for example, you can choose to display
only TCP traffic data that has been sent from IP address 192.0.2.1 to IP address 192.0.2.6, by selecting
the options below:
NOTE: If using a CMC, the MAC address, VLAN ID and VXLAN filters can only be used if the session
they are being applied to is on a CNE installed with 9.7.x. If managing a CNE with an earlier release,
you will get an error message stating that the field is not supported on this CNE version, and the link to
Event Inspection will be disabled.
Step 6
When you have completed the definition of the traffic filter, click ADD to save the traffic filter and close the
traffic filter definition window.
The filter rules that will be applied are displayed in a filter lozenge in the filter box.
© 2023 Pico Quantitative Trading LLC. All rights reserved 433 .
Step 7
To edit the filter, click in the filter lozenge and select Edit.
To delete the traffic filter definition, click Delete. This removes the filter lozenge from the filter window.
Step 8
If you want to apply another traffic filter, click ADD to open the traffic filter window and enter your filter
options, then click ADD. The additional traffic filter will be displayed in the filter box. It will default to be
AND'ed with the first filter, that is, the data displayed on the Inspect Data screen must satisfy both
conditions. By clicking OR at the top of the window, data will display if it satisfies either condition.
© 2023 Pico Quantitative Trading LLC. All rights reserved 434 .
You can continue to add more traffic filters and select if the displayed traffic must match all the filters
(select AND) or match any of the filters (select OR).
Step 9
When you have finished adding your traffic filters, you can also apply message and metric filters, which will
be applied to the Inspect Data results, along with your traffic filters.
Step 10
When you have completed the definition of the traffic filter, click APPLY to save the filter. This closes the
filter pop-up window. The Inspect Data Filter button will now say FILTERS APPLIED.
When the new traffic filter is defined, it is automatically applied.
The Inspect Data results are now displayed with the filters applied to the traffic under investigation. So, for
example, you can use this feature to isolate particular known traffic within a class that you are analyzing.
To edit a saved traffic filter, click the Inspect Data Filter button (click FILTERS APPLIED), click on the
filter lozenge of interest in the traffic filter window and click Edit. Make the required changes to the filter
definition and then click APPLY.
To delete a traffic filter and all associated rules, open the filter popup panel, click on the relevant filter
lozenge and click Delete.
NOTE: For each traffic filter you define, the system automatically provides a filter for use with the
reverse direction of a bidirectional session.
Source addresses and ports defined for the primary direction become the destination addresses and
ports for the reverse direction filter. Likewise, primary direction destination addresses and ports
© 2023 Pico Quantitative Trading LLC. All rights reserved 435 .
become the reverse direction filter's source addresses and ports.
If you edit the filter for one direction, primary or reverse, the equivalent changes are automatically
updated for the filter defined for the other direction. For example, adding a new rule in the reverse
direction matching traffic on a particular destination port number, automatically adds a source port
match rule using the same number for the primary direction.
Defining and Applying Message Filters to Inspect Data
You can filter Inspect Data results by defining and applying a set of message classification rules.
Defining a Message Filter for Inspect Data
Step 1
Click the Inspect Data Filter button (click NO FILTERS SET or FILTERS APPLIED).
Step 2
Click ADD by the Message Filter field to start configuring your filter options. The popup window below will
display.
© 2023 Pico Quantitative Trading LLC. All rights reserved 436 .
Step 3
Set up the filter rules by entering values for the filter options that you require. Select IS if you want to filter
traffic with messages that match the entered values. Select IS NOT if you only want to show traffic with
messages that do not match these values.
Decoder
Select a decoder from the list of available analytics plug-ins, to only show traffic from a specific plugin.
Message Type
Select a message type from the list of available message types for the selected decoder.
Message Field
Select a message field from the list of available message fields for the selected decoder.
Value
Enter a message field value to match in the Message Field.
Regex
If you want the message field value to be matched using regular expressions, enable the REGEX toggle
switch.
Each filter rule that you add is ANDed with the other filter rules, for example, you can choose to only
display Reject messages from a FIX decoder with VirtHostname=Corvil.
© 2023 Pico Quantitative Trading LLC. All rights reserved 437 .
Step 4
When you have completed the definition of the message filter, click ADD to save the message filter. This
closes the message filter definition window.
NOTE: If a value isn't entered in the Value field, or if the configured filter is invalid, the ADD box will be
greyed out.
The filter rules that will be applied are displayed in a filter lozenge in the filter box.
Step 5
To edit the filter, click in the filter lozenge and select Edit.
To delete the message filter definition, click Delete. This removes the filter lozenge from the filter window.
© 2023 Pico Quantitative Trading LLC. All rights reserved 438 .
Step 6
If you want to apply another message filter, click ADD to open the message filter window and enter your
filter options, then click ADD. The additional message filter will be displayed in the filter box. It will default
to be AND'ed with the first filter, that is, the data displayed on the Inspect Data screen must satisfy both
conditions. By clicking OR at the top of the window, data will display if it satisfies either condition.
You can continue to add more message filters and select if the displayed traffic must match all the filters
(select AND) or match any of the filters (select OR).
Step 7
When you have finished adding your message filters, you can also apply traffic and metric filters, which will
be applied to the Inspect Data results, along with your message filters.
Step 8
When you have completed the definition of the message filter, click APPLY to save the filter. This closes
the filter pop-up window. The Inspect Data Filter button will now say FILTERS APPLIED.
When the new message filter is defined, it is automatically applied.
The Inspect Data results are now displayed with the filters applied to the traffic under investigation. So, for
example, you can use this feature to isolate particular known messages within a class that you are
analyzing.
To edit a saved message filter, click the Inspect Data Filter button (click FILTERS APPLIED), click on the
filter lozenge of interest in the message filter window and click Edit. Make the required changes to the
filter definition and then click APPLY.
To delete a message filter and all associated rules, open the filter popup panel, click on the relevant filter
lozenge and click Delete.
© 2023 Pico Quantitative Trading LLC. All rights reserved 439 .
Applying a Metric Filter to Inspect Data Results
Use a metric filter to display only results based on certain specified thresholds.
For example, to identify which conversations are affected when packet loss occurs, you can specify a
Latency and Loss metric filter.
NOTE: When navigating to Inspect Data from a Dashboard View, existing metric filters from the
Dashboard View are preserved. If required, these can be deleted and replaced as described below.
Latency
For the selected time period, only plot results for packets that experience latency greater than or equal to
that specified, less than or equal to that specified, between the specified range.
Loss
For the selected time period, only plot results for packets that experience packet loss.
EQ
For the selected time period, only plot results for packets that experience EQ delay greater than or equal
to the specified value.
EQ Loss
For the selected time period, only plot results for packets that experience EQ loss due to queue buffer
overflow. This is calculated using a simulation based on the chosen class traffic.
TCP Connection Setup RTT
For the selected time period, only plot results for packets that experience TCP Connection Setup RTT
greater than or equal to the specified value.
TCP Out of Sequence
For the selected time period, only plot results for packets that are out-of-sequence.
TCP Left/Right RTT
For the selected time period, only plot results for packets that experience TCP Left (Local) or Right
(Remote) RTT greater than or equal to the specified value.
TCP Zero Window Size
For the selected time period, only plot results for TCP packets with an advertised window size of zero.
Message Sequence Gaps
For the selected time period, only plot results for packets with sequence gaps.
Configurable Statistic (If you have defined configurable statistics, these will be listed as filter options)
© 2023 Pico Quantitative Trading LLC. All rights reserved 440 .
For the selected time period, only plot results for the specified configurable statistic.
Defining a Metric Filter for Inspect Data
Step 1
Click the Inspect Data Filter button (click NO FILTERS SET or FILTERS APPLIED).
Step 2
Click ADD in the Metric Filter field to configure your filter option. The popup window below will display.
Step 3
Select a statistic from the dropdown menu and set the filter threshold parameters value where applicable.
For example:
NOTE: You can only add one metric filter to your Inspect Data dashboard.
NOTE: Some statistics are limited to using specific operators, for example, EQ Delay only allows >=.
Step 4
Click APPLY to save the metric filter. This closes the metric filter definition window.
© 2023 Pico Quantitative Trading LLC. All rights reserved 441 .
The filter rule that will be applied is displayed in a filter lozenge in the filter box.
Also, the Inspect Data Filter button name will now reflect the filter that you have applied, for example:
Step 5
To edit the filter, click in the filter lozenge and select Edit.
To delete the metric filter definition, click Delete. This removes the filter lozenge from the filter window.
Step 6
When you have finished adding your metric filter, you can also apply traffic and message filters, which will
be applied to the Inspect Data results, along with your metric filter.
When the new metric filter is defined, it is automatically applied.
The Inspect Data results are now displayed with the metric filter applied to the traffic under investigation.
To edit a saved metric filter, click the Inspect Data Filter button (click FILTERS APPLIED), click on the
filter lozenge of interest in the metric filter window and click Edit. Make the required changes to the filter
definition and then click APPLY.
To delete a message filter, open the filter popup panel, click on the filter lozenge and click Delete.
Deleting and Clearing Filters
You can delete or clear filters from the Inspect Data dashboards. Open the Inspect Data Filter window and
click on the filter lozenge of the filter that you want to remove. Click Delete. This removes the filter lozenge
from the filter window.
To remove all the filters for the dashboards, click CLEAR ALL on the top right of the Inspect Data Filter
window and click APPLY. All the filters are removed, and the filter button will change to NO FILTERS
SET. To reinstate the cleared filters, click the Undo Clear All button
© 2023 Pico Quantitative Trading LLC. All rights reserved 442 .
and click APPLY. The last set of applied filters are reapplied and the Undo Clear All button is
deactivated (you can only undo clear once, on the last set of applied filters).
Disabling Filters
The filters that you configure are applied to all the Inspect Data dashboards. If you want to remove the
filters temporarily, open the Inspect Data Filter window and click the DISABLE toggle switch. The filters
will be disabled for all the dashboards and the filter button will change to NO FILTERS SET. The filter
configuration is not removed and can be re-enabled by clicking the toggle switch again.
VIEWING MESSAGE AND PACKET TABLE RESULTS IN
INSPECT DATA DASHBOARDS
[Inspect Data Packet table and enhanced message table features are supported from Corvil
Analytics release 9.7.0]
Depending on how your CNE is licensed, it may not be decoding message data. For example, a Network
Analytics license allows your CNE to view and perform packet and TCP analytics only. In Corvil Analytics
9.6.x and earlier releases, you can only view messages in detail on the Inspect Data screen (the message
table will be empty if you have a Network Analytics license) and therefore, you must use Event Inspection
to view packet information.
In 9.7.0, the message table has been replaced by a message/packet table widget which can be added to
an Inspect Data dashboard (only 1 per dashboard), allowing you to view the details of the individual
packets and messages contained in the capture file, without having to click through to Event Inspection.
To ensure the table is populated with results, the session selected on the Inspect Data dashboard must be
configured with trace-events always-on. Additionally, the table may display packets only,
messages only or it may display both messages and packets, depending on the session configuration
settings below:
l message data only displayed - session configured with measure-messages
l message and packet data displayed - session configured with measure-messages
include-non-message-packets
l packet data only displayed - session configured with no measure-messages
If both message and packets results are available, the table will allow you to toggle between a Messages
and Packets view for your session. For packet-only sessions or if you are only displaying message data on
the dashboard, the toggle is hidden.
© 2023 Pico Quantitative Trading LLC. All rights reserved 443 .
You can select a message or packet and view it in more detail by clicking on DETAILS. You can use Event
Inspection to drilldown further into a message or packet. You can select Event Inspection directly from a
message or packet field or from the Details panel.
If you highlight a row on the message table, and then toggle to the packet table, the packet with the same
timestamp is automatically highlighted and vice versa.
You can apply traffic, message and metric filters to both message and packet results (where applicable)
and the filtered results are preserved when navigating to Event Inspection.
Timestamp Formats
The timestamp indicates the time at which the packet or message was measured. On both Packet and
Message view, the timestamp of the packet/message can be viewed in 3 formats:
l Absolute - 24-hour time in nanoseconds of when the message/packet was measured (this is the
only format available on message tables in releases prior to 9.7.x)
l Relative - timestamp of each message/packet is shown relative to the first message/packet in the
selected time period
l Delta - timestamp of each message/packet is shown as a delta in nanoseconds (indicated by a
plus sign (+)) from the timestamp of the previous message/packet.
The format is indicated by the symbol in the Timestamp header column, and you can toggle between the
formats by clicking on the icon.
- Absolute timestamps (this is the default)
© 2023 Pico Quantitative Trading LLC. All rights reserved 444 .
- Relative timestamps
- Delta timestamps
Navigating Table Rows
The message/packet table can be thousands of rows long depending on the time range and the session
you are viewing. As a result, all the rows may not be displayed when you first open a dashboard if the table
is long. Instead, the first 200 rows are shown with more rows loaded as you scroll through the table. As
well as a vertical scrollbar (you can also scroll with the mouse scroll wheel), the table has navigation
buttons at the top of the table, allowing you to jump forwards or backwards in the table or to jump to the
end or start of the table.
The number of rows you jump forward by depends on the total length of the table. For example, a table
with 40000 rows will jump forward 4000 rows at a time.
NOTE: If you use the vertical scroll and scroll far down the table, you may not be able to use the jump
back button to go back to the start of the table. This happens because scrolling expands the table but
does not unload the previous rows until it reaches a certain limit. If the button is disabled, it means that
the previous rows have not been unloaded yet. You can just scroll back to the start, or you can click on
the jump forward button to activate the jump back buttons.
In messages view, if groups of messages have different columns, the table will be broken into sub or
inner tables. There is a limit on the number of sub-tables that can be displayed in one table view, with
older tables unloaded as you scroll or jump forward.
Some buttons may be disabled if you have already reached the end or top of the table. If all rows are
shown in the table, all four buttons will be disabled.
Launching Actions
If you have installed a recent Actions Pack, some of the Actions can be launched for a selected message
or packet. For example, the Pivot Table Action can be launched for a message field, and you can open the
Filter Action for message and packet fields, to quickly update the dashboard filter to include or exclude a
field.
© 2023 Pico Quantitative Trading LLC. All rights reserved 445 .
You can also view the orders/transactions for a message using the Transaction Tracking Action and you
can perform multihop analysis using the Multihop Action. See below.
Left-click on a (non-empty) row to open the context menu for the list of Actions that can be launched for
the chosen field.
Transaction Tracking
NOTE: You must install the latest Action Pack to open the Transaction Tracking table from Inspect
Data. Alternatively, you can open the table from Event Inspection.
Transaction or Order tracking allows you to see the associated messages in a transaction context - for
example, to see the full order life-cycle for a trade or to pair HTTP request and response messages. If
transaction tracking is available for a message, you can click on the icon to display the Transaction
Tracking message table. This table shows all the messages in the chosen time range related to the same
transaction.
The delta icon in the Time column allows you to change between three different views of the message
times - timestamp of the message, the delta difference between the arrival time of the first message and
the arrival time of each subsequent message, and the delta difference between the arrival time of a
message and the arrival time of the preceding message.
Transaction tracking supports the following categories of messages:
l Orders and their associated modifications, cancels and execution reports.
l Quotes and their associated modifications, cancels and the execution reports and noti-
fications for related trades.
l Mass quotes with their associated modifications, cancels and the execution reports and noti-
fications for related trades.
NOTE: Mass cancellation messages are not supported. Corvil supports removing the order entries
associated with the mass cancel, but this is usually done upon receipt of the cancel-
acknowledgements. The mass cancel message itself does not appear in the list of related messages.
You can read more about the feature in the Action topic "Analyze / Transaction Tracking".
© 2023 Pico Quantitative Trading LLC. All rights reserved 446 .
Multihop Analysis
NOTE: You must install the latest Action Pack to open the Multihop table from Inspect Data.
Alternatively, you can open the table from Event Inspection.
If you are viewing a session configured as part of a multihop group, you can investigate the latency
contribution of each part of an order-acknowledgement transaction by clicking the multihop icon
displayed next to a message. This opens a multihop analysis table, detailing the latency for each hop in the
group.
Refer to the section on "Corvil Multihop Analysis" on page 534 for a description of the multihop analysis
features and how to configure a multihop group. The topic "Using Multihop Analysis" on page 543 explains
the contents of the multihop analysis table above. Alternatively, refer to the Actions topic "Analyze /
Multihop".
After clicking on the multihop icon, if the message "No multihop data found" is displayed in the multihop
window, the selected message is not involved in PNQM correlation (not configured in the custom-pnqm-
signature). For example, Heartbeat and MassQuote message types will not show multihop results.
Message Table Results
The message table displays all messages seen during the selected reporting period. The message table
page size is 200 messages, with more rows displayed as you scroll or page through the other results (see
"Navigating Table Rows" on page 445).
The messages are displayed in order and can come from different message protocols. Since different
protocols define different message fields, every time there is a change of protocol from one message to
the next, a header line is inserted to explain the contents of the following rows. In general, a new row of
column headings is inserted each time the custom application changes; however, if the associated
message protocol and capture-field configuration is the same, then there is no new header. Instead, an
application column is displayed for these rows indicating the custom-application to which each row
© 2023 Pico Quantitative Trading LLC. All rights reserved 447 .
belongs.
The information displayed in the table is divided into
l a standard set of properties available across all protocols (timestamp, size, latency, and so
on.)
l entirely protocol-specific fields found in the messages.
Some of the standard fields are present only if they were configured at measurement time (for example,
latency and loss); if a field is not present for any messages in a block, then it is not displayed. For a
request-response session, the message table shows messages from both directions so that order-flow
can be followed.
The message table columns are as follows:
Timestamp
Indicates the time at which the message was measured. See "Timestamp Formats" on page 444.
Direction
Indicates the session direction in which the message was seen - Primary (forward) or Reverse.
App:[custom application]
The column header indicates the name of the custom application associated with the message and the
column contents list the message type(s) recorded.
Latency
(if configured)
Indicates whether any latency was detected
Loss
(if configured)
Indicates whether any loss was detected
© 2023 Pico Quantitative Trading LLC. All rights reserved 448 .
User-defined Fields
Included fields are defined and prioritized using the capture-field UI settings or CLI commands, followed
by fields included via wildcard capture-field-pattern UI settings or CLI commands.
IP Flow
Displays the IP 5-tuple associated with the message.
IP Bytes
Displays the number of bytes associated with the message.
Packet Table Results
The packet table displays all packets seen during the selected reporting period. The packet table page
size is 200 packets, with more rows displayed as you scroll or page through the other results (see
"Navigating Table Rows" on page 445
The packets are displayed in chronological order
Some of the standard fields are present only if they were configured at measurement time (for example,
latency and loss); if a field is not present for any packets in a block, then it is not displayed. For a request-
response session, the table shows packets from both directions. In general, the header row is unchanged,
however, a new row of column headings is inserted when a packet block contains a new data column.
The packet table columns are as follows:
Timestamp
Indicates the time at which the packet was measured. See "Timestamp Formats" on page 444.
Direction
Indicates the session direction in which the packet was seen - Primary (forward) or Reverse.
Application
Indicates the name of the custom or built-in application associated with the packet.
The additional per-packet information available includes:
© 2023 Pico Quantitative Trading LLC. All rights reserved 449 .
Source Address
The source IP address of the packet
Source Port
The source port number of the packet
Destination Address
The destination IP address of the packet
Destination Port
The destination port of the packet
IP Protocol
Identifies the packet protocol, for example, TCP or UDP
TCP Left and Right Round Trip Time and Application Response Time
Highlighted if the value exceeds the configured threshold.
TCP Sequence Number
Identifies the packet TCP sequence number. The column is highlighted if retransmitted or re-ordered
packets are detected.
TCP Ack Number
Identifies the packet TCP acknowledgement number
TCP Advertised Window Size
Identifies the advertised window size for the packet. The column is highlighted if a zero window size is
detected. The column is also highlighted if the scaling factor to be applied is not known and number is
shown in brackets.
TCP Goodput
Identifies the TCP goodput value for the packet
© 2023 Pico Quantitative Trading LLC. All rights reserved 450 .
IP DSCP
Identifies the Differentiated Service Code Point (DSCP) setting for the packet
IP ECN
Identifies the Explicit Congestion Notification (ECN) setting for the packet
EQ Delay (ms)
Displays the Expected Queuing delay value calculated for the packet (if configured). Highlighted if the
value exceeds the configured threshold.
EQ Queue Size
Displays the Expected Queuing queue size value calculated for the packet (if configured)
CB Delay (kbps)
Displays the Corvil Bandwidth delay value calculated for the packet (if configured). Highlighted if the value
exceeds the configured threshold.
IP Length
Identifies the packet header length
IP ID
Displays the packet identification field
IP Flags
Displays the packet flags field
IP TTL
Displays the packet Time-to-Live (TTL) field
IP Checksum
Displays the packet header checksum field
© 2023 Pico Quantitative Trading LLC. All rights reserved 451 .
TCP Flags
Displays the packet flags field
TCP Urgent Pointer
Displays the urgent pointer field
TCP Checksum
Displays the packet TCP checksum field
TCP Options
Displays the packet TCP Options field
UDP Length
Displays the UDP length field
UDP Checksum
Displays the UDP checksum field
MAC Source
Identifies the MAC source address for the packet
MAC Destination
Identifies the MAC destination address for the packet
Ethertype
Displays the Ethernet frame Ethertype field.
Encapsulations
Indicates any packet encapsulation, for example, VLAN, GRE, MPLS, CAPWAP
© 2023 Pico Quantitative Trading LLC. All rights reserved 452 .
VLAN Tags
Displays any VLAN tags
MPLS Labels
Displays any MPLS labels
Packet Size
Displays the total length of the packet
Packet Size - EQ/CB
Displays the packet size used by Expected Queuing and Corvil Bandwidth calculations (this is the packet
wire length minus the Ethernet header and takes into account any link-adjust settings in the CNE
configuration)
Payload Size
Identifies the actual layer 7 payload size
CNE Port
Identifies the physical CNE port on which the packet was measured.
IP Flow
Displays the IP 5-tuple associated with the packet.
IP Bytes
Displays the number of bytes associated with the packet.
vport
Identifies the defined CNE virtual port (if configured when using an aggregation tap) on which the packet
was measured.
Sensor
Identifies the name of the Sensor if the traffic is being captured on a Sensor host.
© 2023 Pico Quantitative Trading LLC. All rights reserved 453 .
If analysis of wireless traffic encapsulated using CAPWAP protocol (RFC-5415) is enabled, extra columns
are added to indicate:
l Radio ID
l fragment ID
l fragment offset
l 802.11 fragment number
l 802.11 sequence number
l source/BSS/destination MAC addresses
Exporting Message/Packet Table Results
You can export the current view of the message or packet table as part of the Dashboard Export PDF.
Click the Export as PDF button. If you have both message and packet results in your table, only the
currently selected Message or Packet view will be exported in the PDF, so you need to select the other
view and export a second PDF.
You can also do a CSV and PCAP export of the Transaction Tracking and a CSV export of the Multihop
tables.
EXPORTING AN INSPECT DATA PDF REPORT
For information on exporting a PDF report from Inspect Data, please refer to the section "Exporting
Dashboards and Widgets" on page 65.
CONFIGURING INSPECT DATA DASHBOARD VIEWS
Corvil provides system-supplied and plugin-supplied Inspect Data dashboard configuration, providing a
range of Inspect Data views out of the box.
You can re-order and hide these dashboard views but you cannot edit their content.
If you want to copy one of the existing dashboard views to use as a starting point for defining your own,
you can duplicate and rename any of them. You can then edit the copied dashboard, deleting widgets or
using the GUI widget editor to modify or add new widgets. You can also adjust the layout or change the
context settings for the dashboard. If you prefer, you can modify the dashboard by editing the XML
configuration.
Refer to "Creating and Editing Corvil Dashboards" on page 92 for the steps to make dashboard
configuration changes.
Refer to "Managing Corvil Dashboards" on page 87 for information on how you can create Inspect Data
dashboard groups and move dashboards between groups.
© 2023 Pico Quantitative Trading LLC. All rights reserved 454 .
Using Event Inspection
From Inspect Data you can access Corvil Event Inspection. Event Inspection is Corvil's advanced
drilldown and troubleshooting feature. You can analyze events of interest in full context, with all the
relevant decoded data and with all Corvil graphs and charts available.
There are a couple of different ways to launch Event Inspection. You can click Event Inspection in the
lefthand navigation panel of the Inspect Data screen. Or, if you're looking at an application-level,
message-based session in a dashboard messages table, click on a (non-empty) field of a message or
packet and select Go to Event Inspection.
ANALYZING AN EVENT
NOTE: Access to Event Inspection for a given session may be restricted depending on configured
Corvil login privileges.
For example, drilldown to message and packet level detail may not be available for certain sessions if
the currently logged in user is part of a user access group for which Event Inspection for those
sessions is disabled.
For more information on Corvil role-based access control, refer to the topic Role-based access
Control for Restricted Users in the Corvil Administration Guide.
The Event Inspection window is launched displaying the Quality Events Timeline for one minute of data
starting with the selected packet or message.
The display of results in the Inspect Data and Event Inspection screens passes through the following
stages:
1. Fast pass phase – this preview phase is skipped if the selected time period is less than one
minute. All graphs and the message table initially display the following icon:
The progress bar shows progress of the fast pass preview phase and an estimate of the remaining time:
The following graphs are available by the end of the fast pass preview phase:
l PNQM: End to End Latency
l PNQM: End to End Measured Jitter
© 2023 Pico Quantitative Trading LLC. All rights reserved 455 .
l PNQM: End to End Measured Loss
l TCP: Local Roundtrip Time
l TCP: Remote Roundtrip Time
l TCP: Connection Setup Roundtrip Time
l TCP: Out of Sequence Packets
l Messages: Message Sequence Gap
l Messages: Message Rate
l Messages: Message Rate Microburst Detection
l Messages: Message Bit-rate Microburst Detection
l Traffic: Packet Rate Microburst Detection
l Traffic: Packet Bit-rate Microburst Detection
l Traffic: Average Bit-Rate
l Traffic: Average Packet-Rate
If you want to have graph data available for a user-defined configurable statistic after the fast-pass phase,
use the CLI indexed command during configuration.
Distribution graphs only display minimum, mean, and maximum values without percentiles.
2. Final phase - Fast pass graphs, as listed above, are displayed, while waiting for the final res-
ults to load. All other graphs, charts and the message table display
The progress bar shows progress of the final phase and an estimate of the remaining time:
If there was no preview phase before the final phase, the progress bar has a white background.
The following additional graphs are available by the end of the final phase:
l PNQM: End to End Detected Loss
l Congestion: Expected Queuing Latency
l Congestion: Expected Queue Length
l Congestion: Expected Queue Loss
© 2023 Pico Quantitative Trading LLC. All rights reserved 456 .
l Congestion: Corvil Bandwidth - Delay
l Congestion: Corvil Bandwidth - Queue Length
l TCP: Goodput rate
l TCP: Goodput byte count
l TCP: Local Application Response Time
l TCP: Remote Application Response Time
l TCP: TCP Packet Count
l TCP: Out of Sequence Packets: Retransmitted
l TCP: Out of Sequence Packets: Reordered
l TCP: Syn Packet Count
l TCP: Fin Packet Count
l TCP: RST Packet Count
l Messages: Message Sequence Count
l Messages: Message Count
l Messages: Top Message Types
l Messages: Decode Details
l Top-N: Top Applications
l Top-N: Top Talkers
l Top-N: Top Listeners
l Top-N: Top Conversations
l Traffic: Byte-counts
l Traffic: Packet-counts
l Traffic: Active Flows
l Traffic: Packet Size Distribution (Packets)
l Traffic: Packet Size Distribution (Bytes)
NOTE: Some graphs, such as TCP: Out of Sequence Packets: Retransmitted and TCP: Out of
Sequence Packets: Reordered can only be displayed if the entire TCP flow is captured into the session
(they will be shown as 'Not Configured'). To display the graphs, enable the setting include-non-
message-packets for your session.
© 2023 Pico Quantitative Trading LLC. All rights reserved 457 .
When the progress bar completes and is no longer displayed, all graphs and the message table show final
results.
Clicking Cancel cancels the preview phase, allowing the final phase to start immediately.
PDF generation is not available during the preview phase. After the final phase completes, PDF
generation produces the same results as those displayed on the Event Inspection screen.
The new window displays the decode details table, listing all packets or messages recorded during the
selected time period.
Each event is indicated on the timeline by a mark. Grey bars above the timeline indicate the periods of
time for which an event packet capture is available. Red marks below the timeline indicate any periods of
span congestion.
NOTE: It is possible to see an event displayed on the quality events timeline in the Event Inspection
screen for which Event Inspection is not available. If a data update and screen refresh occurs while a
packet capture is still running to record an event, you may see an event in the Event Inspection quality
events timeline. However, if you attempt to analyze this event, the Event Inspection screen may not yet
have the packet capture information available. In such cases, you should wait a couple of minutes for
the current packet capture to finish and then retry the analysis.
© 2023 Pico Quantitative Trading LLC. All rights reserved 458 .
You can define another time period as described above to focus on a particular event. You can also use
the zoom feature on the Quality Events Timeline or any of the displayed graphs to investigate the details
behind the event you are troubleshooting.
Click Alerts beside the quality events timeline to view the list of statistics for which events are being
triggered.
To zoom in on a particular event, click and drag the mouse across a selected portion of the timeline or
indicated event.
Alternatively, you can zoom in on a particular graph. For example, if you initially chose a reporting period of
one hour and therefore the graphs first displayed are over that timescale, you may identify a particular
peak in latency measurements during a five-minute period.
So you can click and drag across that five-minute period on an End to End Latency graph to zoom in to the
five-minute graph.
You can use the same click-and-drag technique to zoom into a selected graph down to sub-microsecond
timescales.
© 2023 Pico Quantitative Trading LLC. All rights reserved 459 .
Zooming in to the detail at shorter timescales enables you to identify very specific traffic events. Each time
you zoom in, all of the available graphs and charts are redrawn to show only the data relevant to the
selected timescale.
For example, if you have zoomed in to the microburst detection graphs to isolate a particular event at sub-
microsecond-level resolution, you can then consult the traffic leader graphs (top applications, top talkers,
top listeners, top conversations) to establish the source of the traffic.
NOTE: The displayed contents of the Event Inspection window are not immediately affected by any
role-based access control configuration change made while the current event inspection session is
open. For example, the current user may become restricted from either accessing event inspection
generally, or accessing even inspection results for a particular session.
However, any newly configured restrictions may meanwhile become apparent on the main product
screens (for example, the Dashboard or Event Inspection tabs) following a screen refresh.
The Event Inspection window must first be closed before subsequent interactions reflect the user
access changes.
IMPACTED MEASUREMENTS
A Measurement Warnings message is displayed if the measurements during the selected reporting
period are impacted by one or more of the following issues:
l port drops (included CRC errors, and so on.)
© 2023 Pico Quantitative Trading LLC. All rights reserved 460 .
l capture drops
l decode failures
l PNQM drops
l PNQM missing measurement (packet capture records not available, and so on)
l PNQM hash-collisions over user-configurable threshold.
l PNQM session availability less than 100%
In the case of the event inspection screens the display of the appropriate measurement warnings is a
textual one, and gives a summary of the impacting issues over the time period selected, or the entire
enclosing 5 minute period or periods if the selected time period is less than 5 minutes or spans more than
one 5 minute period.
Display of measurement warnings for each of the causes listed may be enabled or disabled using the CLI.
For example, measurement warnings for message decode failures and PNQM signature collisions are
disabled by default. Warnings for each of the other issues are enabled by default.
For more information, refer to "Corvil Measurement Warnings" on page 794.
NAVIGATING TIMELINE HISTORY
You can use the timeline history list in the Select a Time Period panel to navigate between different
'zoom' levels. Click the arrow beside the From and To dates and times to open the Select a Time
Period panel and display the timeline history.
VIEWING FULLSCREEN LAYOUT
Click View Fullscreen to hide all details apart from the selected view. Click Exit Fullscreen to return to
the default screen layout.
© 2023 Pico Quantitative Trading LLC. All rights reserved 461 .
SELECTING GRAPHS FOR EVENT INSPECTION
DRILLDOWN RESULTS
When you open the Event Inspection window, the default view is Protocol Decode, showing a tabular
presentation of packet-based information for network sessions or message-based information for
application sessions.
The system also provides other pre-defined views. Click the View drop-down and select from the list of
views to display the corresponding graphs.
Select Network Latency from the list of views to display the following graphs:
l End-to-End Latency
l End-to-End Jitter
l End-to-End Loss
l Packet Rate Microburst Detection
l Packet Bit-rate Microburst Detection
l Average Bit-Rate
l Expected Queuing Latency
l Expected Queue Length
l Expected Queuing Loss
Select Message Latency from the list of views to display the following graphs for application sessions:
l End-to-End Latency
© 2023 Pico Quantitative Trading LLC. All rights reserved 462 .
l End-to-End Jitter
l End-to-End Loss
l Message Rate Microburst Detection
l Message Bit rate ~Microburst Detection
l Message Sequence Gap
l Message Sequence Count
l Message Count
l Message Rate
Select TCP from the list of views to display the following graphs:
l Goodput Rate
l Goodput byte count
l Left, Right and Connection Setup Roundtrip Time
l Left and Right Application Response Time
l TCP Packet count
l TCP Zero Window Size Packet Count
l Out of sequence Packets
l Out of sequence Packets: Retransmitted
l Out of sequence Packets: Reordered
l SYN packet count
l FIN packet count
l RST packet count
Select TopN from the list of views to display the following graphs:
l Top Conversations
l Top Message Types
l Top Talkers
l Top Listeners
l Top Applications
© 2023 Pico Quantitative Trading LLC. All rights reserved 463 .
The predefined views may not be edited or deleted. Instead you define custom views to display only those
graphs in which you are most interested. To define a custom view you can
l
delete graphs from the current view
l
re-order graphs in the current view by clicking and dragging the graph to the required loc-
ation
l add graphs to the current view using the Data Selector
When you make changes to the current view the system automatically renames the view.
To add graphs to a custom view, click Data Selector to expand the data selector slide menu.
The Data Selector slide menu comprises groups of available graphs.
Configurable Statistics
If a particular plugin supplies configurable statistics or you have manually defined a configurable statistic
and associated it with a session, the custom statistic is available to add to a view when you select that
session. In the preceding example, HTTP-related custom statistics are available.
© 2023 Pico Quantitative Trading LLC. All rights reserved 464 .
NOTE: For more information on defining configurable statistics, refer to the topic 'Corvil Custom
Metrics' in the Corvil Configuration Guide.
In the following example, the graph of the custom statistic named Data Requests has been added to the
standard Protocol Decode view.
If you switch to view a different session with either no defined custom statistics, or a different set of custom
statistics, the Data Selector updates to display the list of relevant custom statistics, if any, and the view is
updated to reflect the current session configuration.
Congestion
l Expected Queuing Latency
l Expected Queuing Latency (Density)
l Expected Queue Length
l Expected Queue Length (Density)
l Expected Queue Loss
l Corvil Bandwidth – Delay
© 2023 Pico Quantitative Trading LLC. All rights reserved 465 .
l Corvil Bandwidth – Delay (Density)
l Corvil Bandwidth – Queue Length
l Corvil Bandwidth – Queue Length (Density)
Latency
l End-to-End Latency
l End-to-End Latency (Density)
l End-to-End Measured Jitter
l End-to-End Loss
Messages
l Message Sequence Gap
l Message Sequence Count
l Message Rate
l Message Count
l Top Message Types
l Decode Details
l Message Bit rate ~Microburst Detection
l Message Rate Microburst Detection
TCP
l Goodput Rate
l Goodput byte count
l Left, Right and Connection Setup Roundtrip Time (including Density graphs)
l Left and Right Application Response Time (including Density graphs)
l TCP Packet Count
l TCP Zero-Window Size Packet Count
l Out of sequence Packets
l Out of sequence Packets: Retransmitted
l Out of sequence Packets: Reordered
l SYN packet count
© 2023 Pico Quantitative Trading LLC. All rights reserved 466 .
l FIN packet count
l RST packet count
NOTE: In place of the connections started, terminated, refused and ignored graphs available in other
parts of the product Event Inspection drilldown calculates and displays the number of packets which
have the following TCP state flags set: FIN, RST and SYN.
Top-N
l Top applications
l Top talkers
l Top listeners
l Top conversations
You can use these charts to identify the applications comprising the largest share of network traffic and
the hosts transmitting and receiving the most traffic as you zoom in on a particular quality event.
Traffic
l Packet Bit rate Microburst Detection
l Packet Rate Microburst Detection
l Average bit rate
l Byte-counts
l Average Packet Rate
l Packet-counts
l Active Flows
l Packet Size Distribution (Packets)
l Packet Size Distribution (Bytes)
You can use these graphs to identify the traffic patterns for the chosen zoom level. For example, if the
values displayed in these graphs vary significantly, the traffic is probably bursty. Smoother traffic will tend
to have fewer variations of these statistics over time.
© 2023 Pico Quantitative Trading LLC. All rights reserved 467 .
NOTE: Enabling message microburst for a session disables Packet Rate and Bit-rate Microburst
measurement for that session.
To enable packet-based microburst measurement instead of message-based microburst
measurement, use the Measure microburst at packet-layer session configuration option in the UI
or the use-packet-microburst option in the CLI measure-messages command.
Both types may be measured by creating a copy of the application session, defining a different label
and enabling packet microburst in one of the two sessions.
Similarly, to enable Corvil Bandwidth and Expected Queuing measurement in a message session
(along with assigning a session bandwidth and enabling the features in the service objective), use the
Measure microburst at packet-layer session configuration option in the UI or the use-packet-
microburst option in the measure-messages command.
Select a density graph (where provided) to display a scatter plot of the chosen results.
Each preview graph displays measurements for the current time period in thumbnail form, if configured or
available.
To add a graph to the current view, click Add. The selected graph is added to the top of the current view.
You can then click and drag the graph to re-order the view, if required.
NOTE: Graphs may not be added twice to the same view.
To close the data selector slide menu, click Data Selector.
You can rename the new view or accept the default name.
© 2023 Pico Quantitative Trading LLC. All rights reserved 468 .
Click Save to save the view
Click the close icon to close the Change View popup.
NOTE: Unsaved custom views are not available if you switch to another view or close the Event
Inspection window without saving the new view.
If you attempt to change to a different view without saving a new custom view, a warning message is
displayed, indicating that your changes will be lost if you proceed. You are also notified of any unsaved
custom views when closing the Event Inspection window.
DEFINING TIME PERIODS FOR DISPLAYING EVENT
INSPECTION RESULTS
As well as clicking and dragging across the event timeline or across graphs, you can manually select a
time period for viewing Event Inspection drilldown results.
Selecting a Time Period
© 2023 Pico Quantitative Trading LLC. All rights reserved 469 .
Step 1
Click the arrow beside the From and To dates and times to open the Select a Time Period popup
and display the timeline history.
Select one of the listed time periods in the Timeline History to navigate back to that time period.
Step 2
Enter a date and time in the From field or click the calendar icon and select the required date.
Step 3
Enter a date and time in the To field or click the calendar icon and select the required date.
The duration of the selected time period is updated in the top right corner of the popup.
Step 4
Click Apply.
Use the timeline zoom buttons to zoom in or out of the current time period by a factor of two. For
example, if the duration of the current timeline is 30 milliseconds, click to zoom in to a timeline of 15
milliseconds.
SELECTING SESSIONS FOR EVENT INSPECTION
DRILLDOWN RESULTS
You can use the search facility to find other sessions and switch to Event Inspection drilldown results for
those items.
Finding Another Session
© 2023 Pico Quantitative Trading LLC. All rights reserved 470 .
Step 1
Click the arrow beside the session name.
The other direction of the session is listed by default. To switch to the other direction, click the session
name.
Step 2
To find other sessions, enter appropriate search text in the Select Session field and press Enter or click
Search. The list is populated with all session names matching the search text.
Step 3
Click the session of interest from the list to display the associated graph results.
The graphs displayed for the new session are based on the previously selected view.
VIEWING DECODE DETAILS FOR NETWORK
SESSIONS
When you open the Event Inspection drilldown window for network sessions, the default view is Protocol
Decode, showing a tabular view of the packets seen during the selected reporting period.
NOTE: The default view for application sessions shows a tabular view of the messages seen during the
selected reporting period.
When message information is available, you can switch to the message table view.
The packet table displays all packets seen during the selected reporting period. The packet table page
size is 50 packets. If there are more than 50 packets in the selected reporting period, you can page
through the other results.
The text in each row is black for packets coming from the currently selected session, and grey for packets
coming from the reverse direction of the currently selected session.
© 2023 Pico Quantitative Trading LLC. All rights reserved 471 .
The packets are displayed in chronological order.
Some of the standard fields are present only if they were configured at measurement time (for example,
latency and loss); if a field is not present for any packets in a block, then it is not displayed. For a request-
response session, the table shows packets from both directions. A direction column is displayed and a
forward/reverse direction icon shown for each packet record. In addition, rows corresponding to the
direction not currently being viewed are grayed out. If you select the reverse session direction, the black
and grey rows swap around, however the direction arrows stay in the same as they always indicate the
primary direction of the selected session.
The timeline of the selected reporting period is displayed directly above the table. The portion of the
timeline corresponding to the current table page is highlighted. If you select a row, the position of that
packet is indicated on the timeline.
The packet table columns are as follows:
Timestamp
Indicates the time at which the packet was measured. Use the timestamp format button to rotate
between the display of Absolute Time, Time relative to the first packet of the selected time slot, and inter-
packet time deltas.
Direction
(for request-response sessions only)
Indicates the session direction in which the packet was seen:
indicates that the packet was measured in the primary direction of the session being viewed
© 2023 Pico Quantitative Trading LLC. All rights reserved 472 .
indicates that the packet was measured in the secondary (reverse) direction of the session being
viewed
Application
Indicates the name of the custom or built-in application associated with the packet.
Loss
(if configured)
Indicates whether any loss was detected
The additional per-packet information available includes:
Source Address
The source IP address of the packet
Source Port
The source port number of the packet
Destination Address
The destination IP address of the packet
Destination Port
The destination port of the packet
IP Protocol
Identifies the packet protocol, for example, TCP or UDP
TCP Sequence Number
Identifies the packet TCP sequence number. The column is highlighted if retransmitted or re-ordered
packets are detected.
© 2023 Pico Quantitative Trading LLC. All rights reserved 473 .
TCP Ack Number
Identifies the packet TCP acknowledgement number
TCP Advertised Window Size
Identifies the advertised window size for the packet. The column is highlighted if a zero window size is
detected. The column is also highlighted if the scaling factor to be applied is not known and number is
shown in brackets.
TCP Goodput
Identifies the TCP goodput value for the packet
TCP Left and Right Round Trip Time and Application Response Time
Highlighted if the value exceeds the configured threshold.
EQ Delay (ms)
Displays the Expected Queuing delay value calculated for the packet (if configured). Highlighted if the
value exceeds the configured threshold.
EQ Queue Size
Displays the Expected Queuing queue size value calculated for the packet (if configured)
CB Delay (kbps)
Displays the Corvil Bandwidth delay value calculated for the packet (if configured). Highlighted if the value
exceeds the configured threshold.
IP DSCP
Identifies the Differentiated Service Code Point (DSCP) setting for the packet
IP ECN
Identifies the Explicit Congestion Notification (ECN) setting for the packet
IP Length
Identifies the packet header length
© 2023 Pico Quantitative Trading LLC. All rights reserved 474 .
IP ID
Displays the packet identification field
IP Flags
Displays the packet flags field
IP TTL
Displays the packet Time-to-Live (TTL) field
IP Checksum
Displays the packet header checksum field
TCP Flags
Displays the packet flags field
TCP Urgent Pointer
Displays the urgent pointer field
TCP Checksum
Displays the packet TCP checksum field
TCP Options
Displays the packet TCP Options field
UDP Length
Displays the UDP length field
UDP Checksum
Displays the UDP checksum field
© 2023 Pico Quantitative Trading LLC. All rights reserved 475 .
MAC Source
Identifies the MAC source address for the packet
MAC Destination
Identifies the MAC destination address for the packet
Ethertype
Displays the Ethernet frame Ethertype field. See note below.
Encapsulations
Indicates any packet encapsulation, for example, VLAN, GRE, MPLS, CAPWAP
VLAN Tags
Displays any VLAN tags
MPLS Labels
Displays any MPLS labels
Packet Size
Displays the total length of the packet
Packet Size - EQ/CB
Displays the packet size used by Expected Queuing and Corvil Bandwidth calculations (this is the packet
wire length minus the Ethernet header and takes into account any link-adjust settings in the CNE
configuration)
Payload Size
Identifies the actual layer 7 payload size
CNE Port
Identifies the physical CNE port on which the packet was measured.
© 2023 Pico Quantitative Trading LLC. All rights reserved 476 .
vport
Identifies the defined CNE virtual port (if configured when using an aggregation tap) on which the packet
was measured.
Sensor
Identifies the name of the Sensor if the traffic is being captured on a Sensor host.
If analysis of wireless traffic encapsulated using CAPWAP protocol (RFC-5415) is enabled, extra columns
are added to indicate:
l Radio ID
l fragment ID
l fragment offset
l 802.11 fragment number
l 802.11 sequence number
l source/BSS/destination MAC addresses
When the number of fields displayed in the packet table is large, you can open a panel showing field
details for a selected packet. First select a packet of interest and the click Show Details.
NOTE: When viewing QinQ VLAN stacking in the Event Inspection packet table, only the outer VLAN
frame ethertype is displayed in the Ethertype column.
© 2023 Pico Quantitative Trading LLC. All rights reserved 477 .
The panel displays the complete set of fields for the selected message.
NOTE: There is a limit of 50 columns for user-defined fields when scrolling horizontally across the
table. To view any additional fields, select the row of interest and click Show Detail.
A locked symbol displayed beside a packet indicates that the current logged in user does not have
the required access privileges to view the session (primary, translation, or responder) from which the
packet came.
NOTE: For more information on Corvil access privileges, refer to the section Role-based access
Control for Restricted Users in the Corvil Administration Guide.
To close the panel, click Hide Details.
VIEWING DECODE DETAILS FOR APPLICATION
SESSIONS
When you open the Event Inspection drilldown window for application sessions, the default view is
Protocol Decode, showing the message table.
NOTE: The message table is only available for application sessions.
The message table displays all messages seen during the selected reporting period. The message table
page size is 50 messages. If there are more than 50 messages in the selected reporting period, you can
page through the other results.
The text in each row is black for messages coming from the currently selected session, and grey for
messages coming from the reverse direction of the currently selected session.
© 2023 Pico Quantitative Trading LLC. All rights reserved 478 .
The messages are displayed in order and can come from different message protocols. Since different
protocols define different message fields, every time there is a change of protocol from one message to
the next, a header line is inserted to explain the contents of the following rows. In general, a new row of
column headings is inserted each time the custom application changes; however, if the associated
message protocol and capture-field configuration is the same, then there is no new header. Instead, an
application column is displayed for these rows indicating the custom-application to which each row
belongs.
The information displayed in the table is divided into
l a standard set of properties available across all protocols (timestamp, size, latency, and so
on.)
l entirely protocol-specific fields found in the messages.
Some of the standard fields are present only if they were configured at measurement time (for example,
latency and loss); if a field is not present for any messages in a block, then it is not displayed. For a
request-response session, the message table shows messages from both directions so that order-flow
can be followed. A direction column is displayed and a forward/reverse direction icon shown for each
message record. In addition, rows corresponding to the direction not currently being viewed are grayed
out. If you select the reverse session direction, the black and grey rows swap around, however the
direction arrows stay in the same as they always indicate the primary direction of the selected session.
The timeline of the selected reporting period is displayed directly above the message table. The portion of
the timeline corresponding to the current message table page is highlighted. If you select a row, the
position of that message is indicated on the timeline.
© 2023 Pico Quantitative Trading LLC. All rights reserved 479 .
The message table columns are as follows:
Timestamp
Indicates the time at which the message was measured. Use the timestamp format button to rotate
between the display of Absolute Time, Time relative to the first message of the selected time slot, and
inter-packet time deltas.
Direction
(for request-response sessions only)
Indicates the session direction in which the message was seen:
indicates that the message was measured in the primary direction of the session being viewed
indicates that the message was measured in the secondary (reverse) direction of the session being
viewed
Application
Indicates the name of the custom application associated with the message and the column contents list
the message type(s) recorded.
Protocol
The column heading indicates the analytics plug-in associated with the message and the column contents
list the message type(s) recorded. The heading groups messages from different custom applications,
where the custom application configurations share the same analytics plug-in and the same capture field
configuration.
Loss
(if configured)
Indicates whether any loss was detected
Seq Tracking
Identifies the message sequence number (if configured). Sequence number gaps are highlighted in the
table. For example a sequence number gap that begins and ends with sequence number 7567660 is
indicated by .
© 2023 Pico Quantitative Trading LLC. All rights reserved 480 .
User-defined Fields
Included fields are defined and prioritized using the capture-field UI settings or CLI commands, followed
by fields included via wildcard capture-field-pattern UI settings or CLI commands.
IP Flow
Displays the IP 5-tuple associated with the message.
IP Bytes
Displays the number of bytes associated with the message.
Applying Message Table Filters
You can define multiple filters to apply globally (to all results) or specifically to message table results.
Filtering Message Table Results
Step 1
Select an application of interest from the Protocol list of available analytics plug-ins.
Step 2
If required, enter a message type in the Type field.
Step 3
If required, enter a message field name in the Field field.
Step 4
If required, enter a message field value to match in the Field Value field and indicated whether the
matching uses regular expressions in the Regex list. If there is no regex, the field value must match
exactly.
Step 5
Click Apply.
© 2023 Pico Quantitative Trading LLC. All rights reserved 481 .
To apply the defined filter to all results in the Event Inspection drilldown screen, click beside Apply
and select Globally.
The selected action defines a new active filter. If an active filter already exists, the new filter is applied in
addition to the existing one. The new filter is included in the Active Filters list as a Transient Message
Filter and contributes to the indicated number of active filters.
To clear a transient message filter, click Active Filters to open the Modify your Filters panel and click
Remove beside the required filter.
Alternatively, to clear a filter that is applied to the message table only (that is, not applied globally), select
All protocols in the left-most Search drop-down list and click Apply.
Transient message filters do not persist beyond the current Event Inspection drilldown session. When you
close the Event Inspection drilldown window, transient message filters are lost. To retain a particular
transient message filter, define and save an equivalent message filter.
Correlation Analysis
The message table enables you to see which messages from the respective primary, responder and
translation sessions have been correlated in a given latency measurement.
NOTE: Primary session – refers to a session in which correlation, translation and PNQM
measurement is configured. Sometimes also referred to as a correlating session.
Primary message – refers to a message from either direction of the primary session displayed as a
main entry in the message table.
Responder session – refers to the session with which the primary session performs correlation for
latency measurement. The primary and responder sessions are identified to each other in their
respective configurations.
Correlation message – refers to a message from the responder session with which a primary
message is correlated during PNQM latency measurement.
Translation session – refers to a session that is configured to provide translation messages where
necessary for PNQM latency measurement.
Translation message – refers to a message from a translation session.
The message table can relate messages from up to four different sessions to identify the messages
involved in both ends of the correlation and up to two intermediate translation stages.
© 2023 Pico Quantitative Trading LLC. All rights reserved 482 .
Click beside the message of interest to display the available correlation and translation messages.
The correlation message details are displayed initially, and a with a dashed line indicates that there are
translation message details available for the latency measurement. Click to view these details.
NOTE: Correlation analysis opens downwards when the traffic of interest is seen first in the primary
session and then in the responder session. For example, when measuring trade-to-tick latency where
the primary session sees the trades and the responder session sees the corresponding ticks.
Correlation analysis opens upwards when the traffic of interest is seen first in the responder session
and then in the primary session. For example, when measuring tick-to-order latency where the
responder session sees the ticks and the primary session sees the corresponding trades.
Inspecting correlation analysis results tells you whether the primary message is at the start or at the
end of the measured latency; the correlation message (from the responder session) and the primary
message are always displayed in chronological order.
If primary, responder and translation sessions have been configured but correlation or translation
messages are not displayed for a particular message, then one of the following situations may apply:
l there is no message capture is available for that time period
l the session being viewed is configured on a remote CNE
© 2023 Pico Quantitative Trading LLC. All rights reserved 483 .
Primary, correlation and translation message details are each displayed in different colors.
NOTE: Clicking the timestamp format button affects the correlation and translation messages as
follows:
l Absolute – The timestamps of all messages are displayed in absolute time.
l Relative – The timestamp of a primary message is shown as a delta from the first message in
the current filtered table (Note that this is NOT the first message displayed in the current page,
but the first in the selected message table). The correlation-analysis message timestamps are
shown as relative to this root primary message.
When you click again to display Delta timestamps for primary messages (indicated by a plus sign
(+)), correlation and translation messages continue to have relative timestamps displayed.
When the number of fields defined for the message table is large, you can open a panel showing field
details for a selected message. First select a message of interest and then click Show Details.
© 2023 Pico Quantitative Trading LLC. All rights reserved 484 .
The panel displays the complete set of fields for the selected message.
NOTE: There is a limit of 50 columns for user-defined fields when scrolling horizontally across the
message table. To view any additional fields, select the row of interest and click Show Details.
A locked symbol displayed beside a message indicates that the current logged in user does not have
the required access privileges to view the session (primary, translation, or responder) from which the
message came.
For more information on Corvil access privileges, refer to the section Role-based access Control for
Restricted Users in the Corvil Administration Guide.
If a translation message or correlation message is selected on the message table, the following extra fields
are displayed:
Session
The name of the corresponding session from which the message originates is displayed here.
© 2023 Pico Quantitative Trading LLC. All rights reserved 485 .
Stage
Indicates the part of the overall correlation process from which the message originates (correlation,
translation stage 1 or translation stage 2).
To close the panel, click Hide Details.
Order Tracking
Corvil order tracking shows all messages related to a particular transaction's lifecycle in a single table. In
the main message table, each row containing a message for which transaction tracking is available has an
Order Tracking icon displayed.
© 2023 Pico Quantitative Trading LLC. All rights reserved 486 .
Clicking displays the Order Tracking message table. This table shows all the messages in the chosen
time range related to the same transaction.
Because the screen displays only those messages found in the selected time range, you may need to use
the timeline to navigate to a wider time range to display all messages related to the same order.
Using the export options from the screen returns results for only those messages displayed in the tracking
table. The message CSV export file includes the system-assigned CorvilOrderId used to track related
messages as a new column.
Select a message row and click Show Details to view the details pane for that message. Click Hide
Details to close the pane.
Clicking the Back button returns you to the screen from which you navigated, either the Multihop screen
or the standard message table view.
Order tracking supports the following categories of messages:
l Orders and their associated modifications, cancels and execution reports.
l Quotes and their associated modifications, cancels and the execution reports and noti-
fications for related trades.
© 2023 Pico Quantitative Trading LLC. All rights reserved 487 .
l Mass quotes with their associated modifications, cancels and the execution reports and noti-
fications for related trades.
NOTE: Mass cancellation messages are not supported. Corvil supports removing the order entries
associated with the mass cancel, but this is usually done upon receipt of the cancel-
acknowledgements. The mass cancel message itself does not appear in the list of related messages.
Viewing the Packet Table
Click packets to switch views to see the packets associated with the message table.
When you switch between the message table and packet table modes the packet being highlighted
matches the message that was previously highlighted and vice versa.
NOTE: The default view for application sessions shows a tabular view of the messages seen during the
selected reporting period.
When message information is available, you can switch back to the message table view by clicking
messages.
FILTERING EVENT INSPECTION RESULTS
You can filter Event Inspection drilldown results by
l defining and applying a traffic filter – a set of traffic classification rules similar to an access con-
trol list (ACL).
© 2023 Pico Quantitative Trading LLC. All rights reserved 488 .
l defining and applying a message filter – a set of message classification rules.
l Defining and applying a quality filter – configuring loss and delay thresholds to apply to PNQM,
EQ and TCP ART and RTT results
l Top-N filtering
l Latency filtering using density plots
To view, define or edit filters, click Active Filters to display the Modify Your Filters panel.
The Active Filters button indicates the number of filters currently being applied to the displayed
measurements, if any.
NOTE: It is also possible to display graphs and charts in the Event Inspection drilldown screen for only
the selected application, talker, listener or conversation. For more information, refer to the
section "Filtering Results Based on Applications, Talkers, Listeners or Conversations".
For application sessions, you can also filter message table results and apply the filter to all
measurement displayed for Event Inspection drilldown. For more information, refer to the section
"Applying Message Table Filters" in "Viewing Decode Details for Application Sessions" on page 478.
DEFINING AND APPLYING TRAFFIC FILTERS TO EVENT
INSPECTION RESULTS
You can filter Event Inspection drilldown results by defining and applying a set of traffic classification rules
similar to an access control list (ACL).
Defining a Traffic Filter for Event Inspection Drilldown
Step 1
Click New.
© 2023 Pico Quantitative Trading LLC. All rights reserved 489 .
Step 2
Enter a name for the traffic filter in the Traffic Filter Name field.
Step 3
Check the Global check box if you want this traffic filter to be available when analyzing all sessions being
monitored by the system.
Step 4
Select an action from the Action list - to show or hide packets that conform to the rules you are about to
define and apply.
Step 5
Select an option from the Match list if you want to apply the rules you specify as they are or if you want to
apply a logical NOT to the rules.
Step 6
If required, choose an application from the list of automatically recognized or custom-defined applications.
Step 7
If required, select a protocol from the Protocol list or enter the protocol number in the adjacent field.
Step 8
If required, enter a traffic source IP address and source port number in the Source IP and Src Port fields
respectively.
© 2023 Pico Quantitative Trading LLC. All rights reserved 490 .
Step 9
If required, enter a traffic destination IP address and destination port number in the Destination IP and
Dst Port fields respectively.
Step 10
If required, select a TOS value from the list to identify traffic.
Step 11
To add another rule, click Add Rule.
When you have defined multiple rules, the available actions include the option to change the ordering of
the defined rules. Click the up and down arrows to move the selected rule up or down in the list. To delete
an individual match rule from the traffic filter, click beside the selected rule.
Step 12
When you have completed the definition of the traffic filter, click Apply to save the traffic filter and close
the traffic filter screen. When the new traffic filter is defined, it is automatically applied.
To cancel filter definition, click Delete.
The Event Inspection drilldown results are now displayed with the filter applied to the traffic under
investigation. So, for example, you can use this feature to isolate particular known traffic within a class that
you are analyzing.
To edit a saved traffic filter, choose it from the traffic filter list and click Edit. Make the required changes to
the filter definition and then click Apply.
To delete a traffic filter and all associated rules, click Delete when the filter popup panel is still open.
NOTE: For each traffic filter you define, the system automatically provides a filter for use with the
reverse direction of a bidirectional session.
Source addresses and ports defined for the primary direction become the destination addresses and
ports for the reverse direction filter. Likewise, primary direction destination addresses and ports
become the reverse direction filter's source addresses and ports.
If you edit the filter for one direction, primary or reverse, the equivalent changes are automatically
© 2023 Pico Quantitative Trading LLC. All rights reserved 491 .
updated for the filter defined for the other direction. For example, adding a new rule in the reverse
direction matching traffic on a particular destination port number, automatically adds a source port
match rule using the same number for the primary direction.
FILTERING RESULTS BASED ON UTC TIMESTAMP
SYNCHRONIZATION
You can filter Event Inspection results and resulting exported captures to include only packets with UTC-
synchronized timestamps.
Select the Include only packets with UTC synchronized timestamps option.
This filtering option may be applied in conjunction with the other filters (packet, message, quality and so
on). If clock synchronization is not enabled a warning is displayed.
APPLYING A MESSAGE FILTER TO EVENT INSPECTION
DRILLDOWN RESULTS
You can filter Event Inspection drilldown results by defining and applying a set of message classification
rules.
Define a Message Filter for Event Inspection Drilldown
Step 1
Click Active Filters to open the Modify your Filters pane and Click New in the Message section.
© 2023 Pico Quantitative Trading LLC. All rights reserved 492 .
Step 2
Enter a name for the message filter in the Message Filter Name field.
Step 3
Select an action from the Action list - to show or hide packets messages that conform to the rules you are
about to define and apply.
Step 4
Select an option from the Match list if you want to apply the rules you specify as they are or if you want to
apply a logical NOT to the rules.
Step 5
Select an application from the Protocol list of available analytics plug-ins.
Step 6
If required, enter a message type in the Type field.
Step 7
If required, enter a message field name in the Field field.
Step 8
If required, enter a message field value to match in the Field Value field and indicated whether the
matching uses regular expressions in the Regex list.
© 2023 Pico Quantitative Trading LLC. All rights reserved 493 .
Step 9
To add another rule, click Add Rule.
When you have defined multiple rules, the available actions include the option to change the ordering of
the defined rules. Click the up and down arrows to move the selected rule up or down in the list. To delete
an individual match rule from the traffic filter, click beside the selected rule.
Step 10
When you have completed the definition of the message filter, click Apply to save the message filter and
close the message filter panel.
To cancel filter definition, click Delete.
The Event Inspection results are now displayed with the filter applied to the traffic under investigation. So,
for example, you can use this feature to isolate particular known messages within a class that you are
analyzing.
To edit a saved message filter, choose it from the message filter list and click Edit. Make the required
changes to the filter definition and then click Apply.
To delete a message filter and all associated rules, click Delete when the filter popup panel is still open.
APPLYING A QUALITY FILTER TO EVENT INSPECTION RESULTS
Use a quality filter to display only results based on certain specified thresholds.
For example, to identify which conversations are affected when packet loss occurs, you can specify a
Latency and Loss quality filter.
Latency and Loss
For the selected time period, only plot results for packets that experience latency greater than that
specified, less than that specified, between the specified range, or packet loss.
© 2023 Pico Quantitative Trading LLC. All rights reserved 494 .
EQ
For the selected time period, only plot results for packets who experience EQ delay greater than specified
or EQ loss
TCP Connection Setup RTT
For the selected time period, only plot results for packets that experience TCP Connection Setup RTT
greater than specified or when packets are out-of-sequence
TCP Left/Local RTT
For the selected time period, only plot results for packets that experience TCP Left/Local RTT greater than
specified or when packets are out-of-sequence
TCP Right/Remote RTT
For the selected time period, only plot results for packets that experience TCP Right/Remote RTT greater
than specified or when packets are out-of-sequence
TCP Left/Local ART
For the selected time period, only plot results for packets that experience TCP Left/Local ART greater
than specified or when packets are out-of-sequence
TCP Right/Remote ART
For the selected time period, only plot results for packets that experience TCP Right/Remote ART greater
than specified or when packets are out-of-sequence
TCP Zero Window Size
For the selected time period, only plot results for TCP packets with an advertised window size of zero.
Message Sequence Gaps
For the selected time period, only plot results for packets with sequence gaps
Configurable Statistics
For the selected time period, only plot results for the specified configurable statistic.
© 2023 Pico Quantitative Trading LLC. All rights reserved 495 .
Configuring a Quality Filter
Step 1
Select the required set of results from the Quality menu.
Step 2
Set the filter threshold parameters, for example, a delay value in milliseconds.
Step 3
Click Apply.
DEFINING A LATENCY FILTER FROM END TO END LATENCY
DENSITY PLOTS
You can drag a rectangle on the End to End Latency density plot to zoom in to the time window indicated
by the horizontal size of the rectangle. A new latency quality filter is defined, which only includes messages
which fall inside the rectangle boundary. This allows you to quickly analyze orders that are clustered
around any particular latency. For example, you can see if particular symbols or transaction types were
slow.
After selecting a rectangle on the End to End Latency density plot, any existing quality filter is replaced by
the new Latency and Loss quality filter.
The vertical axis of the newly drawn End To End Latency density plot does not match the selected
rectangle, but always starts at zero and finishes at the maximum latency found in the result set.
FILTERING RESULTS BASED ON APPLICATIONS, TALKERS,
LISTENERS OR CONVERSATIONS
To display graphs and charts in the Event Inspection drilldown screen for only the selected application,
talker, listener or conversation, click on the chosen item and select show only this in
selection/dataset.
© 2023 Pico Quantitative Trading LLC. All rights reserved 496 .
To exclude the selected application, talker, listener or conversation from the displayed results, click on the
chosen item and select remove from selection/dataset.
Performing either of these actions defines a new traffic filter. If no traffic filters have been previously
defined, the selected action defines a new active traffic filter. If an active traffic filter already exists, the new
filter is applied in addition to the existing one. The new filter is included in the Active Filters list as a
Transient Top-N Filter and contributes to the indicated number of active filters.
Multiple transient Top-N filters may be active concurrently; they are ANDed together to produce an
aggregate filter.
To clear a transient Top-N filter, click Active Filters to open the Modify your Filters panel and click
Remove beside the required filter.
Transient Top-N filters do not persist beyond the current Event Inspection drilldown session. When you
close the Event Inspection drilldown window, transient Top-N filters are lost. To retain a particular
transient Top-N filter, define and save an equivalent traffic filter.
FILTERING RESULTS BASED ON TOP MESSAGE TYPES
To display graphs and charts in the Event Inspection drilldown screen for only the selected top message
type, click on the chosen item and select show only this in selection/dataset. To exclude the selected
message type from the displayed results, click on the chosen item and select remove from
selection/dataset.
Performing either of these actions defines a new traffic filter. If no traffic filters have been previously
defined, the selected action defines a new active traffic filter. If an active traffic filter already exists, the new
filter is applied in addition to the existing one. The new filter is included in the Active Filters list as a
Transient Message Filter and contributes to the indicated number of active filters.
Multiple transient message filters may be active concurrently; they are ANDed together to produce an
aggregate filter.
To clear a transient message filter, click Active Filters to open the Modify your Filters panel and click
Remove beside the required filter.
Transient message filters do not persist beyond the current Event Inspection drilldown session. When you
close the Event Inspection drilldown window, transient message filters are lost. To retain a particular
transient message filter, define and save an equivalent message filter.
© 2023 Pico Quantitative Trading LLC. All rights reserved 497 .
DUPLICATING EVENT INSPECTION SCREENS TO
COMPARE RESULTS
Click Clone to duplicate the current Event Inspection screen and display the new screen alongside the
first. A maximum of two Event Inspection screens may be viewed simultaneously.
The cloned screen duplicates the configuration of the first screen at the time you click Clone. For
example, any configured views, saved filters (including transient filters) are preserved in the cloned
screen.
In general, the two windows can be edited and reconfigured independently of each other.
NOTE: This feature requires either a machine with multiple monitors or a single screen with a
resolution of approximately 1500x1000. This width is required to display two Event Inspection screens
side-by-side without overlapping.
EXPORTING MESSAGE RESULTS
Exporting Event Inspection Packet Table Information in CSV Format
When viewing Event Inspection results for a network (packet-based) session, you can export a comma-
separated (.csv) file that includes packet table information for each packet.
The Packet Capture Availability bar indicates whether packets are available for a given event or
timescale. In the following example, the solid dark gray bar indicates that packets are available for the
whole time period.
Exporting Packets in CSV Format
© 2023 Pico Quantitative Trading LLC. All rights reserved 498 .
Step 1
Select the required event or timescale.
Step 2
Click Export - Packets: Current direction or Export - Packets: Both directions, as required.
NOTE: When examining a bidirectional session, select to export packets for the current direction or for
both directions.
Hovering over the Packets: Both directions menu option displays a tooltip indicating the packet
availability in the other direction as a percentage. If a given class does not exist in the reverse
direction, the reverse direction packets for class-default are used. When packet availability in the
reverse direction is 0% the bidirectional option is disabled.
A browser dialog box is displayed.
Step 3
Click Save.
The .csv file is saved to the browser's default download location.
Exporting Event Inspection Packet Captures
When viewing Event Inspection results for a network (packet-based) session, you can export a packet
capture file for the selected time period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 499 .
The Packet Capture Availability bar indicates whether packet captures are available for a given event
or timescale. In the following example, the solid dark gray bar indicates that packet capture is available for
the whole time period.
Exporting a Packet Capture
Step 1
Select the required event or timescale.
Step 2
Click Export - PCAP: Current Direction or Export - PCAP: Both Directions, as required.
NOTE: When examining a bidirectional session, select to export a packet capture file for the current
direction or for both directions.
Hovering over the PCAP: Both directions menu option displays a tooltip indicating the packet
capture availability in the other direction as a percentage. If a given class does not exist in the reverse
direction, the reverse direction packet capture for class-default is used. When packet capture
availability in the reverse direction is 0% the bidirectional option is disabled.
A browser dialog box is displayed.
© 2023 Pico Quantitative Trading LLC. All rights reserved 500 .
Step 3
Click Save.
The packet capture is saved to the browser's default download location.
The system generates a PCAP format file for the selected time range, compresses it to .zip format, and
sends the file for download to the browser. Where there are overlapping capture files available, the system
uses the capture file with the largest snaplength for individual packets.
The Export – PCAP options are disabled if no packet-capture license is installed.
NOTE: To export available packet captures for a chosen timescale, you can also use the CLI. For more
information, refer to the section "Exporting Always-On, Event and Manual Captures Using the CLI" on
page 641.
If you have two or more sessions attached to a manual packet capture then that manual packet
capture won't be displayed in the Packet Capture Availability Bar and is not available for export.
Exporting manual packet captures works only for manual captures that are attached to a single
session.
You can export capture files for time periods that include in-progress packet capture sessions.
If you have set a packet capture password you are prompted for it when you attempt to export the capture
file from the appliance. For more information on setting packet capture passwords, refer to the section
"Setting a Packet Capture Password" on page 559.
NOTE: When you export a packet capture file off the appliance the file is automatically compressed.
Following an unzip you may see that the capture file size is different from that when the file was on the
appliance because a certain amount of the additional data appended to the file for use in Event
Inspection is removed. The file size may be greater than the configured size limit during the packet
capture. The size limit determines the upper limit on the amount of payload captured.
NOTE: The export capture feature employs the configured global or per-session snaplength (using the
CLI global-trace-events or trace-events commands respectively) to allow the triggered
packet captures to contain useful data such as TCP headers.
By default, the snaplength for event-triggered packet capture is 58 bytes. To make exported default-
snaplength capture files 'complete' for processing by network protocol analyzer software, some fields
in the files must be generated by the system. For information on the rules used to generate complete
© 2023 Pico Quantitative Trading LLC. All rights reserved 501 .
exported packet capture files, indicating which values seen in network analyzer software is actual data
seen on the wire, and which values are generated by the system, refer to the section "Exporting
Always-On, Event and Manual Captures Using the CLI" on page 641.
Exporting a PDF of Event Inspection Results
Exporting a PDF of the Event Inspection Drilldown Screen as Currently Configured
Step 1
Select the required event or timescale.
Step 2
Click Export – PDF.
A browser window is launched displaying a PDF version of the Event Inspection drilldown screen.
Step 3
Click Save.
The PDF is saved to the browser's default download location.
© 2023 Pico Quantitative Trading LLC. All rights reserved 502 .
Exporting Message Results
When exporting message results, the comma-separated (.csv) file includes the following information for
each message:
l timestamp at which the message was detected
l source and destination IP addresses and ports identifying the flow in which the message
occurred
l custom-application name
l analytics plug-in name
l message type
l message length
l latency (if configured)
l loss (if configured)
l message sequence number (if configured)
l correlation and translation messages (if configured)
l user-defined fields
NOTE: Latency values are exported without escaping or quoting.
If you choose to export correlation data, the exported .csv file also includes the following:
l Information about which session each row comes from
l primary session
l responder session
l translation stage 1 (if configured)
l translation stage 2 (if configured)
l a group index containing a sequence number that identifies a set of records relating to the
same PNQM correlation
NOTE: Inspecting the correlation analysis tells you whether the primary message is at the start or at
the end of the measured latency; the responder message and the primary message are always
displayed in chronological order.
The records for a single correlation are output in the order of primary message, translation stage 1,
© 2023 Pico Quantitative Trading LLC. All rights reserved 503 .
translation stage 2, responder message when the traffic of interest is seen first in the primary session
and then in the responder session. For example, when measuring trade-to-tick latency where the
primary session sees the trades and the responder session sees the corresponding ticks.
The records for a single correlation are output in the order of responder, translation stage 1,
translation stage 2, primary message when the traffic of interest is seen first in the responder session
and then in the primary session. For example, when measuring tick-to-order latency where the
responder session sees the ticks and the primary session sees the corresponding trades.
Exporting Message Results
Step 1
Select the event or timescale of interest.
Step 2
Click one of the following options, as required:
Export - Messages: Current Direction
Export - Messages: Both Directions
Export – Messages With Correlation Data: Current Direction
Export – Messages With Correlation Data: Both Directions
© 2023 Pico Quantitative Trading LLC. All rights reserved 504 .
Hovering the cursor over the Messages: Both directions or Messages With Correlation Data: Both
Directions menu options displays a tooltip indicating the message availability in the other direction as a
percentage.
A browser dialog box is displayed.
Step 3
Click Save.
The message information is saved to the browser's default download location.
Exporting Message Sequence Gap Data
If message sequence gap detection is configured (enabled in a service objective applied to a session),
you have the option to export the message sequence gap data. When exporting message sequence gap
data, the comma-separated (.csv) file includes the following information for each message gap:
l timestamp at which the message gap was detected
l source and destination IP addresses and ports identifying the flow in which the message gap
occurred
l the start and end missing sequence numbers
l the name of the application for which the message gap was detected
NOTE: Any currently applied quality or message filters are ignored when exporting message
sequence gap data.
Exporting Message Sequence Gap Data
Step 1
Select the event or timescale of interest.
Step 2
Click Export – Message Gap Data.
© 2023 Pico Quantitative Trading LLC. All rights reserved 505 .
A browser dialog box is displayed.
Step 3
Click Save.
The message information is saved to the browser's default download location.
© 2023 Pico Quantitative Trading LLC. All rights reserved 506 .
Legacy Corvil Screens
You can launch legacy Corvil screens from Inspect Data if you have a session selected by clicking
.
You get the following options:
l Service Compliance
l Event Inspection
l Traffic Insight
l Bandwidth Sizing
l Live View
SELECTING A REPORT PERIOD
By default, the legacy screens display information for the same time period selected on the Inspect Data
screen (to the nearest half-hour in the case of defined custom periods). You can choose different
reporting periods by clicking the Reporting Period list. The following reporting periods (and associated
update rates) are available:
l Last 1 hour - 5 minute updates
l Last 12 hours - 5 minute updates (disabled by default)
l Last 24 hours - 5 minute updates
l Last 48 hours - 30 minute updates
l Last 7 days - 30 minute updates
l Last 30 days - 2 hour updates
l Last 60 days - 6 hour updates
l Business Day - 5 minute updates
New measurements are displayed according to the update rate listed above for each reporting period.
NOTE: Each of the non-live reporting periods can be disabled or enabled using the CLI reporting-
period command. For more information on enabling and disabling reporting periods, refer to the
section "Configuring UI Reporting Periods" on page 338.
© 2023 Pico Quantitative Trading LLC. All rights reserved 507 .
Defining a Custom Report Period
When you are viewing results for an individual session, you can define a specific custom reporting period
for viewing results and generating reports.
Defining a Custom Reporting Period
Step 1
Click select beside the From Date field and choose a date from the calendar.
Step 2
Choose a time from the list of half-hour intervals.
Step 3
Click select beside the To Date fields and choose a date from the calendar.
Step 4
Choose a time from the list of half-hour intervals.
Step 5
Click View Period.
When the screen refreshes the displayed information is for the time period you have defined. You can view
this information or generate a report for the selected time period.
NOTE: The maximum custom time range that can be specified is 7 days.
The global Select Reporting Period field is set to Custom Period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 508 .
REPORTING PDF RESULTS
You can generate a report in PDF format at any point when viewing results. To generate a report, click .
The generated report is available for download in .pdf format. Reports are not stored on the device.
The generated report reflects all configured sorting or filtering of displayed data at the time the report is
generated. For example you can set a reporting period, sort and filter the onscreen data to show all
outbound interfaces sorted by decreasing Service Compliance Index value over the last 48 hours.
The time displayed at the top of each report is the configured device time zone.
NOTE: Corvil measurements (for example End-to-End Latency, Corvil Bandwidth, Message statistics,
TCP statistics) are enabled or disabled in the session definition itself or the settings applied to the
session of interest via the service objective. Disabled measurements are either shown as 'Not
Configured' or are not shown at all.
For more information on enabling or disabling Corvil measurements, refer to the following sections in
the Corvil Configuration Guide:
Defining a Service Objective (UI)
Defining Sessions (UI)
PNQM AND GPS/PPS STATUS AND WARNINGS
If PNQM is enabled, the PNQM Availability percentage indicates the percentage of time since the last
configuration change that PNQM has been operating successfully.
NOTE: A PNQM Availability warning may be displayed immediately after a session has been defined or
reconfigured.
The following information is also displayed for PNQM operation during the selected time period:
l Misclassified packets - number of misclassified packets, if classification detection is enabled
NOTE: Misclassification may be caused by a straightforward mis-configuration or configuration
change on either CNE.
Alternatively, the issue may be because of remarking of packets by some intermediate router. This
© 2023 Pico Quantitative Trading LLC. All rights reserved 509 .
remarking may be static, in the sense that all packets from a certain source are remarked by the router
(s). The remarking may also be dynamic, for example, by a policer on an intermediate router or
routers, depending on traffic conditions.
l Hash collisions – displayed because hash collisions are one common reason why coverage is
reduced from 100%
l Coverage - percentage of packets in the session, interface or class for which PNQM samples
were generated
The following formatting is used for coverage and hash collision percentages:
Percentage Description
0.00% If exactly equal to zero.
X.XX% All other values (two decimal places, rounded to nearest, for example 1.41.%, 73.00%)
100.00% If exactly 100%
The system may also detect PNQM measurement problems, including port drops, signature drops, loss
ignored due to signature drops and other PNQM error counters. PNQM warning information is displayed
beside PNQM historical graphs in the UI to show the time of the most recent problem during the selected
reporting period.
The PNQM warnings display the time within the selected reporting period of the following:
l Time of last signature or port drop:
This shows the time within the displayed period (incl. custom periods) of the last signature or port drop
affecting either end of this session, for example:
Last drop: 27 Apr 11:55:12
This will be suppressed if there were no signature or port drops within the period. This will combine
information from both ends of the session. Note that the PNQM protocol does not currently distinguish
between port and signature drops when reporting time periods where signatures were missed, so these
© 2023 Pico Quantitative Trading LLC. All rights reserved 510 .
times cannot be easily separated.
l Time of last unexpected missed measurement:
This combines a number of CLI counters into a single timestamp; check the CLI for further details.
These are combined into a single line, for example:
Last miss: 27 Apr 11:55:12
l Time of last session restart:
This shows the time within the period when the session last restarted, for example:
Last restart: 27 Apr 11:55:12
The warning information is generated from timestamps recorded in each five-minute period, and displays
the time of the most recent problem within the selected reporting period. Problems occurring more
recently are not displayed, for example after the end of a custom period or the most recent five minutes on
a 24-hour view. All times are shown in local time according to the system configured timezone.
Warnings are suppressed unless there is a problem detected within the selected reporting period.
If GPS clock synchronization is set up, configured and operating, a GPS availability figure is also
displayed, indicating the percentage of time GPS was working successfully during the selected report
period.
If you have GPS or PPS clock-synchronization enabled and set up, the percentage of packets that have a
UTC-synchronized timestamp during the selected reporting period is displayed.
SPAN CONGESTION
In many deployments, it is easier to use a SPAN session to copy packets to the CNE as opposed to an
Ethernet tap. However, congestion on SPAN ports causes traffic destined for a CNE to be queued before
transmission. When this occurs, the timestamps measured by the CNE will not accurately reflect the
arrival times at the switch or router; in extreme circumstances, packets may not be transmitted to the CNE
because of buffer overflow at the SPAN port. The SPAN congestion detection feature enables you to view
periods where the CNE found indications of SPAN congestion.
For any affected graph, an indicator is displayed to show the affected SPAN congestion periods.
© 2023 Pico Quantitative Trading LLC. All rights reserved 511 .
For graphs that are susceptible to SPAN congestion, but that are not affected over the time period being
displayed, the graphical indicator is not displayed.
Local congestion refers to SPAN ports on the CNE on which the results are being viewed and remote
congestion refers to SPAN ports on the CNE at the remote site in question:
l for PNQM charts both local and remote congestion is displayed,
l for charts retrieved from a remote CNE, only remote congestion is displayed
l for all other charts, only local congestion is displayed
For more information on the SPAN congestion detection feature, refer to the span-congestion-
detection command in the CLI Command Reference.
WARNING OF IMPACTED MEASUREMENTS
A Warnings bar, similar to the SPAN congestion bar, is displayed on screen for any 5-minute periods in
which one or more problems were detected. The presence or absence of problems is recorded for each
point in the graph. If no problems have occurred the bar is not displayed.
© 2023 Pico Quantitative Trading LLC. All rights reserved 512 .
Hovering over the red mark on the bar displays a pop-up indicating the problem(s) detected. More than
one cause may be displayed.
The following problems may be indicated:
Session or System-wide Enabled or Disabled by
Pop-up Text
Issue Default
Port drops System Enabled
Clock sync unavailable System Enabled
Invalid message field Session Enabled
Configurable stat overflow Session Enabled
Disk capture drops System Enabled
Duplicate packets Session Enabled
Message decode failures Session Disabled
Message TCP reassembly
Session Enabled
errors
PNQM drops System Enabled
PNQM missed measurement Session Enabled
PNQM signature collisions Session Disabled
PNQM unavailable Session Enabled
NOTE: A PNQM Availability warning may be displayed immediately after a session has been defined or
reconfigured.
Display of measurement warnings for each of the causes listed in the preceding table may be enabled or
disabled using the CLI system-setting measurement-warning command. For example,
measurement warnings for message decode failures and PNQM signature collisions are disabled by
© 2023 Pico Quantitative Trading LLC. All rights reserved 513 .
default. Warnings for each of the other issues are enabled by default.
For more information on configuring the measurement warning feature, refer to the system-setting
measurement-warning command in the CLI Command Reference.
SERVICE COMPLIANCE
The legacy Service Compliance screen displays end-to-end packet latency and loss measurements for
the currently selected session.
NOTE: Access to service compliance information may be restricted depending on configured Corvil
login privileges.
For example, the overall list of sessions is filtered to show only those which the logged in user is
allowed to view.
For more information on Corvil role-based access control, refer to the topic Role-based access
Control for Restricted Users in the Corvil Administration Guide.
The following describes the information displayed in the service compliance summary table:
CNE
Corvil Management Center ONLY
Displays the name of the CNE from which the measurement originates.
Session
Displays the session name and the direction of the traffic (inbound or outbound) being measured.
indicates the primary direction of a PNQM session.
indicates the secondary (reverse) direction of a PNQM session.
indicates the primary direction of a TCP session or a request-response session (defined with a single
CNE).
indicates the secondary (reverse) direction of a TCP session or a request-response session.
Capacity
This is the bandwidth configured for the session.
© 2023 Pico Quantitative Trading LLC. All rights reserved 514 .
Type
Displays the end-to-end monitoring mechanism that has produced the Service Compliance Index value.
Service Compliance Index
Displays a unitless number which reflects the congestion level on a session. For a class, it reflects the
extent by which the loss and/or latency experienced by the class violate the user-specified targets. For a
session, it represents the worst Service Compliance Index value seen on any class on that session.
If you have not enabled Service Compliance Index calculation in the service objective being applied to a
session, a dash ( - ) is displayed.
Each session entry in the Service Compliance table can be expanded to display information for configured
classes. Click beside the session name to expand the session.
NOTE: Summary results are based on the selected reporting period and do not take recent
configuration changes into account. If you have made configuration changes, you need to wait an
appropriate period of time before checking for new summary results (for example, wait five minutes if
you want to use the 24-hour reporting period). Alternatively, you can define a custom reporting period
to view data only since the configuration change.
You should wait about ten minutes (that is, after a couple of data updates) following a configuration
change before viewing graphs.
In general, the results presented by the CNE are based on the assumption that the device has not
dropped packets. You can check this status on the Quality Alarms tab. If packets have been dropped
then the presented results may not be an accurate reflection of the network traffic.
For information on the graphs available in the legacy Service Compliance screen, please refer to "Corvil
Graphs and Charts" on page 751.
EVENT ANALYSIS
The following describes the information displayed in the legacy Event Analysis screen:
CNE
Corvil Management Center ONLY
Displays the name of the CNE from which the measurement originates.
© 2023 Pico Quantitative Trading LLC. All rights reserved 515 .
Session
Displays the session name and traffic direction (inbound or outbound):
indicates the primary direction of a PNQM session.
indicates the secondary (reverse) direction of a PNQM session.
indicates the primary direction of a TCP session or a request-response session (defined with a
single CNE).
indicates the secondary (reverse) direction of a TCP session or a request-response session.
Quality Events Timeline
Displays a graphical representation of the chosen reporting period where a mark on the timeline indicates
one or more threshold violation events. If you do not have thresholds configured in the service objective
for the session of interest, then no events will be displayed on the timeline.
The size of the red-colored area indicates the number of seconds in a given five-minute period where at
least one sample violated a defined threshold.
The longer the chosen reporting period, the more likely that multiple events will be displayed on the
timeline. The shorter the chosen reporting period, the more likely that a single mark will represent a single
event. A session that is in constant violation of a particular configured threshold may show a single solid
bar over the entire duration of shorter chosen timescales (for example, 1 hour).
An alarm corresponding to each quality violation event is displayed on the Quality Alarms screen (click
on the main Corvil interface and select Quality Alarms). The threshold at which quality events are
triggered is determined by the configuration of the service objective applied to the session.
Time in Events
Displays the percentage of one-second intervals which contained at least one quality violation event. A
quality violation event may be much shorter than one second, but this will still be counted as a one-second
quality violation.
SCI
Indicates service compliance degradation issues in the network. The Service Compliance Index (SCI)
uses PNQM, TCP measurements or Expected Queuing, when configured, to detect events impacting
end-to-end network quality based on the specified quality of service targets and sizing policy. Use the
Service Objectives page in System Administration mode to set the quality targets and sizing policy
that are used to calculate the Service Compliance Index.
© 2023 Pico Quantitative Trading LLC. All rights reserved 516 .
The Service Compliance Index value is a unitless number which reflects the congestion level on a link or
class. For a class, it reflects the extent by which the loss and/or latency experienced by the class violate
the user-specified targets for these. For a session, it represents the worst Service Compliance Index
value seen on any class on that session.
A Service Compliance Index value greater than 1 means that loss or latency is above an acceptable level,
as specified in the configuration. This session or class is not meeting its quality targets.
A Service Compliance Index of less than or equal to 1 means the loss and/or latency are within the
specified targets, so this interface or class is meeting its quality targets. Moreover, this means that the
sizing policy has been achieved over the selected reporting period.
If you have not enabled Service Compliance Index calculation in the service objective being applied to a
session, a dash ( - ) is displayed.'
NOTE: Summary results are based on the selected reporting period and do not take recent
configuration changes into account. If you have made configuration changes, you need to wait an
appropriate period of time before checking for new summary results (for example, wait 24 hours if you
want to use the 24-hour reporting period). Alternatively, you can define a custom reporting period to
view data only since the configuration change.
You should wait about ten minutes (that is, after a couple of data updates) following a configuration
change before viewing Event Inspection graphs.
A breakdown of which statistics are triggering events is displayed above the graphs.
If PNQM is enabled, the PNQM Availability percentage indicates the percentage of time since the last
configuration change that PNQM has been operating successfully. The following information is also
displayed for PNQM operation during the selected time period:
l Misclassified packets - number of misclassified packets, if classification detection is enabled
l Hash collisions – displayed because hash collisions are one common reason why coverage is
reduced from 100%
l Coverage - percentage of packets in the session or class for which PNQM samples
were generated
The end-to-end graph results are based on PNQM measurements. If PNQM is not enabled, then these
graphs are not available.
NOTE: For more details on PNQM coverage and warning information, refer to the section "PNQM and
GPS/PPS Status and Warnings".
© 2023 Pico Quantitative Trading LLC. All rights reserved 517 .
The system may also detect PNQM measurement problems, including port drops, signature drops, loss
ignored due to signature drops and other PNQM error counters. PNQM warning information is displayed
beside PNQM historical graphs in the UI to show the time of the most recent problem during the selected
reporting period.
The PNQM warnings display the time within the selected reporting period of the following:
l Time of last signature or port drop:
l Time of last unexpected missed measurement:
l Time of last session restart:
All times are shown in local time according to the system configured timezone.
Warnings are suppressed unless there is a problem detected within the selected reporting period.
NOTE: Corvil measurements (for example End-to-End Latency, Corvil Bandwidth, TCP statistics) are
enabled or disabled in the session definition itself or the settings applied to the session of interest via
the service objective. Disabled measurements are displayed as 'Not Configured.'
For more information on enabling or disabling Corvil measurements, refer to the sections Defining a
Service Objective (UI) and Defining Sessions (UI) in the Corvil Configuration Guide.
If clock synchronization (via GPS, standalone time synchronization unit, or direct to-CNE cable
connection) is set up, configured and operating, an availability figure is also displayed, indicating the
percentage of time clock synchronization was working successfully during the selected report period. A
successfully operating GPS or time synchronization system significantly reduces the Max Directional
Offset values plotted on the graphs.
For information on the graphs available in the legacy Event Inspection screen, please refer to the topic
"Corvil Graphs and Charts" on page 751.
© 2023 Pico Quantitative Trading LLC. All rights reserved 518 .
ANALYZING AN EVENT
Investigating an Event
Step 1
Check that you have set the reporting period for the timeline in which you are interested.
Step 2
Check the Quality Events Timeline to identify the time of the event of interest.
Step 3
To narrow the timeline down closer to the event of interest, click select beside the From Date field and
choose the event date from the calendar.
Choose a time closely preceding the event from the list of half-hour intervals.
Click select beside the To Date fields and choose the event date from the calendar.
Choose a time soon after the event from the list of half-hour intervals.
Step 4
Click View Period.
When the screen refreshes the timeline and all the information on the screen is displayed for the start and
end time you specified.
Step 5
Click and drag over the event of interest on the Quality Events Timeline and click Analyze.
NOTE: Access to Event Inspection for a given session may be restricted depending on configured
Corvil login privileges.
For example, the Analyze button and click-and-drag functionality are not available for certain
sessions if the current logged in user is part of a user access group for which event inspection for
© 2023 Pico Quantitative Trading LLC. All rights reserved 519 .
those sessions is disabled.
For more information on Corvil role-based access control, refer to the Role-based access Control for
Restricted Users in the Corvil Administration Guide.
The Event Inspection window is launched displaying the Quality Events Timeline for the timescale you
defined by clicking and dragging.
TRAFFIC INSIGHT
The following describes the information displayed in the legacy Traffic Insight summary table:
CNE
Corvil Management Center ONLY
Displays the name of the CNE from which the measurement originated.
Session
Displays the name and direction of the configured session:
indicates the primary direction of a PNQM session.
indicates the secondary (reverse) direction of a PNQM session.
indicates the primary direction of a TCP session or a request-response session (defined with a
single CNE).
indicates the secondary (reverse) direction of a TCP session or a request-response session.
Layer
Displays the session type:
Ntwk indicates a network session
App indicates an application session
Configured Capacity
Displays the configured capacity of the session or class.
© 2023 Pico Quantitative Trading LLC. All rights reserved 520 .
Total Bytes
Displays the total number of bytes measured during the chosen reporting period.
Average Utilization
Displays the average utilization of the session or class bandwidth during the chosen reporting period as a
percentage of the configured capacity.
Average RTT
Displays the average TCP roundtrip time for the session or class during the chosen reporting period.
Microburst
Displays a graphical representation of microburst measurements that indicates whether significant bursts
have been detected.
1s Peak
Displays the maximum measured one-second peak value during the chosen reporting period. Comparing
this value with the maximum microburst value indicated on the sparkline will give you an indication of the
extent to which the traffic has experienced millisecond level bursts that would not have been 'seen' with
one-second measurements.
Service Compliance Index
Indicates quality degradation issues in the network. The Service Compliance Index uses PNQM, TCP
measurements and EQ, when configured, to detect events impacting end-to-end network quality based
on the specified quality of service targets and sizing policy. Use the Service Objectives menu in
SystemAdministration mode to set the quality targets and sizing policy that are used to calculate the
Service Compliance Index.
The Service Compliance Index value is a unitless number which reflects the congestion level on a link or
class. For a class, it reflects the extent by which the loss and/or latency experienced by the class violated
the user-specified targets for these. For a session, it represents the worst Service Compliance Index value
seen on any class on that session.
A Service Compliance Index value greater than 1 means that loss or latency is above an acceptable level,
as specified in the configuration. This interface or class is not meeting its quality targets.
A Service Compliance Index of less than or equal to 1 means the loss and/or latency are within the
specified targets, so this interface or class is meeting its quality targets. Moreover, this means that the
sizing policy has been achieved over the selected reporting period.
If you have not enabled Service Compliance Index calculation in the service objective being applied to an
interface, a dash ( - ) is displayed.
© 2023 Pico Quantitative Trading LLC. All rights reserved 521 .
When you first open the screen when viewing network-level session results, the traffic statistic graphs
displayed are as follows:
l Packet Bit Rate Microburst
l Packet Rate Microburst
l Average Bit Rate
l Packet Rate
l Peak-to-Mean Ratio
l Packet Size Distribution
If you are viewing an application-level session, message statistics are displayed.
Along with the Traffic Insight screen, there are other tabs with further details that you can view for the
session:
l Traffic Statistics
l Message Statistics (if enabled)
l Applications
l Talkers
l Listeners
l Conversations
l TCP Statistics (available for classes only)
If you have defined configurable statistics to be measured by a session, a Configurable Statistics tab is
also available.
For information on the graphs available in the legacy Traffic Insight screen, please refer to the topic "Corvil
Graphs and Charts" on page 751.
© 2023 Pico Quantitative Trading LLC. All rights reserved 522 .
LEGACY LIVE VIEW
Click - Live View to launch the legacy Live View window.
NOTE: The Corvil measurements (for example End-to-End Latency, Corvil Bandwidth, Message
statistics, TCP statistics) are enabled or disabled in the session definition itself or the settings applied
to the session of interest via the service objective. Disabled measurements are either shown as 'Not
Configured' or are not shown at all.
NOTE: A maximum of 25 simultaneous connections retrieving live results from a single CNE is
supported. The total count includes live connections via the UI, CLI and API, and spans Legacy
Dashboard live view and multicast data feed requests. To check the current number of active live
sessions, use the show users CLI command.
There are a range of live graphs available for sessions and classes. When you open a class tab, the
following Traffic Statistics graphs are displayed by default:
© 2023 Pico Quantitative Trading LLC. All rights reserved 523 .
l Packet Bit Rate Microburst (network sessions only)
l Packet Rate Microburst (network sessions only)
l Average Rate
Application sessions show only the Average Rate graph by default in the Traffic Statistics screen.
Message-based microburst graphs are instead displayed on the Message Statistics screen.
New data points are plotted from the right of the graph each second and the plot grows to the left as time
elapses. The timeline is displayed along the x-axis, with the current system time displayed to the right.
To view the other live results, you choose a category from the Live View Graphs menu:
l Corvil Bandwidth for Corvil Bandwidth delay and queue length graphs
l Expected Queuing for Expected Queuing Latency, Expected Queuing Delay Variation, and
Expected Queuing Loss graphs
l End-to-End for End-to-End Latency, End-to-End Jitter, and End-to-End Loss graphs
l Message Statistics for Message Bit Rate Microburst, Message Rate Microburst, Message
Sequence Gaps and Message Sequence Count graphs, if configured
l TCP Statistics for Goodput and Concurrent Connections graphs
l TCP Statistics ART for Left and Right Application Response Time graphs
l TCP Statistics RTT for Left and Right Roundtrip Time and Connection Setup Roundtrip Time
graphs
l TCP Connections for Connections Started, Connections Terminated, Connections Refused,
and Connections Ignored graphs
l TCP Packet Counts for Out of Sequence Packets, Packet Count, Zero Window Packet
Count, and Packet Count graphs
Live view results are displayed in a new window and comprise the following:
Each of these graphs plots the maximum, configured percentile, mean, and minimum values for the one-
second period, along with any configured thresholds.
There is a time delay associated with the display of End-to-End results in the live view compared to the
display of the other results. The duration of the time delay is indicated below each graph.
© 2023 Pico Quantitative Trading LLC. All rights reserved 524 .
The unique visibility into current network traffic behavior enables you to troubleshoot issues affecting user
experience as they happen.
A new window opens and by default displays traffic statistics for the chosen session. The graphs available
at session level are
l Packet Bit Rate Microburst (network sessions only)
l Packet Rate Microburst (network sessions only)
l Average Rate
Application sessions show only the Average Rate graph by default in the Traffic Statistics screen.
Message-based microburst graphs are instead displayed on the Message Statistics screen.
There are tabs displayed for each configured class on the session. Click a tab to display live results for that
class.
© 2023 Pico Quantitative Trading LLC. All rights reserved 525 .
BANDWIDTH SIZING
By default the legacy Bandwidth Sizing screen shows results for network-level sessions.
NOTE: Bandwidth Sizing results are not displayed for application sessions.
Bandwidth sizing results and Sizing Index values are only available for network sessions with a
configured bandwidth and Expected Queuing explicitly enabled. For instructions on how to configure
session bandwidth and enable Expected Queuing for sessions, refer to the section Defining Sessions
(UI) in the Corvil Configuration Guide.
Also, access to bandwidth sizing information may be restricted depending on configured Corvil login
privileges.
For example, the overall list of sessions is filtered to show only those which the logged in user is
allowed to view.
For more information on Corvil role-based access control, refer to the section Role-based access
Control for Restricted Users in the Corvil Administration Guide.
You typically should allow the system to measure traffic for at least a week before considering the
bandwidth sizing results. In many cases, you would wait until the system has accumulated a month's
worth of measurements.
The displayed information provides a guide to bandwidth utilization on network links.
NOTE: To enable bandwidth sizing as a feature, you must enable Corvil Bandwidth measurement, and
configure both a set of queuing targets and a sizing policy, in the service objective that is applied to the
class.
For more information on queuing targets and the sizing policy in the class service objective, refer to the
section Configuring Service Compliance Monitoring Features in the Corvil Configuration Guide.
The following describes the information displayed in the bandwidth sizing screen:
CNE
Corvil Management Center ONLY
Displays the name of the CNE from which the measurement originated.
Session
Displays the session name and direction:
© 2023 Pico Quantitative Trading LLC. All rights reserved 526 .
indicates the primary direction of a PNQM session.
indicates the secondary (reverse) direction of a PNQM session.
indicates the primary direction of a TCP session or a request-response session (defined with a
single CNE).
indicates the secondary (reverse) direction of a TCP session or a request-response session.
Sub-session
Displays the name of the traffic class. For single-class sessions, the sub-session displayed is class-
default.
Configured Capacity
Displays the configured capacity value of the session or class.
Effective Capacity
Displays the configured capacity of the session or class in single-class configurations. In multiclass
configurations, the effective capacity is the minimum bandwidth a given class in a multiclass configuration
can expect to receive taking into account the bandwidth assigned to all the other classes.
Protects Traffic
Displays classes the percentage of traffic to which the listed recommendation and Sizing Index calculation
applies. The percentage value here is configurable as part of defining the sizing policy for and session. The
sizing policy is configured in the service objective applied to the session and its classes.
Permitting a certain fraction of the packets to violate the queuing targets reduces the bandwidth required
from that needed to guarantee no loss or latency for every single packet.
For example, by protecting 99% of traffic, the resulting bandwidth requirement calculated by the system
ensures that 99% of arriving packets encounter
l a total per-hop queuing latency no greater than the queuing-targets delay value defined in the
service objective
l a queue length no greater than the configured queue limit defined for the class
Corvil Bandwidth
The graphic illustrates the Corvil Bandwidth values measured for each class during the selected reporting
period. In single class configurations, the class data is displayed at session level. In multiclass
configurations, no session data is displayed.
© 2023 Pico Quantitative Trading LLC. All rights reserved 527 .
The Corvil Bandwidth is the bandwidth required to meet the queuing quality targets configured for the
chosen class traffic. The displayed bandwidth (in kbps) is sufficient to ensure the configured percentage
of packets is protected from excessive latency and loss in every busy-period in the displayed interval.
Recommendation
Displays the recommended course of action based on the calculated bandwidth requirement for the
session and class.
Refer to Bandwidth Sizing Recommendations below for more information on the displayed
recommendations.
Sizing Index
Indicates quality degradation issues in the network. The Sizing Index is similar to the Service Compliance
Index but only uses EQ calculations. When the sizing index is configured, it indicates events impacting
end-to-end network quality based on the specified quality of service targets and sizing policy. Use the
ServiceObjectives menu in System Administration mode to set the quality targets and sizing policy
that are used to calculate the Sizing Index.
The Sizing Index value is a unitless number which reflects the congestion level on a link or class. For a
class, it reflects the extent by which the loss and/or latency experienced by the class exceed the user-
specified targets for these.
A Sizing Index value greater than 1 means that loss or latency is above an acceptable level, as specified in
the configuration. This interface or class is not meeting its quality targets.
A Sizing Index of less than or equal to 1 means the loss and/or latency are within the specified targets, so
this session or class is meeting its quality targets. Moreover, this means that the sizing policy has been
achieved over the selected reporting period.
A low Sizing Index value could indicate a candidate for bandwidth downgrade.
If you have not enabled Sizing Index calculation in the service objective being applied to an interface, a
dash ( - ) is displayed.
NOTE: Summary results are based on the selected reporting period and do not take recent
configuration changes into account If you have made configuration changes, you need to wait an
appropriate period of time before checking for new summary results (for example, wait 24 hours if you
want to use the 24-hour reporting period). Alternatively, you can define a custom reporting period to
view data only since the configuration change.
NOTE: Corvil Bandwidth measures the bandwidth required by the traffic currently existing on your
network to achieve the stated QoS targets. If the bandwidth available in the network changes, then the
traffic may also change in response. For example, if a network is upgraded then bandwidth-limited
© 2023 Pico Quantitative Trading LLC. All rights reserved 528 .
TCP flows may increase their sending rate, or users may make more active use of particular
applications. Corvil Bandwidth does not make predictions about the effect these changes could have
on network QoS. Consequently, the target QoS may not be achieved after an upgrade, because of
heavier network use by applications and users.
These effects are most likely to be seen in networks where QoS is currently poor, so that the network is
the limiting factor for application performance. In these case the Corvil Bandwidth value does always
indicate the minimum bandwidth required to meet the targets, since even the existing traffic will not
achieve the targets at lower bandwidths.
If upgrading the network bandwidth results in heavier network use, so that the targets are still not
achieved, then the Corvil Bandwidth value will indicate that a further upgrade is necessary. We
recommend that the Corvil Bandwidth value should be monitored continuously before and after an
upgrade, in order to verify that the desired network performance is achieved.
Bandwidth Sizing Recommendations
The Bandwidth Sizing tab includes a Recommendation column indicating any required actions based on
the Corvil calculations. Recommended actions are available for each of the following:
l Single-class configurations
l Multiclass configurations
l Priority classes in multiclass configurations
In all cases, the recommendation is based on the Sizing Index values calculated for each class. In turn the
Sizing Index calculation is based on the queuing delay target and sizing policy (for example, protect
99.9% of traffic in every 5-minute period), as configured in the associated service objective.
The displayed Corvil Bandwidth values can be used as a guide to bandwidth requirement if session or
class capacity upgrade is recommended or otherwise to gain insight into class bandwidth utilization. If a
class receives service of at least its Corvil Bandwidth requirement, it will achieve its sizing policy and will
have a Sizing Index of less than one.
NOTE: In a multiclass configuration it is possible to see reported Corvil Bandwidth values that exceed
both the configured and effective minimum capacities of classes, but where Sizing Index values are
low (less than one) and no particular action is recommended. In such cases, the class is receiving
more than its guaranteed share of the bandwidth due to bandwidth sharing, and is achieving its sizing
policy.
© 2023 Pico Quantitative Trading LLC. All rights reserved 529 .
SINGLE CLASS CONFIGURATION RECOMMENDATIONS
In single class configurations, the same recommendation is displayed for both the session and the single
class.
No action required
The sizing policy has been achieved.
Upgrade link
In this case the Sizing Index is greater than one and the sizing calculation is dominated by the delay target.
The recommendation reflects the fact that if the session capacity is increased to the displayed Corvil
Bandwidth, then the sizing policy will be achieved.
Increase buffer
In this case the Sizing Index is greater than one and the sizing calculation is dominated by loss. The loss is
due to packets being dropped because of queue buffer overflow, so the recommended action is to
increase the buffer size. The current buffer size is displayed with the sizing graph. The displayed Corvil
Bandwidth indicates the bandwidth required to achieve the sizing policy using the current buffer size.
MULTICLASS CONFIGURATION RECOMMENDATIONS
In multiclass configurations, the following recommendations may be displayed:
No action required
The sizing policy has been achieved.
Adjust policy or upgrade link
This message is shown at the session level for a multiclass configuration, and indicates that one or more
classes have not achieved the sizing policy. Expand the session to learn more about the specific class
recommendations. No Corvil Bandwidth values are displayed at the session level in multiclass
configurations.
Class requires more bandwidth
In this case the Sizing Index for the class is greater than one and the sizing calculation is dominated by the
delay target. The queuing latency can be reduced to the target levels by increasing the bandwidth
available to the class, hence the recommendation. The Corvil Bandwidth for the class gives the actual
bandwidth required by the class to achieve the sizing policy. In a multiclass case, a class is guaranteed to
© 2023 Pico Quantitative Trading LLC. All rights reserved 530 .
receive its effective capacity, but typically receives more than this due to bandwidth sharing between
classes.
Increase buffer
In this case the Sizing Index is greater than one and the sizing calculation is dominated by loss. The loss is
due to packets being dropped because of queue buffer overflow, so the recommended action is to
increase the buffer size. The current buffer size is displayed with the sizing graph. The displayed Corvil
Bandwidth is the actual bandwidth required to achieve the sizing policy using the current buffer size. Note
that due to bandwidth sharing between classes, the actual bandwidth received by a class will usually
exceed the guaranteed minimum effective capacity.
PRIORITY CLASS IN A MULTICLASS CONFIGURATION
RECOMMENDATIONS
The Bandwidth Sizing results also provide recommendations for configured priority classes in LLQ
systems:
Adjust policer parameters
In this case the Corvil calculations predict policer drops in excess of those permitted by the sizing policy.
This indicates that, depending on the existing configuration, the problem is due either to an insufficient
priority bandwidth or an insufficient burst-size value in the associated policy-map.
Increase burst-size
This case typically means that there are packets that are larger than the configured policer burst size. To
avoid dropping these packets, it is necessary to increase the policer burst size. The packet-size
distribution for the LLQ class can be used to determine an appropriate burst-size.
Adjust policer parameters and upgrade link or Increase burst size and upgrade link
In certain situations, the Corvil calculations may show that, in addition to expected policer drops, priority
class packets are being delayed beyond the delay threshold. Changing the priority bandwidth does not
affect latency, so an additional recommendation to upgrade the session bandwidth is made in this case.
VIEWING THE SIZING GRAPH
The Corvil Bandwidth graph plots the bandwidth required to meet the configured delay target, protect
against packet loss due to queue buffer overflow for the chosen class, or protect against policer drops in
the case of a configured priority class. The text below the graph indicates whether meeting the configured
© 2023 Pico Quantitative Trading LLC. All rights reserved 531 .
delay target or protecting against packet loss is driving the plotted Corvil Bandwidth values.
The current configured queuing targets and sizing policy are listed beside the graph. For example, if the
configured delay target is 150 ms, and the sizing policy protects 99.9% of traffic in every four-hour period,
then the summary Corvil Bandwidth value displays the bandwidth required to ensure that no more than
0.1% of packets in the class traffic is delayed by more than 150 ms in any four-hour period.
Each bar on the Corvil Bandwidth graph shows the bandwidth required to protect packets in the time
interval covered by that bar. The summary Corvil Bandwidth value shown for the class is the bandwidth
required to protect the configured parentage of packets in every busy period included in the reporting
period, where the busy period is specified in the associated service objective.
The Corvil Bandwidth values are displayed as a series of values for each five minutes during the reporting
period. The graph legend indicates the colors used to display each:
Max
The maximum of the Corvil Bandwidth values calculated each five minutes during the chosen reporting
period.
x%
The xth percentile of Corvil Bandwidth values in each five minutes during the chosen reporting period. This
percentile is configurable as part of the sizing policy in the service objective being applied to the class. If
none has been configured, the system defaults to the 99.9th percentile.
Mean
The mean of the Corvil Bandwidth values for each five minutes during the chosen reporting period
Min
The minimum of the Corvil Bandwidth values for each five minutes during the chosen reporting period.
If you make a configuration change, for example, adjusting the sizing policy in the service objective, then
the graph is marked at the point at which the configuration change occurred.
© 2023 Pico Quantitative Trading LLC. All rights reserved 532 .
NOTE: The summary data (including recommendations) displayed for a session or class does not take
configuration changes into account immediately. The displayed summary data is based on the
reporting period, so you need to wait until an appropriate period of time has passed after a
configuration change before checking recommendations and Corvil Bandwidth values.
MONITORING MULTICLASS SIZING REQUIREMENTS
You can use Corvil to monitor bandwidth resource requirements on a multiclass network. Say, for
example, that some classes in the multiclass network are recommending an upgrade but the
corresponding Sizing Index is less than one. This can happen when the class is actually served more
bandwidth than the reserved bandwidth.
You can check this situation by examining the expected queuing latency and expected queuing loss plots
in Event Inspection.
If these are both showing no issues, the recommendation can be ignored.
If a class is experiencing greater than one, then this class needs greater reserved bandwidth.
If other classes have a Sizing Index significantly less than one, the reserved bandwidth may be reduced.
Thus by balancing the reserved bandwidth, you may be able to achieve the required quality on all classes
without a bandwidth upgrade.
Otherwise, you must upgrade the link and then perform the balancing.
© 2023 Pico Quantitative Trading LLC. All rights reserved 533 .
Corvil Multihop Analysis
Corvil Multihop analysis provides the ability to understand where in the infrastructure the latency budget is
being spent. For example, you may want to identify the biggest contributor to order-acknowledgement
latency. You may want to identify the most variable source of latency, why a specific order was delayed, or
what happened to an order as it was processed through the infrastructure. Corvil can also be used to
identify the impact of the network on application flow; for example, you can identify whether a particular
order was affected by a TCP retransmission, long roundtrip time, or zero-window size.
For more information, please refer to the topic "Using Multihop Analysis" on page 543.
EXAMPLE MULTIHOP CONFIGURATION
Consider an example Direct Market Access (DMA) scenario with sessions representing multiple clients,
sessions for the internal DMA latency, followed by multiple venue sessions.
In this DMA example:
l the customer sessions are request-response message sessions using the FIX protocol.
l the DMA plant session requires a two-stage translation session.
© 2023 Pico Quantitative Trading LLC. All rights reserved 534 .
l The venue sessions are request-response messages sessions each using the appropriate
exchange analytics plug-in
In this example a bi-directional multihop-group is configured:
l Each customer session is an overall-latency-session
l The plant latency session is included as a hop
l Each venue session is included as a hop
With this type of session configuration, Corvil enables you to track individual customer orders throughout
the hops in this environment.
In this example, the following custom signature configuration defines the messages of interest for
correlation.
custom-pnqm-signature DMA-FIX
signature-rule order
message-protocol FIX
match message-type NewOrderSingle
translation-hash
hash-message-field ClOrdID
signature-rule execution-ack
message-protocol FIX
match message-type ExecutionReport
translation-hash
hash-message-field ClOrdID
signature-rule orderReplace
message-protocol FIX
match message-type OrderCancelReplaceRequest
translation-hash
hash-message-field ClOrdID
signature-rule mass-quote
message-protocol FIX
match message-type MassQuote
translation-hash
hash-message-field QuoteID
signature-rule mass-quote-ack
message-protocol FIX
match message-type MassQuoteAcknowledgement
translation-hash
hash-message-field QuoteID
signature-rule orderCancelRequest
message-protocol FIX
match message-type OrderCancelRequest
translation-hash
hash-message-field ClOrdID
© 2023 Pico Quantitative Trading LLC. All rights reserved 535 .
custom-pnqm-signature FIX
signature-rule order
message-protocol FIX
match message-type NewOrderSingle
hash-message-field ClOrdID
signature-rule execution-ack
message-protocol FIX
match message-type ExecutionReport
hash-message-field ClOrdID
signature-rule orderReplace
message-protocol FIX
match message-type OrderCancelReplaceRequest
hash-message-field ClOrdID
signature-rule mass-quote
message-protocol FIX
match message-type MassQuote
hash-message-field QuoteID
signature-rule mass-quote-ack
message-protocol FIX
match message-type MassQuoteAcknowledgement
hash-message-field QuoteID
signature-rule orderCancelRequest
message-protocol FIX
match message-type OrderCancelRequest
hash-message-field ClOrdID
The order gateway session typically requires a two-stage translation session. In this example, the custom
PNQM translations cover the FIX ClOrdID to Order ID mapping and the mapping back from OrderId to
ClOrdID:
custom-pnqm-translation DMA-FIX-ClOrdID-to-OrderID
translation-rule execution-ack-new-or-cancel
message-protocol FIX
match class-map DMA-ordstatus
match message-type ExecutionReport
left-hash
hash-message-field ClOrdID
right-hash
hash-message-field OrderID
hash-message-field OrdStatus
translation-rule execution-ack-replaced
message-protocol FIX
match message-type ExecutionReport
match message-field OrdStatus = 5
left-hash
hash-message-field ClOrdID
right-hash
hash-message-field OrderID
hash-message-field Price
hash-message-field OrderQty
© 2023 Pico Quantitative Trading LLC. All rights reserved 536 .
hash-message-field TransactTime
translation-rule execution-ack
message-protocol FIX
match message-type ExecutionReport
match not message-field OrdStatus = 6
match not message-field OrdStatus = E
left-hash
hash-message-field ClOrdID
right-hash
hash-message-field OrderID
translation-rule mass-quote-ack
message-protocol FIX
match message-type MassQuoteAcknowledgement
left-hash
hash-message-field QuoteID
right-hash
hash-message-field SendingTime
custom-pnqm-translation DMA-FIX-OrderID-to-ClOrdID
translation-rule execution-ack-new-or-cancel
message-protocol FIX
match class-map DMA-ordstatus
match message-type ExecutionReport
left-hash
hash-message-field OrderID
hash-message-field OrdStatus
right-hash
hash-message-field ClOrdID
translation-rule execution-ack-replaced
message-protocol FIX
match message-type ExecutionReport
match message-field OrdStatus = 5
left-hash
hash-message-field OrderID
hash-message-field Price
hash-message-field OrderQty
hash-message-field TransactTime
right-hash
hash-message-field ClOrdID
translation-rule execution-ack
message-protocol FIX
match message-type ExecutionReport
match not message-field OrdStatus = 6
match not message-field OrdStatus = E
left-hash
hash-message-field OrderID
right-hash
hash-message-field ClOrdID
translation-rule mass-quote-ack
message-protocol FIX
match message-type MassQuoteAcknowledgement
left-hash
© 2023 Pico Quantitative Trading LLC. All rights reserved 537 .
hash-message-field SendingTime
right-hash
hash-message-field QuoteID
NOTE: For more information on defining custom translations, refer to the topic "Defining a Custom
Translation" in the Corvil Configuration Guide.
With the custom translations defined, the session measuring DMA plant latency in this example is as
follows:
session PlantLatency
bandwidth 100000
nso dma-gateway
no use-tcp-sci
pnqm-target to-id fixgw-inside
display-name left CustomerGateway right OrderRouter
pnqm-display-name label "Order Processing Plant"
measure-messages include-non-message-packets
pnqm-translate stage 1 translation DMA-FIX-ClOrdID-to-OrderID id fixgw
outside-ack
pnqm-translate stage 2 translation DMA-FIX-OrderID-to-ClOrdID id fixgw-
inside-ack
pnqm-enable ignore-loss one-to-many match-first custom-signature DMA-FIX
trace-events bidirectional always-on snaplength 100
The sessions associated with the custom translation in this example are as follows:
session client-ack
session-type unidirectional
nso qos-stats-disabled
pnqm-identifier fixgw-outside-ack
measure-messages
trace-events always-on snaplength 0
session venue-ack
session-type unidirectional
bandwidth 100000
nso qos-stats-disabled
pnqm-identifier fixgw-inside-ack
measure-messages
trace-events bidirectional always-on snaplength 0
© 2023 Pico Quantitative Trading LLC. All rights reserved 538 .
The sessions measuring latency for each customer in this example are as follows:
session CUSTOMER-1
bandwidth 100000
nso fix-order-entry
no use-tcp-sci
pnqm-target request-response
pnqm-display-name label "Order Response to CUSTOMER-1"
measure-messages include-non-message-packets
pnqm-enable report-class-mismatch ignore-loss one-to-many match-first
custom-signature FIX
trace-events bidirectional always-on snaplength 100
session CUSTOMER-2
bandwidth 100000
nso fix-low-latency
no use-tcp-sci
pnqm-target request-response
pnqm-display-name label "Order Response to CUSTOMER-2"
measure-messages include-non-message-packets
pnqm-enable report-class-mismatch ignore-loss one-to-many match-first
custom signature FIX
trace-events bidirectional always-on snaplength 100
session CUSTOMER-3
bandwidth 100000
nso fix-order-entry
no use-tcp-sci
pnqm-target request-response
pnqm-display-name label "Order Response to CUSTOMER-3"
measure-messages include-non-message-packets
pnqm-enable report-class-mismatch ignore-loss one-to-many match-first
custom-signature FIX
trace-events bidirectional always-on snaplength 100
session CUSTOMER-4
bandwidth 100000
nso fix-order-entry
no use-tcp-sci
pnqm-target request-response
pnqm-display-name label "Order Response to CUSTOMER-4"
measure-messages include-non-message-packets
pnqm-enable report-class-mismatch ignore-loss one-to-many match-first
© 2023 Pico Quantitative Trading LLC. All rights reserved 539 .
custom-signature FIX
trace-events bidirectional always-on snaplength 100
session CUSTOMER-5
bandwidth 100000
nso fix-order-entry
no use-tcp-sci
pnqm-target request-response
pnqm-display-name label "Order Response to CUSTOMER-5"
measure-messages include-non-message-packets
pnqm-enable report-class-mismatch ignore-loss one-to-many match-first
custom-signature FIX
trace-events bidirectional always-on snaplength 100
session CUSTOMER-6
bandwidth 100000
nso fix-order-entry
no use-tcp-sci
pnqm-target request-response
pnqm-display-name label "Order Response to CUSTOMER-6"
measure-messages include-non-message-packets
pnqm-enable report-class-mismatch ignore-loss one-to-many match-first
custom-signature FIX
trace-events bidirectional always-on snaplength 100
The sessions measuring latency to each venue (Broker_1, Broker_2, VENUE_Chicago, VENUE_
Singapore, VENUE_London, and VENUE_NewYork) in this example are as follows:
session Broker_1
bandwidth 100000
nso fix-order-entry
no use-tcp-sci
pnqm-target request-response
pnqm-display-name label "MetroBank Order Response"
measure-messages include-non-message-packets
pnqm-enable report-class-mismatch ignore-loss one-to-many match-first
custom-signature FIX
trace-events bidirectional always-on snaplength 100
© 2023 Pico Quantitative Trading LLC. All rights reserved 540 .
session Broker_2
bandwidth 100000
nso fix-order-entry
no use-tcp-sci
pnqm-target request-response
pnqm-display-name label "OTCtrade Order Response"
measure-messages include-non-message-packets
pnqm-enable report-class-mismatch ignore-loss one-to-many match-first
custom-signature FIX
trace-events bidirectional always-on snaplength 100
session VENUE_Chicago
bandwidth 100000
nso fix-order-entry
no use-tcp-sci
pnqm-target request-response
pnqm-display-name label "CME Order Response"
measure-messages include-non-message-packets
pnqm-enable report-class-mismatch ignore-loss one-to-many match-first
custom-signature FIX
trace-events bidirectional always-on snaplength 100
session VENUE_Singapore
bandwidth 100000
nso fix-order-entry
no use-tcp-sci
pnqm-target request-response
pnqm-display-name label "LambdaETF Order Response"
measure-messages include-non-message-packets
pnqm-enable report-class-mismatch ignore-loss one-to-many match-first
custom-signature FIX
trace-events bidirectional always-on snaplength 100
session VENUE_London
bandwidth 100000
nso fix-low-latency
no use-tcp-sci
pnqm-target request-response
pnqm-display-name label "FIX Order Response"
measure-messages include-non-message-packets
pnqm-enable report-class-mismatch ignore-loss one-to-many match-first
custom-signature FIX
trace-events bidirectional always-on snaplength 100
© 2023 Pico Quantitative Trading LLC. All rights reserved 541 .
session VENUE_NewYork
bandwidth 100000
nso fix-order-entry
no use-tcp-sci
pnqm-target request-response
pnqm-display-name label "NewYork Order Response"
measure-messages include-non-message-packets
pnqm-enable report-class-mismatch ignore-loss one-to-many match-first
custom-signature FIX
trace-events bidirectional always-on snaplength 100
When configuring the multihop group for multihop analysis, the previously defined customer sessions are
used as overall latency sessions, the DMA plant latency session is used for the Gateway hop, and the
venue sessions are used for the VenueLatency hop. Child sessions are automatically included in the
overall-latency-sessions, except for session CUSTOMER-6, where they are specifically excluded:
host(config)$ multi-hop-group DMA-latency
host(config-mhg)$ overall-latency-session CUSTOMER-1
host(config-mhg)$ overall-latency-session CUSTOMER-2
host(config-mhg)$ overall-latency-session CUSTOMER-3
host(config-mhg)$ overall-latency-session CUSTOMER-4
host(config-mhg)$ overall-latency-session CUSTOMER-5
host(config-mhg)$ overall-latency-session CUSTOMER-6 exclude-child-sessions
host(config-mhg)$ hop Gateway
host(config-mhg-hop)$ include-session PlantLatency
host(config-mhg-hop)$ hop VenueLatency
host(config-mhg-hop)$ include-session Broker_1
host(config-mhg-hop)$ include-session Broker_2
host(config-mhg-hop)$ include-session VENUE_A
host(config-mhg-hop)$ include-session VENUE_B
host(config-mhg-hop)$ include-session VENUE_C
host(config-mhg-hop)$ include-session VENUE_D
The results of the multihop analysis are available in the UI from Inspect Data and Event Inspection. In both
cases, the message table reports full roundtrip latency results for each message. For example, with
multihop analysis configured, you can
l select a customer session on Inspect Data and directly launch the Multihop Action for a selec-
ted message on a message table (supported from Corvil Analytics 9.7.0)
or
l select a customer session on Inspect Data and launch Event Inspection, then select a mes-
sage and navigate to the multihop view showing the configured hops.
© 2023 Pico Quantitative Trading LLC. All rights reserved 542 .
The configuration example described above produces the following hops: one way across the gateway,
roundtrip to the venue, and one way back across the gateway.
USING MULTIHOP ANALYSIS
Multihop analysis can be viewed for relevant messages from
l the messages table in Inspect Data (supported from Corvil Analytics 9.7.0) and
l the message table or order tracking screen in Event Inspection
To view a multihop analysis table in Inspect Data, you need to install the latest Action Pack on your
appliance.
The message table reports full roundtrip latency results for each message. You can use multihop analysis
(if configured) to select a message and navigate to the multihop table to see latency results for the
configured hops. In the message table, each row corresponding to a message for which multihop analysis
is available has a multihop icon displayed.
The multihop icon is displayed for each message that is measured by a session that is involved in any
multihop group.
NOTE: Multihop analysis is available for messages measured in sessions that are included in a
multihop group configuration. For more information on configuring multihop groups, refer to the
section "Defining a Multihop Group" on page 547.
A session may be involved in a group even if it is not explicitly referenced in the configuration by the
overall-latency or include-session CLI commands. This is because the session may serve
as the PNQM responder for a session that is explicitly referenced, or it may be a child of a referenced
parent session.
Even if the multihop icon is displayed, there may be no multihop analysis available if the specific
message was not involved in a PNQM correlation; for example, because the message is a Heartbeat
and heartbeat messages were excluded by the custom signature.
© 2023 Pico Quantitative Trading LLC. All rights reserved 543 .
Clicking displays the Multihop Analysis table.
The name of the configured multihop-group is used as the title for the multihop table. For distributed
multihop groups, the text "distributed" is displayed in parentheses after the name of the group. Distributed
multihop group results are available only when using Corvil Management Center.
NOTE: If the Corvil Management Center and CNEs involved in distributed multihop measurements are
in separate NAT domains, some additional Corvil Management Center configuration is required. For
more information on configuring Corvil Management Center to operate with CNEs in NAT
environments, refer to the topic Corvil Management Center and CNE Access Flow in the Corvil
Administration Guide.
© 2023 Pico Quantitative Trading LLC. All rights reserved 544 .
If a session containing relevant messages is referenced in more than one multihop group, then an analysis
is returned for each multihop group in the form of a list of tables.
Timestamp
Displays the timestamp of each message.
When viewing a distributed multihop group from Corvil Management Center, there may be a mixture of
measurements from different CNEs. Gray, italicized timestamps indicate measurements from a remote
CNE, that is, a CNE other than the CNE for which event inspection and multihop analysis was launched.
These timestamps are displayed in a different format to reflect the fact that timestamps from different
CNEs may not be synchronized with each other.
NOTE: Clicking the timestamp format button works in a similar way as on the message table.
- Absolute – The timestamps of all messages are displayed in absolute time.
- Relative – The timestamp of each message is shown relative to the first message in the current
filtered table.
CNE
Displayed only when viewing distributed multihop group results from Corvil Management Center, and
identifies the CNE on which the session is configured.
Message Type
Indicates the message type and analytics plugin.
Session
Displays the session PNQM identifier, if configured, and otherwise shows the session name. Hovering the
cursor over the name shown in the column displays a tooltip with the full session name.
Latency
Displays the measured latency for each message in each hop and the total latency across all displayed
hops.
© 2023 Pico Quantitative Trading LLC. All rights reserved 545 .
The names of the remaining columns in the latency grid come from the names of the hops configured in
the multihop group.
Each row in the table contains a message from the start of the corresponding hop. The latency to the
message at the start of the next is displayed in the corresponding column in the latency grid. The final hop
also contributes a row (without any corresponding latency) for the message at the end of the final hop.
Each latency measurement is represented graphically with green indicating latencies below the
configured threshold and red indicating a threshold violation. Any packet loss that has occurred is
indicated under this column.
NOTE: Each multihop analysis results in one table for each relevant multihop group. The table
describes only one path through the multihop group. If the message results in multiple paths, the
system does the following:
- If there is an overall-latency-session configured, then all paths that do not match the start and end
message are eliminated.
- If there is no overall-latency-session configured, then all except the path (or paths) with the earliest
end message are eliminated.
- If there is more than one path remaining, then the lexicographically first path is chosen, where the
name of each path is the concatenation of the session names measuring the latencies along the path.
There is a limit of 10 on the number of sessions per hop and a limit of 20 on the number of hops per
group.
When pruning of alternative path branches occurs, the hop name in the latency table is marked with
an exclamation mark. Clicking on the exclamation mark displays information about the sessions that
provided alternative paths.
Select a message row and click Show Details / DETAILS to view the details pane for that message. Click
Hide Details / X to close the pane.
A locked symbol displayed beside a session name in a message indicates that the current logged in
user does not have the required access privileges to view the session from which the message came.
NOTE: For more information on Corvil access privileges, refer to the section Role-based access
Control for Restricted Users in the Corvil Administration Guide.
© 2023 Pico Quantitative Trading LLC. All rights reserved 546 .
To export multihop .csv results from the Multihop Analysis screen opened from Inspect Data, click
Export. From Event Inspection, click Export - Multihop: All.
The multihop .csv file that includes the following information for each message:
l multihop table number
l multihop group name
l CNE name (for distributed multihop groups viewed using Corvil Management Center only)
l hop name
l session name
l session pnqm identifier (if configured)
l timestamp at which the message was detected
l custom-application name
l analytics plug-in name
l message type
l message length
l latency (if configured)
l loss (if configured)
l message sequence number (if configured)
l user-defined fields
If launched from Event Inspection, clicking the Back button returns you to the screen from which you
navigated, either the Order Tracking screen or the standard message table view.
DEFINING A MULTIHOP GROUP
To see what happened to individual orders across several hops, as well as the aggregate latency
distribution for each hop across multiple orders, you define a multihop group.
To define a multihop group, use the multi-hop-group CLI command:
© 2023 Pico Quantitative Trading LLC. All rights reserved 547 .
multi-hop-group <name>
group-type [unidirectional | bidirectional]
overall-latency-session <name> [forward | reverse] [exclude-child-sessions]
hop <name>
optional
include-session <name> [forward | reverse]
A multihop-group can be configured as bidirectional (the default) or unidirectional using the group-type
command. When configuring multihop analysis, and defining a multihop group, specify whether to include
multihop results for both directions of the specified sessions using the group-type command. The
group-type command applies to all sessions referred to in the multihop-group (defined using the
overall-latency-session and include-session commands).
Specifying a unidirectional multihop group indicates that you only want to see Event Inspection multihop
results for the direction explicitly referenced by the included sessions of interest.
Specifying a bidirectional multihop group (the default) indicates that you want to see Event Inspection
multihop results for both directions of all included bidirectional sessions of interest.
Specifying the Sessions Measuring Latency Across All Hops
To define one or more sessions to measure latency across all hops, you use the overall-latency-
session command.
Child sessions are automatically included if a parent session is configured as an overall-latency-session. It
is possible to exclude the child sessions by specifying the argument exclude-child-sessions.
Multiple overall-latency-session commands may be specified. If multihop analysis is performed
on a message in an overall latency session then the message is traced through the sequence of hops in
that group - the start side message from the overall latency is matched against start-side messages in the
sessions referenced from the first hop.
If a multihop analysis is done on a session which is not an overall-latency session, and the session is
included in a hop in a group, then an analysis is followed forward and backwards from that point as
determined by the sequence of hops.
If a session is referenced using the include-session or overall-latency-session commands
from multiple groups, then an analysis is returned for each group in the form of a list of tables. The results
are presented in the UI as an option to view from the event inspection message table. The name of each
multihop-group serves as a title for that multihop group table.
© 2023 Pico Quantitative Trading LLC. All rights reserved 548 .
NOTE: When configuring multihop groups on a CNE, all sessions referenced in a multihop group must
be single-CNE sessions configured and measuring results on that same CNE.
If you are configuring multihop groups using Corvil Management Center, sessions referenced in a
multihop group may contain single-CNE or two-CNE sessions from different CNEs. These groups are
referred to as distributed multihop groups.
Distributed multihop results are available only if all of the CNEs involved in a given multihop group's
referenced sessions are in managed-auto or managed-manual mode. However, the distributed
multihop group portion of the configuration is not pushed to managed CNEs.
If correlation is enabled on both CNEs for a referenced session, then the group follows the multihop
path using the CNE that is correlating upstream, that is, using the left CNE in the primary session
direction and the right CNE in the secondary (reverse) session direction. This is because the CNE
correlating upstream can detect PNQM loss.
Sessions referenced in a multihop group cannot be deleted until they have been removed from the
multihop group.
Defining Individual Hops and Associated Sessions
To define an individual hop along the path of interest, use the hop command. Each new hop is added at
the end of the current list of hops.
Use the up and down commands to change the order of hops.
To define the session(s) of interest for a given hop, use the include-session command.
Individual hops may be marked as optional using the optional command. Hops can be marked as
optional to support varying numbers of hops in different branches along the message paths. If a hop is
marked as optional, and a match is not found, the next hop in the group is searched. If there are multiple
optional hops in a row, then this continues until a search fails in a mandatory hop.
NOTE: Each multihop analysis results in one table for each relevant multihop group. The table
describes only one path through the multihop group. If the message results in multiple paths, the
system does the following:
l If there is an overall-latency-session configured, then all paths that do not match the start
and end message are eliminated.
l If there is no overall-latency-session configured, then all except the path (or paths) with
the earliest end message are eliminated.
© 2023 Pico Quantitative Trading LLC. All rights reserved 549 .
l If there is more than one path remaining, then the lexicographically first path is chosen,
where the name of each path is the concatenation of the session names measuring the
latencies along the path.
There is a limit of 10 on the number of sessions per hop and a limit of 20 on the number of hops per
group.
© 2023 Pico Quantitative Trading LLC. All rights reserved 550 .
Packet Capture Data Settings
Packet capture data stored on the appliance is used by Inspect Data, Packet/Message Export and Event
Inspection. The underlying data capture process is enabled by default, with all packets captured (with a
snaplength of 58 bytes) only for periods when threshold violations trigger events.
Packet capture has the following modes:
l Always-on – all packets are captured (with a specified snaplength) all of the time
l Event-based – all packets are captured (with a specified snaplength) for periods when
threshold violations trigger events
l Disabled – no packets are captured, and no data is available
You can set a global default packet capture mode (event-based or disabled only) and then override it in
each session. Always-on mode can only be configured per session.
If required, for example for security reasons, the capture of packet contents can be disabled by setting the
snaplength to zero. This does not compromise the ability to provide Inspect Data or Event Inspection
packet data results, for which only the Corvil-specific portion of the capture data is required. A zero-
snaplength Corvil capture does not contain any packet payload, but does contain, for example, IP
addresses and ports.
DISABLING AND RE-ENABLING CAPTURE
Packet and message capture is enabled by default system-wide and on all sessions. But it may not make
sense to keep capture enabled for every single session at all times.
The [no] global-trace-events command is used to set the default session capture mode. The
default can be disabled or set for event-based capture, and you can also set the default snaplength.
global-trace-events {[bidirectional] [snaplength <length> | ALL ]} | use-
global
no global-trace-events
where the use-global option is for CNE contexts within the CMC.
Individual sessions can override the global setting using the trace-events command in the session
configuration context. This command can be used in the session context of a CNE or a CMC.
© 2023 Pico Quantitative Trading LLC. All rights reserved 551 .
trace-events [[use-global] | [bidirectional] [always-on] [use-shared-
captures] [[snaplength <length> | ALL ]]
no trace-events
bidirectional
When using event-based capture, specifies that a threshold violation in one session direction should
trigger capture in both directions. By default, it will only trigger capture in the session direction where the
violation was detected.
When using the trace-events command, the snaplength configured for a session is used for all
capture on that session, regardless of whether the capture was triggered by an event on the reverse
session direction. For example, if A has full snaplength and bidirectional capture configured and the
reverse direction A' has zero snaplength configured, an event on direction A will result in a zero
snaplength capture on A'.
always-on
When using the trace-events command, specifies that the session captures all traffic that it sees, not
just capture triggered by threshold violations.
NOTE: Enabling this feature on high-bandwidth sessions can increase system load and reduce the
amount of capture storage available for other sessions.
snaplength <length | ALL >
Specifies how many bytes of the Ethernet frame to be captured in the packet capture file.
Allowed range for snapshot length: 0 – 65535 bytes
Default: 58 bytes
Choosing ALL specifies that the full packet contents are stored.
use-global
For the trace-events command: Specifies that the trace-events settings for the session will be derived
from the global settings defined by the global-trace-events command. This is the default setting for
a session.
For the global-trace-events command: Corvil Management Center Only: When using the Corvil
Management Center to manage CNE configurations, you can configure different settings for each CNE
within the site -> cne context or you can use the (default) use-global option to inherit the setting
configured on the CMC.
© 2023 Pico Quantitative Trading LLC. All rights reserved 552 .
use-shared-captures
Specifies that only summaries will be stored in the session and packets will be retrieved from matched
shards. See the topic "Volume Based PCAP Indexing" on page 644 in the Corvil Analytics User Guide for
more information.
NOTE: The use-shared-captures option is only available for single class, packet-only,
unidirectional sessions, configured with no legacy-gui-only with a single port attached. The
session must also be configured with default filter-class, no subnet groups, attached-sensor
none and it must be online with one CNE session.
See the topic "trace-event" in the Corvil Analytics CLI Command Reference Guide for more information
on the use-shared-captures option.
For example to default to disabling capture on all sessions (applies to sessions with trace-events
use-global):
host(config)$ no global-trace-events
To specify a default snaplength of 1512 bytes for all sessions (applies to sessions with trace-events use-
global):
host(config)$ global-trace-events snaplength 1512
To specify that the entire packet contents should be stored by default (applies to sessions with trace-
events use-global):
host(config)$ global-trace-events snaplength ALL
To specify that the sessions should by default use bidirectional event capture with full payload capture
(applies to sessions with trace-events use-global):
host(config)$ global-trace-events bidirectional snaplength ALL
For example to disable packet capture on a session (overriding the global setting):
host(config-session)$ no trace-events
To specify event capture with a 1512 byte snaplength on a particular session (overriding the global
setting):
host(config-session)$ trace-events snaplength 1512
© 2023 Pico Quantitative Trading LLC. All rights reserved 553 .
To specify that the session should use bidirectional event capture with full-payload capture (overriding the
global setting):
host(config-session)$ trace-events bidirectional snaplength ALL
When the global-trace-events or trace-events command is specified with snaplength set to
zero (or less than the actual size of the packet headers), then certain packet header fields will be
unavailable for export and display. The snaplength defined in either the global-trace-events (global
system setting) or trace-events (per session override setting) dictates how much of the frame is
stored in the available capture file. Even with zero snaplength capture, the system records some per-
packet metadata including IP addresses and ports. If you export a zero snaplength capture file, the
system will automatically populate some synthetic values for the header fields that were not recorded.
This allows you to view the basic packet details (timestamps, IP addresses, ports etc.) in external network
protocol analyzer software.
Measured and Generated Values for Zero Snaplength Capture Files
The following table lists the rules used to generate exported capture files when the snaplength is set to
zero, indicating which values seen in network analyzer software is actual data seen on the wire (in bold
font), and which values are generated by the system:
Value Measured or Generated?
Hardware MAC address Generated: Source and destination addresses use 00:00:00:00:00:00
Generated: IP
Ethernet frame type
NOTE: Synthetic packet headers are not generated for non-IP packets
IP header Generated: Version 4
IP header length Generated: 20 bytes
IP ToS Real value; taken from capture
IP packet len Generated: calculated from wirelength with 14 bytes subtracted
IP TTL Generated: 64 (RFC recommended default)
IP protocol Real value; taken from capture
IP source and destination
Real values
addresses
IP checksum Generated: recalculated for the generated IP header, hence will be
different than in the original packet
TCP/UDP source and des-
Real values
tination ports
TCP header size: Generated: 20 bytes
TCP SEQ and ACK SEQ
Real values
numbers
TCP flags Real value
UDP header size: Generated: 8 bytes
© 2023 Pico Quantitative Trading LLC. All rights reserved 554 .
Configuring Per-Session Capture Setting Overrides Using the UI
Step 1
In System Administration, add or edit a session.
Step 2
Click + to expand the Advanced Settings.
Step 3
Select the required Capture Settings:
l Default – all packets are captured only for periods when threshold violations trigger events.
The default snaplength of 58 bytes is automatically selected
l Always On – all packets are captured all of the time (with a specified snaplength)
l Event Based – all packets are captured (with a specified snaplength) for periods when
events are triggered
l Use Shard Captures – only summaries will be stored in the session. Packets for the session
are stored to and retrieved from 'shard' sessions. Snaplength is set in the shard session
l Disabled – no packets are captured
NOTE: Enabling the always-on packet capture feature on high-bandwidth sessions can increase
system load and reduce the amount of capture storage available for other sessions.
Select either the default snaplength (58 bytes), or specify how many bytes of the Ethernet frame to be
captured. (Range for snapshot length: 0 – 65535 bytes)
SETTING DISK SPACE QUOTA FOR CAPTURE FILES
The Corvil appliance employs a separate logical disk for storing capture files. The storage space on the
capture disk consists of an "event trace" region used for all automatic and always-on capturing, and a
manual capture region for capture files manually created and deleted by the user.
© 2023 Pico Quantitative Trading LLC. All rights reserved 555 .
For example, you can use the capture-settings event-trace-quota command to allocate a
specific percentage of the disk to capture files generated by “event trace” (automatic) captures. The
remainder of the disk is then reserved for manual captures.
capture-settings event-trace-quota percent <0-100 | default>
You must be logged in to the Corvil appliance CLI as an admin user to use this command.
NOTE: For platforms with spinning capture disks (all CNE appliances except for the CNE-10000), raw
disk capture performance is improved by using a smaller event trace quota. The software locates the
event trace region towards the start of the disk volume, where the disk throughput is highest, so
allocating more space to manual captures improves the performance on the event trace region.
In the following example, the percentage of disk space allocated to automatic captures is 60%, so the
remaining 40% is available for manual packet capture:
host(config-capture)$ capture-settings event-trace-quota percent 60
host(config-capture)$
The default event-trace-quota value is between 75% and 99% depending on the platform and
configuration (see below). To see the current value, run show event-storage and look for the
"Configured Event Capture quota" line. For example, if the event capture quota is set to 75%, automatic
captures are allocated 75% of the (unreserved*) disk space, with the remaining 25% reserved for manual
captures.
* 10% of the disk space is reserved for system use.
NOTE: The default percentage of disk space allocated to Event Inspection captures per CNE type is:
- CNE-10000 - 99% (Full Analytics and Network Packet Capture modes)
- All other CNEs - 90% (Full Analytics mode); 75% (Network Packet Capture mode)
When the "event trace" region of the capture disk becomes full, the appliance will automatically delete old
automatic and always-on capture data, taking into account any configured per-session quotas and other
data retention settings. For example, files older than 365 days are deleted first, then files for sessions that
have exceeded their disk space quota. Note that since deletions only continue while the disk is close to
full, some sessions may be allowed to exceed their quota if other sessions are below their quota. See
"Setting Disk Space Quota per Session" below.
© 2023 Pico Quantitative Trading LLC. All rights reserved 556 .
Setting Disk Space Quota per Session
Each session has a configurable disk space quota, allowing you to reserve a certain proportion of disk
space for particularly important sessions. To assign a specific percentage of disk space for event
captures to individual sessions, use the event-storage command.
event-storage default | percent <N>
no event-storage
default
Specifies that the session gets an equal share of the unreserved disk space.
<percent N>
Specifies that N percent of the disk space is allocated to the given session.
Range: 0.00 – 100.00
NOTE: The percentage is reserved per session direction. For example, for a bidirectional-symmetric
session, event-storage percent 1 will reserve 1% for the forward session direction and another 1% for
the reverse direction. In bidirectional-asymmetric sessions you can set the event storage
independently in the two session directions.
All the other sessions get an evenly-divided, fixed share of the remaining (unassigned) disk space.
The assigned percentage is the minimum disk space guaranteed to the session. For example, a session
may receive more than its guarantee if some other sessions are using less than their assigned quota.
If every session captures enough data to reach its own quota, then the steady state results in each
session being capped by its assigned percentage.
If more sessions are then added, the sessions with unreserved/default storage will see their share of the
remaining disk space diminish, but not the sessions with assigned disk space.
The event-storage default command can be used to undo an event-storage percent
command and the relevant session then receives an equal share of the unreserved disk space.
In the following example a session is assigned a minimum of 1% of the available disk space:
host(config-session)$ event-storage percent 1
© 2023 Pico Quantitative Trading LLC. All rights reserved 557 .
The Used and Reserved disk space for each session is shown in the show event-storage
command. See "Checking the Capture Quota and Amount of Captured Data" below. The disk space is
checked every 5 minutes.
Configuring Per-Session Capture Quotas Using the UI
Step 1
In System Administration, add or edit a session.
Step 2
Click + to expand the Advanced Settings.
Step 3
Select the required Capture Settings:
Allocate the required percentage of the capture disk to capture files generated by event-based or always-
on capture (Range 1-100%) for this session.
CHECKING THE CAPTURE QUOTA AND AMOUNT OF
CAPTURED DATA
Use the show event-storage command to check the current quota settings. In the following
example, the current capture disk quota setting for Event Inspection is 90% (the default) and the quota for
the DNS session is configured to be 3% and is shown as 2.7% of the overall disk space (that is, 90% of 3):
host(config)$ show event-storage
Total : 465.5G
Reserved for system use : 46.5G 10.0% of overall disk
Manual capture quota : 41.8G 9.0% of overall disk
Configured Event Capture quota ( 90%): 377.0G 81.0% of overall disk
Configured Global Data Search quota ( 10%) : 37.7G ( 8.1% of overall
disk)
Remaining of the quota for session captures: 339.3G ( 72.9% of overall
disk)
When capture disk full, delete history older than: 365 days (unless session
© 2023 Pico Quantitative Trading LLC. All rights reserved 558 .
has explicit quota)
Currently in use by Event Captures & Global Data Search: 361.8G ( 96.0%
of the quota)
Reserved: | Used: |
Min% | Cur% | Size | Size | Length | Rate/day| Session
-------+-------+--------+--------+--------+---------+-----------
10.00%| 10.00%| 1.6G| 0| 21d20h| 0| global-data-search
0.00%| 0.74%| 122.3M| 3.7M| 29d21h| 128.3K| local-cne[any] -> [any]
Kerberos-RTT
0.00%| 0.74%| 122.3M| 3.7M| 29d21h| 128.3K| local-cne[any] <- [any]
Kerberos-RTT
2.70%| 2.70%| 447.6M| 6M| 29d3h| 210.6K| local-cne[any] -> [any]
DNS
2.70%| 2.70%| 447.6M| 6M| 29d3h| 210.6K| local-cne[any] <- [any]
DNS
0.00%| 0.74%| 122.3M| 3.7M| 29d3h| 131.6K| local-cne[any] -> [any]
BGP
0.00%| 0.74%| 122.3M| 3.7M| 29d3h| 131.6K| local-cne[any] <- [any]
BGP
0.00%| 0.74%| 122.3M| 3.7M| 29d3h| 131.6K| local-cne[any] -> [any]
DHCP
0.00%| 0.74%| 122.3M| 3.7M| 29d3h| 131.6K| local-cne[any] <- [any]
DHCP
.
.
.
host(config)$
SETTING A PACKET CAPTURE PASSWORD
You can use the capture-settings password command from the Corvil appliance CLI to establish
or reset a password for use with all exports. Once set, all packet captures are exported as password-
protected encrypted zip files, including via the copy capture command, when copying packet capture
files to a remote server. You can also export the encrypted zip files via the GUI and API retrieval. Via the
API, captures must be retrieved specifying the 'zip' file type.
host(config)$ capture-settings password
Changing password for capture
New password:
Re-enter new password:
Password changed
The password should be a mixture of between five and eight upper and lowercase, alphanumeric and non
alphanumeric characters.
© 2023 Pico Quantitative Trading LLC. All rights reserved 559 .
If no capture password is configured, then the packet capture file that is copied will not be password
protected
PACKET CAPTURE COMPRESSION
The packet capture compression feature reduces I/O throughput and data volume demand during disk
capture by performing on-the-fly compression of packet capture payload before writing it to disk.
[no] capture-settings compression [auto | platform-default]
The following modes of operation are supported:
l Compression disabled
no capture-settings compression
l Compression automatically enabled or disabled depending on the current CPU load
capture-settings compression auto
l Compression enabled: always-on, regardless of CPU load
capture-settings compression
l Compression enabled or disabled according to the default behavior on the current Corvil appli-
ance
capture-settings compression platform-default
The default setting for CNE-10000 is compression auto. For all other supported Corvil appliance
platforms the default setting is compression enabled (always-on).
When using Corvil Management Center to manage CNE configurations, there is also the option to either
accept or override the global capture compression setting on a per-Corvil appliance basis. The global
Corvil Management Center setting is defined using the capture-settings command from the global
context. You can configure different settings for each CNE within the site -> cne context of the chosen
appliance or you can accept the global setting, using the command (this is the default the per-CNE
setting):
capture-settings compression use-global
which means that the CNE will use the top-level CMC capture setting value.
© 2023 Pico Quantitative Trading LLC. All rights reserved 560 .
To override the global setting, use one of the options described above as appropriate.
© 2023 Pico Quantitative Trading LLC. All rights reserved 561 .
PCAP Export Using the UI
You can access PCAP Export from the Inspect Data screen. Packet capture can be performed from
any CNE, or it can be managed from a CMC.
Corvil Flow Indexing can greatly speed up PCAP Export when using Corvil Query Language (CQL), and
so should be enabled. Refer to the topic "Enabling Flow Indexing" on page 665 to find out how to check if it
is enabled, and how to enable it if not.
To export a packet capture from a CNE:
l Select a time period
l Select a data source (one or more sessions or ports)
l Optionally supply a Corvil Query Language (CQL), Wireshark compatible, or Berkeley Packet
Filter (BPF) filter expression
l Specify a snaplength of up to 1600 bytes, or specify no limit on snaplength
l Click Export to download a packet capture file
NOTE: tshark must be enabled on the system in order to use Wireshark-compatible filtering. For more
information on enabling tshark, refer to the section "Using tshark" in "PCAP Export Using the CLI" on
page 574.
To manage packet capture export from a CMC:
l Select the CNE from which you want to export a packet from the Select Corvil drop-down list.
l Proceed in the same way as you would from the CNE.
SELECTING A TIME PERIOD FOR PCAP EXPORT
Select one of the available reporting periods:
l Last 1 hour
l Last 12 hours (disabled by default)
l Last 24 hours
l Last 48 hours
© 2023 Pico Quantitative Trading LLC. All rights reserved 562 .
l Last 7 days
l Last 30 days
l Last 60 days
l Business day
The available list of reporting periods also includes any user-defined reporting periods.
For more information on user-defined reporting periods, refer to the section "Configuring UI Reporting
Periods" on page 338.
Alternatively, select Custom and define your own time period of interest.
SELECTING A DATA SOURCE
You can select one or more data sources that provide the traffic in the capture file. You can select either
Saved or Custom data sources.
© 2023 Pico Quantitative Trading LLC. All rights reserved 563 .
Saved Data Source
Selecting a Saved data source allows you to select one or more Corvil appliance physical ports or saved
sessions for PCAP export. If using the default configuration, Ports A-D will be listed (where available) and
pre-selected for export by default (unless you have deleted the session associated with a physical port).
You can add more data sources to the Saved data source list by creating the tag-type 'Pcap-Export-UI'
and adding it to existing sessions (note that the session will be displayed by its tag value, with the session
name in brackets where 2 tag values are the same). A maximum of 20 saved data sources can be
displayed (including the physical port data sources), and a maximum of 5 data sources can be selected
for export.
Refer to the topic "Managing Tagging" on page 329 for information on how to create the tag-type 'Pcap-
Export-UI' and add it to sessions.
NOTE: You can also add the tag-type 'Pcap-Export-UI' to port sessions. These ports will be displayed
under the tag name rather than the port name. For example, if you add tag Pcap-Export-UI
MainPort to the session PortA, the saved data source will now be listed as 'MainPort' instead of
'PortA'.
NOTE: If you use the default per-port sessions (session PortA, and so on) ensure you have always-on
capture enabled with the trace-events always-on snaplength ALL command.
To include or omit a Saved data source, click on the data source.
Custom Data Source
Selecting a Custom data source allows you to select up to 5 sessions from the dropdown menu for PCAP
export. The dropdown list contains all defined sessions (no special tag-type required).
NOTE: If your session is multiclass, the whole session will be exported. You cannot select a session
class for PCAP download in Inspect Data.
APPLYING A FILTER
You can optionally supply a filter expression to apply to the exported packets.
For more information on the supported Corvil Query Language syntax, refer to the section "Corvil Query
Language" on page 566. Berkeley Packet Filter syntax information is available from the tcpdump man
page.
Defining and Applying a Filter
© 2023 Pico Quantitative Trading LLC. All rights reserved 564 .
Step 1
Enter a filter expression in the filter field.
If you select Corvil Query Language, the filter provides feedback dynamically as you type a search
expression, with suggestions listed on how to complete or add to what you have typed so far. For
example, the following shows an incomplete query with a list of suggestions for what to type next:
The Berkeley Packet Filtering dialect allows for on-the-fly error checking but no completion. It also permits
some logical checking of the expression. For example, the following expression is syntactically correct but
results in no packets being returned.
© 2023 Pico Quantitative Trading LLC. All rights reserved 565 .
The Wireshark compatible filters do not allow for on-the-fly error checking or completion. An error is
displayed if an incorrect or invalid filter is submitted as part of the capture export job.
NOTE: tshark must be enabled on the system in order to use tshark-compatible filtering. For more
information on enabling tshark, refer to the section "Using tshark" in "PCAP Export Using the CLI" on
page 574.
Corvil Query Language
Corvil Query Language (CQL) is similar to tshark syntax, using some similar operators and fields..
Using Corvil Flow Indexing to speed up the export of a packet capture only applies when Corvil Query
Language filters are used. The speed of retrieval depends on the shape of traffic captured, as well as the
filter used, as it allows the query to ignore disk capture files that don't contain packets of interest.
When the following keywords are the only ones present in the query (plus the logical operators and/or),
flow index information will automatically accelerate the generation of the packet capture:
l ip.src
l ip.dst
© 2023 Pico Quantitative Trading LLC. All rights reserved 566 .
l ip.addr
l ip.tos
l ip
l tcp
l udp
l tcp.port
l udp.port
l tcp.srcport
l udp.srcport
l tcp.dstport
l udp.dstport
l vport.id
l vlan.id
l vlan.priority
l mpls.exp
l IP Protocol
l application
l conversation
l IP subnet
The following describes all the supported Corvil Query Language fields and operators:
IP Layer Matches
ip
May be used as a boolean to filter for IP packets, or with ‘contains’/’matches’ operator to search the part of
the frame that starts at the IP header
ip.src
ip.dst
Operate on the individual source and destination address fields in the IPv4 header; example: ip.src ==
192.168.1.0/24 checks whether the source field of the packet is in the 192.168.1.x subnet; ip.src
== 192.168.1.1 checks for a specific address.
© 2023 Pico Quantitative Trading LLC. All rights reserved 567 .
ip.addr
An expression of form ip.addr <operator> <operand> is equivalent to the expression:
(ip.src <operator> <operand> or ip.dst <operator> <operand>).
ip.host
ip.srchost
ip.dsthost
Same as their IP-address based counterparts above, except for converting the IP addresses to a string via
reverse DNS and doing a string comparison
ip.proto
IP protocol field, may be compared to a numeric value (1, 6, 17) or to a string (icmp, tcp, udp)
icmp
tcp
udp
Used in boolean context, shorthand for ip.proto == 1
TCP and UDP Port Matches
tcp.srcport
tcp.dstport
udp.srcport
udp.dstport
Numeric value from the TCP or UDP header
tcp.port
udp.port
Same behavior as for ip.addr - expands to a logical OR of relational operators on the individual src/dst
fields
© 2023 Pico Quantitative Trading LLC. All rights reserved 568 .
tcp.flags.{ack,cwr,ecn,fin,ns,push,rst,syn,urg}
Individual flags from the TCP header
tcp
udp
Used with search operators means the part of the frame starting from the TCP (UDP) header
Ethernet
eth.src
eth.dst
Source/destination address as a tuple
eth.addr
An expression of form eth.addr <operator> <operand> is equivalent to the expression:
(eth.src <operator> <operand> or eth.dst <operator> <operand>).
eth.type
ethertype
Some pre-defined symbols are provided for convenience for example, eth.type == arp
arp (shorthand for eth.type == 0x0806)
frame
Binary tuple used with contains/matches to enable binary or string search on entire frame
Layer 2 Encapsulation
vlan.ids[ ]
VLAN ID stack, ids[0] is the ID from the first VLAN header and so on.
© 2023 Pico Quantitative Trading LLC. All rights reserved 569 .
mpls.labels[ ]
MPLS ID stack, ids[0] is the ID from the first MPLS header and so on.
vlan.id
Matches any VLAN ID
mpls.label
Matches any MPLS label
vport
The aggregation tap virtual port number
Calculated Fields
app
Corvil custom application name
Supported Operators
implicit operator - cast to boolean
some fields, either flags like tcp.flags.ack or payload fields like frame can be used without any operator,
the meaning for the flags is obvious, the meaning for the payload fields is ‘if a packet contains any
subframe of the specific type’ (so, for tcp it means ‘contains a TCP header’)
= =
!=
<
>
<=
>=
Relational operators on all field types, for boolean (flag) types true = = 1, false = = 0. String comparison is
case sensitive and ASCII-order. For binary fields, the comparison starts with comparing the length, so ip
>= ‘Z’ and ip >= ‘D<len-1>’ but not ip >= ‘E<len-1>’.
© 2023 Pico Quantitative Trading LLC. All rights reserved 570 .
contains
A substring search on string and binary fields, not defined for numeric fields.
matches
A PCRE match on binary and string fields, not defined for numeric fields.
[ ]
Substring/splicing operator, allows for checking specific parts of an Ethertype. CQL supports syntax for
splicing binary fields, and supports multiple ranges to retrieve a sequence that is subject to the relational
operator following the [ ] operator (field[:x,a:b,c:d,...,y:] == value); this can be applied to binary fields like
payload or Ethernet address.
SETTING A SNAPLENGTH LIMIT
If no size limit is to be applied to exported packets in a packet capture, make sure that the No Limit toggle
switch is on.
Alternatively, to specify a limit on snaplength of up to 1600 bytes, turn off the No Limit toggle switch and
use the snaplength slider to quickly select a snaplength. Alternatively, type a snaplength in the input field
to the right of the slider.
© 2023 Pico Quantitative Trading LLC. All rights reserved 571 .
EXPORTING A PACKET CAPTURE
When you have selected a time period and relevant sessions and optionally applied a filter and set a limit
on snaplength, click Export.
For a CNE installed with software release 9.6.2 or later, if you enable password protection on the capture
files, when you export the PCAP from the UI, it is downloaded as a password-protected zip file. You can
set password protection on capture files using the capture-settings password CLI command.
NOTE: For CNEs installed with software release earlier than 9.6.2, password-protected capture files
cannot be downloaded from the UI. For a 9.6.2 release CMC requesting a PCAP export from a CNE
with an earlier software release, the export will also fail and an error is displayed on the screen. In these
cases, use the CLI to export password-protected capture files. For more information on using the CLI
to export capture files, refer to the section "PCAP Export Using the CLI" on page 574.
There is a limit of one packet capture download per UI user at a time.
The progress of the download is indicated onscreen.
© 2023 Pico Quantitative Trading LLC. All rights reserved 572 .
The output file name chosen for the file has the form: Corvil-(CNEName)-export-(from-ms)-(to-ms).pcap
NOTE: The current CLI capture-settings export-format setting is used to determine
whether exported packet captures have microsecond or nanosecond resolution. To check the current
setting, log in to the CNE CLI as an admin user and use show system-settings | include
export-format. Use the capture-settings export-format CLI command to change the
setting if required.
Canceling a PCAP Export
Click Stop to cancel the download at any time. Canceling stops the export at the next packet boundary
and produces a valid packet capture file.
© 2023 Pico Quantitative Trading LLC. All rights reserved 573 .
PCAP Export Using the CLI
To define a capture export job using the CLI:
capture-export-job <name>
Define the packet capture export job name.
attached-port PortA | PortB | PortC | PortD
[Network Capture and Analysis mode Only]
Specify the physical CNE port(s) providing measurements to the job.
include-session <name>
[Full Analytics mode Only]
Specify the session(s) providing measurements to the job.
snaplength <bytes> | ALL
Specify the packet snaplength in bytes when exporting a capture file. The default setting is ALL (that is,
the whole packet).
time-period name <reporting-period-name>
time-period from <date-time> to <date-time>| +<time-duration>|now
time-period from <date-time> duration <time-duration>
Specify the time period using one of the provided forms of the time-period command.
filter <bpf|cql|tshark> <EXPR>
Optionally specify any filtering required using
l Corvil Query Language (cql)
l tshark compatible filtering
l Berkeley Packet Filtering (bpf)
NOTE: tshark must be enabled on the system in order to use tshark-compatible filtering. For more
information on enabling tshark, refer to the section "Using tshark" on page 586
© 2023 Pico Quantitative Trading LLC. All rights reserved 574 .
destination <scp|tftp|ftp|capture>:...
Specify a target destination for the export (either a remote destination (FTP, SSH, TFTP) or a relative path
from the CNE capture: directory).
tshark <tshark-options>
Optionally run tshark on the packet capture file.
NOTE: tshark must be enabled on the system in order to run tshark on the packet capture file. For
more information on enabling tshark, refer to the section "Using tshark" on page 586.
export
Export the job.
NOTE: For more detailed information on the CLI commands used to define a capture export job, refer
to the section "Defining a Capture Export Job" on page 578.
For example:
host(config)$ capture-export-job 14-11-05-09-30-00
host(config-capture-export-job)$ description "5-min app traffic Weds. 05-11-
14"
host(config-capture-export-job)$ include-session PortA
host(config-capture-export-job)$ time-period from 2017-11-05 09:45:00 to
2017-11-05 09:50:00
host(config-capture-export-job)$ filter cql ip.src==192.168.2.1
host(config-capture-export-job)$ destination capture:
host(config-capture-export-job)$ export
[======================================================================] 100%
File 'capture:14-11-05-09-30-00-1415180700000000000-1415181000000000000.pcap'
exported.
host(config-capture-export-job)$
If a remote destination is specified in the capture export job, a password prompt is displayed once a
connection with the remote server has been established.
© 2023 Pico Quantitative Trading LLC. All rights reserved 575 .
Canceling a Packet Capture Export Job
Use Ctrl+C to cancel an export. Canceling stops the export at the next packet boundary and produces a
valid packet capture file.
Exported File Format
If the destination specified is a directory, as in the example above, a new file is created in that directory
with the following format:
<capture-export-job-name>-<start-timestamp>-<end-timestamp>.pcap
NOTE: The current CLI capture-settings export-format setting is used to determine
whether exported packet captures have microsecond or nanosecond resolution. To check the current
setting, log in to the CNE CLI as an admin user and use show system-settings | include
export-format. Use the capture-settings export-format CLI command to change the
setting if required.
If the destination specified is a directory, the show command displays the name of the file to be
generated:
host(config-capture-export-job)$ show
capture-export-job myjob
include-session PortA
time-period from -1h duration 1h
destination capture:
! This job will create a file ‘myjob-<start-timestamp>-<end-
timestamp>.pcap’
! into ‘capture:’ directory after export
host(config-capture-export-job)$
<start-timestamp> and <end-timestamp> are replaced with their actual values if they are known.
For example:
host(config-capture-export-job)$ show
capture-export-job myjob
include-session PortA
time-period from 2017-10-10 09:10:00Z duration 1h
destination capture:
! This job will create a file ‘myjob-1409335075497436523
1409337825000000000.pcap’
! into ‘capture:’ directory
© 2023 Pico Quantitative Trading LLC. All rights reserved 576 .
host(config-capture-export-job)$
File Storage
Capture files exported to the local CNE file system are stored in the same CNE capture:/ directory as
manual packet captures. You can use the dir capture: CLI command to check the current set of
stored capture files.
NOTE: Capture files exported into the local file system of the CNE are stored in the same area as
manual captures. In order for the disk quota for manual captures not to be exceeded as a result of a
capture export job, the job is automatically cancelled if that limit is about to be reached.
If a capture export jobs gets cancelled due to insufficient disk space an error message is displayed in
the CLI. The resulting capture file will be a valid file.
Additionally, a capture export job with the local file system as destination requires a minimum amount
of disk space to be executed. If there is insufficient space, the job fails displaying an error message
indicating that there is not enough space in the local file system.
NOTE: The CNE employs a separate logical hard disk configuration for storing packet capture files.
Packet capture files generated automatically by always-on and event capture sessions share the
same disk as those generated by manual captures.
The capture-settings event-trace-quota percent command allows for the percentage
of the disk allocated to capture files generated by always-on and event capture sessions to be
adjusted between zero and 100 percent. The default event-trace-quota value is between 75% and
99% depending on the platform and configuration. The remaining disk space is used by exported
capture files, manual capture files and capture files that have been uploaded to the CNE for stored
data analysis. For more information on disk space quota, see the topic "Setting Disk Space Quota for
Capture Files" on page 555 in the Corvil Analytics User Guide.
Data Protection
If a password to encrypt capture files is set using capture-settings password command, all
capture files exported using the CLI are exported within a password-protected zip file.
The following sections describe the commands used when defining a capture export job in more detail.
© 2023 Pico Quantitative Trading LLC. All rights reserved 577 .
DEFINING A CAPTURE EXPORT JOB
Exporting selected data from the CNE as a packet capture file involves:
l Defining a Capture Export Job
l Defining the Sessions Providing Measurements
l Defining the Amount of Packet Content to Export
l Defining the Time Period To Export
l Defining a Packet Filter (Optional)
l Defining the Target Destination for the Capture Export
l Exporting the Capture File
To begin the process of defining a capture export job object and to enter the capture export job
configuration context, use the capture-export-job command:
[no] capture-export-job <capture-export-job-name>
capture-export-job-name
Specify the name of the capture export job.
Within the context of the capture export job you can
l specify the sessions providing measurements to the job using the include-session command
l specify the time period using the time-period command
l specify any filtering required using the filter command
l specify a target destination for the export using the destination command
l export the job using the export command
In the following example, a new capture export job named myjob is defined:
host(config)$ capture-export-job myjob
© 2023 Pico Quantitative Trading LLC. All rights reserved 578 .
DEFINING THE CNE PORTS PROVIDING
MEASUREMENTS – NETWORK CAPTURE AND
ANALYSIS MODE
To specify which CNE physical ports to use to supply traffic to a capture export job in Network Capture
and Analysis mode, use the attached-port command. If the attached-port command is not
explicitly specified, or is used with no ports specified, then all available measurement ports are added to
the capture export job.
attached-port [<port > [ <port > …]]
no attached-port [ <port > …]
port
[Optional] Specifies the name of the physical CNE measurement port: Port A, PortB, PortC, PortD.
In this example, a capture export job is configured with traffic measurement from CNE physical ports
PortA and PortB:
host(config)$ capture-export-job 14-11-05-09-30-00
host(config-capture-export-job)$ description "5-min app traffic Weds. 05-11-
14"
host(config-capture-export-job)$ attached-port PortA PortB
host(config-capture-export-job)$ time-period from 2017-11-05 09:45:00 to
2017-11-05 09:50:00
host(config-capture-export-job)$ destination capture:
host(config-capture-export-job)$ export
[======================================================================] 100%
File 'capture:14-11-05-09-30-00-1415180700000000000-1415181000000000000.pcap'
exported.
host(config-capture-export-job)$
DEFINING THE SESSIONS PROVIDING
MEASUREMENTS – FULL ANALYTICS MODE
To specify the sessions for which traffic is exported in Full Analytics Mode, use the include-session
command.
Multiple sessions can be included in the same capture export job.
© 2023 Pico Quantitative Trading LLC. All rights reserved 579 .
Only sessions with packet capture enabled (using the trace-events command) can be referenced.
include-session <name>
no include-session <name > | *
name
Specify the port session name.
In the following example, a new capture export job named myjob is defined based on the port session with
label PortA:
host(config)$ capture-export-job myjob
host(config-capture-export-job)$ include-session PortA
DEFINING THE AMOUNT OF PACKET CONTENT TO
EXPORT
To specify the packet snapshot length for a capture export job, use the snaplength command:
snaplength <length> | ALL
length
Specify the number of bytes to include from packets in a capture export job.
ALL
Specifies that the whole packet is used.
This is the capture export job default setting.
In the following example, a new capture export job named myjob is defined based on the session with label
HTTP-RTT and a defined time period and snaplength:
host(config)$ capture-export-job myjob
host(config-capture-export-job)$ include-session HTTP-RTT
host(config-capture-export-job)$ snaplength 1024
© 2023 Pico Quantitative Trading LLC. All rights reserved 580 .
DEFINING THE TIME PERIOD TO EXPORT
To specify the time period for which capture data is exported, use one of the following variants of the
time-period command.
To use a system-defined or user-defined reporting period, use the time-period name command:
time-period name <reporting-period-name>
To specify the time period for which capture data is exported, use the time-period command:
time-period from <date-time> to <date-time> | now | +<time-duration>
time-period from <date-time> duration <time-duration>
reporting-period-name
Specify a system-defined or user-defined reporting period.
Use the show reporting-period command to list the available reporting periods.
date-time
Specify one of the following options:
1. An absolute date and time with format:
YYYY-MM-DD [hh:mm[:ss[.sssssssssssssss]][Z|z]] (nanoseconds precision)
The specified time is assumed to be in the local CNE timezone. UTC can be specified by using the ‘Z|z’
suffix.
Examples:
2018-1-2 (meaning: January 2nd 2018 at 0:00:00.0)
2018-01-02 (meaning: January 2nd 2018 at 0:00:00.0)
2018-01-02 14:30 (meaning: January 2nd 2018 at 14:30:00.0)
2. A time within the last 24 hours with format:
hh:mm[:ss[.sssssssssssssss][Z|z]] (nanoseconds precision)
© 2023 Pico Quantitative Trading LLC. All rights reserved 581 .
The specified time is assumed to be in the local CNE timezone. UTC can be specified by using the ‘Z|z’
suffix.
Example:
9:10:11.1 (meaning: 9:10:11.1 today, or yesterday if it is currently before 9:10:11.1)
3. Relative time from now:
-[NNd] [NNh] [NNm] [NN[.nnnnnnnnnnnnn]s] (nanoseconds precision)
Examples:
-1d 20m 12s
-10h 12.1235s
-12.1235012344234s
The from <date-time> must be at least 60 nanoseconds earlier than the to <date-time>.
now
Specify that the latest data available in the disk should be used. The returned data will be from 10 to 45
seconds old depending on the capture delay of the device. In NCA mode the capture delay is always 10
seconds.
time-duration
Specify a time duration that matches the following format:
[NNd] [NNh] [NNm] [NN[.nnnnnnnnnnnnn]s]
(nanoseconds precision)
Examples:
1d 20m 12s
10h 12.1235s
The <time-duration> must be at least 60 nanoseconds.
NOTE: Using time-period from <date-time> to +<time-duration> is equivalent to
time-period from <date-time> duration <time-duration>.
© 2023 Pico Quantitative Trading LLC. All rights reserved 582 .
In the following example, a new capture export job named myjob is defined based on the session with label
HTTP-RTT covering 1:35pm to 1:45pm on June 21st 2017:
host(config)$ capture-export-job myjob
host(config-capture-export-job)$ include-session HTTP-RTT
host(config-capture-export-job)$ time-period from 2017-06-21 13:35:00 to
2017-06-21 13:45:00
In the following example, a new capture export job named myjob is defined based on the session with label
HTTP-RTT and a time period based on the system time period of the last hour:
host(config)$ capture-export-job myjob
host(config-capture-export-job)$ include-session HTTP-RTT
host(config-capture-export-job)$ time-period name "Last 1 hour"
In the following example, a new capture export job named myjob is defined based on the session with label
HTTP-RTT and a time period from 6am of the current day (within the last 24 hours) to the latest available
capture data:
host(config)$ capture-export-job myjob
host(config-capture-export-job)$ include-session HTTP-RTT
host(config-capture-export-job)$ time-period from 06:00:00 to now
DEFINING A PACKET FILTER (OPTIONAL)
To specify an optional filter to apply to the exported packet capture, use the filter command.
Only one filter can be specified per capture export job.
The export and analysis options would allow one of the following filter types:
l cql - Corvil Query Language (CQL) packet/message filter. Refer to the topic "PCAP Export
Using the UI" on page 562 for a description of the CQL fields.
l tshark - Wireshark display filter, using a tshark process operating on the entire packet cap-
ture
l bpf - Berkeley Packet Filtering
© 2023 Pico Quantitative Trading LLC. All rights reserved 583 .
NOTE: In general Corvil recommends using CQL where possible because it can execute the same
query in less time and with less memory consumption than tshark. Also, there is a limit of one tshark
filter per job that does not apply to CQL expressions.
Only one type of filtering can be used per capture export job. If the filtering type is not specified, the Corvil
Query Language (CQL) is used by default.
filter [bpf | cql | tshark] <filter-expression>
filter-expression
Specify a filter expression to apply to the packet capture before export.
In the following example, a new capture export job named myjob is defined and exported based on the
session with label HTTP-RTT:
host(config)$ capture-export-job myjob
host(config-capture-export-job)$ include-session HTTP-RTT
host(config-capture-export-job)$ time-period from 2017-10-21 13:35:30 to
2017-10-21 13:45:30
host(config-capture-export-job)$ filter cql "ip.src==192.168.2.1"
DEFINING THE TARGET DESTINATION FOR THE
CAPTURE EXPORT
To specify the target destination of the exported capture file, use one of the following variants of the
destination command.
One destination can be specified per capture-export-job.
To export the packet capture file to a remote destination, use:
destination URL
no destination
URL can be one of the following:
© 2023 Pico Quantitative Trading LLC. All rights reserved 584 .
tftp://hostname |ip address/<filename>
Specifies the parameters used to save or retrieve configurations. The file is specified by [file
path/]<file name>, relative to the directory determined for TFTP access at a TFTP server specified
by the DNS hostname or ip address parameter. The current timeout value for inactivity is approximately
20 minutes.
ftp://username@hostname/filename
Specifies the DNS host name or IPv4 address of a target FTP server. The user account must be specified
using the <username> parameter. The <filename> can be a relative or absolute path on the remote
target server. ftp is relative to the home directory of the user. If you want to use an absolute directory, use
the prefix // before the filename.
scp://user@hostname/filename
Specifies the DNS host name or IPv4 address of a target SCP/SSH server. The user account must be
specified using the <username> parameter. scp is relative to the home directory of the user. If you want
to use an absolute directory, use the prefix // before the filename.
To export the packet capture file to the CNE capture directory, use:
destination capture: [no-overwrite]
no destination
no overwrite
[Optional] Specify that if the destination file already exists, do not overwrite it. Instead, a numerical suffix is
added to the file name.
In the following example, a new capture export job named myjob is defined based on the session with label
HTTP-RTT:
host(config)$ capture-export-job myjob
host(config-capture-export-job)$ include-session HTTP-RTT
host(config-capture-export-job)$ time-period from 2017-10-21 13:35:30 to
2017-10-21 13:45:30
host(config-capture-export-job)$ destination capture: no-overwrite
© 2023 Pico Quantitative Trading LLC. All rights reserved 585 .
EXPORTING THE CAPTURE FILE
To run a defined capture export job and export the resulting packet capture file, use the export
command.
export
At least one session must be defined in the capture export job for it to be exported. A target destination
must also be defined in the capture export job.
If a remote destination is specified in the capture export job, a password prompt is displayed once a
connection with the remote server has been established.
Use Ctrl+C to cancel an export. Canceling stops the export at the next packet boundary and produces a
valid packet capture file.
In the following example, a new capture export job named myjob is defined and exported based on the
session with label HTTP-RTT:
host(config)$ capture-export-job myjob
host(config-capture-export-job)$ include-session HTTP-RTT
host(config-capture-export-job)$ time-period from 2017-10-21 13:35:30 to
2017-10-21 13:45:30
host(config-capture-export-job)$ destination capture: no-overwrite
host(config-capture-export-job)$ export
USING TSHARK
tshark is disabled by default in both Network Capture and Analysis and Full Analytics modes.
Enabling tshark
Enable tshark by allocating at least 500MB memory to tshark on the CNE. Using tshark means less buffer
for packet capture.
To enable tshark:
© 2023 Pico Quantitative Trading LLC. All rights reserved 586 .
l release packet capture buffer memory using the system-setting resource-usage-
reduce command
l restart the CNE server daemon using reload server-daemon
l allocate the available memory using the system-setting resource-usage-
increase command
Use the show resource-usage command to view the current share of memory resources across
various parts of the system.
For example:
host(config)$ system-setting resource-usage-reduce packet-capture-buffer
megabytes 500
host(config)$ reload server-daemon
This will log you out and restart the server daemon interrupting traffic
measurement.
Are you sure that you want to restart the server daemon (y/n)? y
Connection closed.
Log in again, make the required tshark memory allocation and check the new resource usage figures:
host(config)$ system-setting resource-usage-increase tshark megabytes 600
host(config)$ show resource-usage
Resource Usage by Component Default Configured Active
----------------------------------------------------------------------
packet-capture-buffer 1.8GB 1.3GB 1.3GB
decoder-dynamic-storage 160MB 160MB 160MB
decoder-indexed-storage 25MB 25MB 25MB
decoder-order-store 64MB 64MB 64MB
decoder-system-store 384MB 384MB 384MB
tshark 0MB 500MB 500MB
AVAILABLE 0MB 0MB 0MB
----------------------------------------------------------------------
In the preceding example, comparing the values displayed in the Default and Configured columns
indicates that 500MB has been taken from packet capture buffer memory and allocated to tshark.
The only form of the system-setting resource-usage-increase command available in
Network Capture and Analysis mode is the tshark option.
© 2023 Pico Quantitative Trading LLC. All rights reserved 587 .
In general, tshark is enabled if there is enough memory allocated for it. If not, then an error message is
displayed indicating that there is not enough memory allocated to execute tshark. In this case use the
system-setting resource-usage-increase tshark command to allocate adequate memory
for tshark as described above.
Analyzing Capture Data with tshark
To analyze the captured data using tshark, use the tshark command. The output is displayed in the
terminal.
tshark <tshark-options>
tshark-options
The list of options allowed is restricted to options that affect packet processing and output:
l -d <arg> (filter ... decode as)
l -e <arg> (list of displayed fields)
l -n (no name resolution)
l -N <arg> (name resolving flags)
l -o <arg> (options)
l -O <arg> (like -V but only specific protocols)
l -q (no per-packet output)
l -t <arg> (time format)
l -T <arg> (output format)
l -E <arg> (setting options)
l -z <arg> (statistics)
l -S <arg> (line separator)
l -u <arg> (time unit - seconds or hms)
l -V (packet details)
l -x (hex dump)
l -Y <arg> (display filter)
For example:
© 2023 Pico Quantitative Trading LLC. All rights reserved 588 .
host(config-capture-export-job)$ tshark ?
-d Decode as
-e Fields to print if -T fields selected
-E Control the format of the printed fields when -T fields is selected
-n Disable all name resolutions
-N Enable specific name resolutions
-O Only show packet details of these protocols
-q Be more quiet on stdout (e.g. when using statistics)
-S The line separator to print between packets
-t Output format of time stamps (def: r: rel. to first)
-T Format of text output (def: text)
-u Output format of seconds (def: s: seconds)
-V Add output of packet tree (Packet Details)
-x Add output of hex and ASCII dump (Packet Bytes)
-Y Packet display filter in Wireshark display filter
-z Statistics
host(config-capture-export-job)$ tshark -T text -Y telnet
4 0.000121 192.168.0.2 -> 192.168.0.1 TELNET 93 Telnet Data ...
5 0.000230 192.168.0.1 -> 192.168.0.2 TELNET 69 Telnet Data ...
7 0.000331 192.168.0.2 -> 192.168.0.1 TELNET 69 Telnet Data …
…
57 0.003627 192.168.0.1 -> 192.168.0.2 TELNET 130 Telnet Data ...
--More--
Use Ctrl+C to stop tshark. This causes packet flow to tshark to stop.
Two-pass filtering is not supported. Any attempt of using tshark’s -R option is detected and the -Y option is
recommended instead:
host(config-capture-export-job)$ tshark -R ?
ERROR -R option is not allowed as it requires a two-pass analysis. For
single-pass filtering use either -Y option or filter command.
probe(config-capture-export-job)$
If a filter is specified within the capture-export-job using the filter command it is applied when
running the tshark command, regardless of the type of the filter. If another filter is specified with the -Y
option, both filters are applied, so all packets displayed must match both filters. If the filter specified within
the job via the filter command is also a filter command, and given that tshark only applies the filter
specified with the last -Y option in the command line passed, a new expression is generated and passed
in a single -Y option as follows:
"-Y '(tshark: filter clause) and (-Y argument from user cmdline)'"
© 2023 Pico Quantitative Trading LLC. All rights reserved 589 .
ALLOCATING ADDITIONAL MEMORY TO TSHARK
In certain circumstances, tshark may run out of memory when using the export command and only if a
tshark-compatible filter is configured in the capture-export-job. If tshark exceeds the maximum memory
allowed, the tshark process ends leading into an invalid capture file.
For example:
host(config-capture-export-job)$ export
enter user@10.10.6.2’s password:
Exporting file: capture:myjob-1409335075497436523-1409337825000000000-1.pcap
[=============== ]
20%
Error: tshark ran out of memory
host(config-capture-export-job)$
In general, Corvil recommends using a Corvil query language (CQL) filter in the capture-export-job
instead.
To allocate additional memory to tshark on the CNE:
l release memory using the system-setting resource-usage-reduce command
l restart the CNE server daemon using reload server-daemon
l allocate the available memory using the system-setting resource-usage-
increase command
l Use the show resource-usage command to view the current share of memory resources
across various parts of the system.
For example:
host(config)$ system-setting resource-usage-reduce packet-capture-buffer
megabytes 600
host(config)$ reload server-daemon
This will log you out and restart the server daemon interrupting traffic
measurement.
Are you sure that you want to restart the server daemon (y/n)? y
Connection closed.
Log in again, make the required tshark memory allocation and check the new resource usage figures:
© 2023 Pico Quantitative Trading LLC. All rights reserved 590 .
host(config)$ system-setting resource-usage-increase tshark megabytes 600
host(config)$ show resource-usage
Resource Usage by Component Default Configured Active
----------------------------------------------------------------------
packet-capture-buffer 1.8GB 1.2GB 1.2GB
decoder-dynamic-storage 160MB 160MB 160MB
decoder-indexed-storage 25MB 25MB 25MB
decoder-order-store 64MB 64MB 64MB
decoder-system-store 384MB 384MB 384MB
tshark 0MB 600MB 600MB
AVAILABLE 0MB 0MB 0MB
----------------------------------------------------------------------
In the preceding example, comparing the values displayed in the Default and Configured columns
indicates that 600MB has been taken from packet capture buffer memory and allocated to tshark.
The only form of the system-setting resource-usage-increase command available in
Network Capture and Analysis mode is the tshark option.
© 2023 Pico Quantitative Trading LLC. All rights reserved 591 .
PCAP Analysis
[Supported from Corvil Analytics 9.7.0 only]
PCAP Analysis allows you to import PCAP files, analyze the data and then view the results on the Inspect
Data screen.
The analysis tool can read network data stored in standard PCAP formats and analyze the contained data.
From this data, the tool discovers, decodes, and reconstructs details of application and business flows
captured in the PCAP file. Corvil analytics and application/network performance results are then reported
from the stored network data.
The PCAP Analysis tool is launched from the Inspect Data screen (left navigation panel). The analysis can
be performed directly on a CNE or on a managed CNE if using a CMC.
NOTE: PCAP Analysis is supported on all CNE types and can be performed by admin, config, monitor
and restricted users with relevant access rights. See the topic "Role-based Access Control for
Restricted Users" in the Corvil Analytics Administration Guide for more information.
Sources of Capture Files
You can use PCAP analysis on the CNE for any of the following types of capture data:
Supported File Formats
l PCAP with microsecond resolution
l Nanosecond PCAP
l PCAP-ng
l Zip archive containing one capture file in any of the above formats (no password protection)
Previously Captured CNE Data
The CNE may have captured packets for a time period where full analysis of those packets was not
configured. For example message decoding, sessions, service objectives, policy-maps, configurable
statistics or latency measurement may not have been defined. The PCAP analysis feature makes it
possible to re-analyze such data to get rich analytics.
Use the export-capture command to save available capture data for a given time period to the
capture: directory. For more information on exporting capture data using the export-capture
command, refer to the topic "Working with Manual Packet Captures" on page 634 in the Corvil Analytics
User Guide.
Export a capture from the UI PCAP Export or Event Inspection drilldown screens and re-upload it for
PCAP analysis. For more information on exporting a capture file from the UI, refer to the topic PCAP
Export in the section PCAP Export or Exporting Event Inspection Packet Capture in the section
© 2023 Pico Quantitative Trading LLC. All rights reserved 592 .
Investigating an Event .
PCAP ANALYSIS OPERATION
PCAP analysis jobs operate in a separate offline mode to normal CNE measurement. The offline PCAP
analysis feature can operate concurrently with normal online measurement of traffic from the CNE
monitoring ports on all CNE models. The analysis is performed in the background as a stored data
analysis job.
The current CNE configuration is loaded when the PCAP analysis job is started. For example, decoder
config, custom-applications, service objectives, policy-maps, custom PNQM signatures, sites, and
subnet-groups are all loaded as normal and influence the outcome of the offline processing.
NOTE: You can only perform one PCAP analysis at a time.
PCAP analysis jobs can also be defined and run on managed CNEs from a CMC.
Preparing a Session for PCAP Analysis Using the GUI
To analyze a PCAP file on the CNE, you need to assign it to a session. To produce results when the PCAP
analysis job runs, the session must be configured to operate in offline mode. You can also configure the
session to match traffic in the capture file, for example, you may want to define custom-applications or
service objectives.
You can use one of the pre-defined offline sessions provided in the initial CNE configuration file, or you can
create a new offline session. You can also use an existing session and change it to offline mode. If using an
existing session, note that the existing session history is overwritten with data from the capture file during
analysis. If using one of the pre-defined offline sessions, only packet decoding is enabled but you can
reconfigure the session if required.
If creating or editing a session to use for the PCAP analysis, you can use CLI commands or configure it
from System Administration, as shown below:
Creating or Editing a Session for PCAP Analysis
Step 1
In System Administration mode, select Sessions.
Step 2
Duplicate or edit an existing session or define a new session using Add Session.
© 2023 Pico Quantitative Trading LLC. All rights reserved 593 .
Step 3
In the Add/Edit Session screen, expand the Advanced Settings.
Step 4
Check the Offline operation check box.
Step 5
Complete the session configuration as required (including a meaningful session label) and click Save.
Importing and Analyzing a Capture File Using the UI
NOTE: You must be an admin, config, monitor or restricted user with relevant access rights to use the
PCAP Analysis feature.
To import a capture file for PCAP analysis:
Step 1
Open the Inspect Data tab and click PCAP Analysis in the left navigation panel.
Step 2
If working from a CMC, first select the CNE (managed only) on which you will be performing the import
and analysis. Select the import tab to open the import and analysis wizard.
Drag and drop a suitable file into the window or click the import icon on the screen and select a file from
the browser. Click Next .
© 2023 Pico Quantitative Trading LLC. All rights reserved 594 .
Step 3
Select a pre-defined offline session that will be used to store the Corvil analytics for the selected PCAP file.
If you select a session that has been previously used for a PCAP analysis, the session data will be
overwritten. Click Next .
Step 4
Click START ANALYSIS to import the file and start the analysis, or click BACK to change the select
session or PCAP file.
Step 5
The wizard closes and you are returned to the PCAP Analysis list view screen where you can see the
progress of the importation followed by the analysis.
NOTE: You can exit the wizard at any stage by clicking CANCEL . You can cancel the file import or
analysis after it has started by clicking the arrow under ACTIONS and selecting CANCEL .
NOTE: Imported capture files are stored in subfolders under the manual captures directory. Use the
dir capture CLI command to check the current set of imported capture files. On the UI you can view
the imported capture files on the PCAP Analysis screen.
NOTE: You can also create PCAP analysis jobs using the stored-data-analysis CLI command. The
capture files must be already available in the CNE capture: directory.
Viewing Analyzed Data
Once a PCAP file has been imported and analyzed in PCAP Analysis, you can view the analyzed data in
Inspect Data at any stage. You can pre-define which Inspect Data dashboard to use to view the results by
configuring an attribute in the Dashboard XML (see "Defining a Dashboard Using XML" on page 127
To view analyzed results:
Step 1
Open the PCAP Analysis screen and find the PCAP file of interest. If there are a lot of files, you can shorten
the list by filtering on the file name or user name.
© 2023 Pico Quantitative Trading LLC. All rights reserved 595 .
Step 2
If the file has been analyzed, the VIEW button is accessible (orange) under ACTIONS. If the button is
grey, you need to run the analysis. See the following section.
Step 3
Clicking VIEW opens the default (top of list) or pre-defined (in Dashboard XML) Inspect Data screen
showing results only for the session associated with the PCAP file.
Step 4
You can click Event Inspection for the session to drilldown further into the data and view results in different
chart views.
The default Inspect Data screen displays the results in a detailed message/packet table (message details
are only displayed if the offline session is configured to show message results). The time range is based on
the start and end date/time of the capture file, and time tracking is based on the capture file timestamps.
Only the specific session associated to the PCAP analysis job is loaded on the Inspect Data page. All
other sessions in the configuration are ignored.
Running or Re-running a PCAP Analysis Job
If you have uploaded a PCAP file for analysis but canceled the analysis before it completed, the job
remains on the PCAP Analysis screen where you can run it at a later time. You can also re-run an analysis
of a PCAP that has been previously analyzed.
To run or re-run a previously saved PCAP analysis job:
Step 1
If you are re-running an analysis, on the PCAP Analysis screen go to the ACTIONS panel of the file you
want to re-analyze, click the Re-analyze PCAP circular arrow to restart the analysis.
© 2023 Pico Quantitative Trading LLC. All rights reserved 596 .
Step 2
If you are running an analysis on a file that hasn't been previously analyzed, on the PCAP Analysis screen
go to the ACTIONS panel of the file you want to analyze, click the down arrow and select Run Analysis .
Step 3
When the analysis has completed, the VIEW button becomes accessible (color changes to orange).
All existing data for the session attached to the analysis job is deleted when the analysis job is started.
Deleting a PCAP Analysis File
You can delete any file listed in the PCAP Analysis list view. Deleting a file permanently removes the PCAP
file and its associated Corvil analysis data.
To delete a PCAP file:
Step 1
Open the PCAP Analysis screen.
Step 2
Click Delete under the ACTIONS for the capture file to be deleted.
Step 3
Click OK to confirm that you want to delete the file and data.
PCAP Analysis Information
The following information is displayed for each PCAP analysis file listed in the PCAP Analysis table:
FILE NAME
Displays the name of the imported PCAP file. This is also the name of the subfolder created under the
capture directory. Hovering over the file name also shows the name of the session that the PCAP data is
matched to
IMPORTED BY
© 2023 Pico Quantitative Trading LLC. All rights reserved 597 .
Displays the username of user that imported the PCAP file
ANALYSIS RUN BY
Displays the user that last ran the analysis on the PCAP file. Blank if analysis has not been run
FILE SIZE
Size of the PCAP file
DATA DURATION
Time range of the captured data in the PCAP file
DATA START
Displays the date and time at the start of the PCAP file
DATA END
Displays the date and time at the end of the PCAP file
ANALYSIS RUN AT
Displays the date and time that the analysis was last run
STATUS
Displays the current status of the PCAP analysis job:
l Analysis ready - The PCAP analysis job has been completed. If there is warning associated
with the analysis, the warning is shown in the tooltip
l Analysis cancelling - A request to cancel the PCAP analysis has been sent
l Analysis pending - PCAP file has been imported and analysis is about to start
l Analysis starting - Analysis is starting on the PCAP file
l Analysis running (%) - PCAP file is being analyzed and progress % is displayed
l Analysis cancelled - The PCAP analysis has been cancelled
l Importing (%) - PCAP file is importing and import progress % is displayed
l Analysis required - The SDA job associated with the file was not executed
l Error - The analysis of the PCAP has failed. A detailed error message can be viewed in the
tooltip
ACTIONS
l VIEW - Click to launch the Inspect Data screen for the session containing the analyzed PCAP
data
l Restart Analysis - Click to rerun the PCAP analysis job
© 2023 Pico Quantitative Trading LLC. All rights reserved 598 .
l Cancel -Click to cancel an analysis that has started.
l Delete - Click to permanently delete the PCAP file and its analyzed data
All columns can be sorted (except the ACTIONS column). The files are sorted by default based on the
latest analyzed files.
Additional information is displayed, such as the disk space used on the capture directory and the current
time zone of the CNE/CMC.
© 2023 Pico Quantitative Trading LLC. All rights reserved 599 .
Using Stored Data Analysis
The Corvil Stored Data Analyzer module, launched from the Inspect Data screen, can read stored
network data in standard PCAP formats and analyze multiple terabytes per day. From this data, Corvil
discovers, decodes, and reconstructs details of application and business flows. All Corvil analytics and
application/network performance results are then reported from the stored network data.
NOTE: Access to Stored Data Analysis may be restricted depending on configured Corvil login
privileges.
For more information on Corvil role-based access control, refer to the section Role-based Access
Control for Restricted Users in the Corvil Administration Guide.
Analysis of capture files is performed on the CNE as a stored data analysis job.
Each stored data analysis job is configured with a set of one or more:
l capture files to analyze
l sessions to match capture file traffic and display the results of the analysis
SOURCES OF STORED DATA ANALYSIS FILES
You can use stored data analysis on the CNE for any of the following types of data:
Imported Capture Files
Import capture files to the CNE in any of the following supported formats:
l PCAP with microsecond resolution
l Nanosecond PCAP
l PCAP-ng with microsecond and nanosecond timestamp resolution
l Zip archive containing one capture file in any of the above formats (no password protection)
Manual Capture Files Generated on the CNE
Manual captures can be generated using the CLI capture command (and related commands). Manual
captures are automatically saved to the capture: directory and do not have to be imported. For more
information on generating manual captures, refer to the topic "Working with Manual Packet Captures" on
© 2023 Pico Quantitative Trading LLC. All rights reserved 600 .
page 634.
Previously Captured CNE Data
The CNE may have captured packets for a time period where full analysis of those packets was not
configured. For example message decoding, sessions, service objectives, policy-maps, configurable
statistics or latency measurement may not have been defined. The stored data analysis feature makes it
possible to re-analyze such data to get rich analytics:
l Use the export-capture command to save available capture data for a given time period
to the capture: directory. For more information on exporting capture data using the export-
capture command, refer to the topic "Exporting Always-On, Event and Manual Captures
Using the CLI" on page 641.
l Export a capture from the UI Event Inspection drilldown screen and re-upload it for stored
data analysis.
l Export a capture from the UI PCAP Export screen and re-upload it for stored data analysis.
STORED DATA ANALYSIS OPERATION
Stored data analysis jobs operate in a separate offline mode to normal CNE measurement. The stored
data analysis feature can operate concurrently with normal online measurement of traffic from the CNE
monitoring ports on all currently supported CNE platforms.
NOTE: Stored data analysis jobs cannot be defined and run on Corvil Management Center. However,
session configuration for stored data analysis can be pushed to CNEs.
The current CNE configuration is loaded when the stored data analysis job is started. For example,
custom-applications, service objectives, policy-maps, custom PNQM signatures, sites, and subnet-
groups are all loaded as normal and influence the outcome of the offline processing.
Only the specific offline-mode sessions that are associated with the stored data analysis job are loaded.
All other sessions in the configuration are ignored.
Any historical data associated with sessions attached to the analysis job is deleted when the analysis job is
started.
© 2023 Pico Quantitative Trading LLC. All rights reserved 601 .
Timestamps
All time tracking is based on the capture file timestamps. When multiple PCAP files are selected for a
stored data analysis job, all packets from all capture files are processed in timestamp order, so both
overlapping and non-overlapping captures are supported.
If the packet capture file contains duplicate or out-of-order timestamps, packets are swapped into
timestamp order. Reordering by no more than 63 packets and no more than one millisecond is supported.
Packets with greater reordering are dropped, with measurement warnings in the CLI and UI indicating the
problem.
Where multiple packets have the same timestamp, each is given a timestamp that is incremented by one
nanosecond from the previous.
NOTE: Extraction of aggregation tap timestamps is not currently supported.
Limits
l Maximum active classes: 100
l Maximum session directions: 100
l Maximum concurrent message flows: 5000
l Oldest historical date for analysis file: 15 years (range of timestamps within a single analysis
job limited to 60 days)
l 65535 byte packet size limit
Merging of PCAP results in an analysis job is not supported. If you upload a file to analyze and run an
analysis job, then upload another file and run the job again, all previous historical results are erased.
Event-triggered capture mode is not supported. Offline sessions treat event-triggered capture mode as
always-on, though the configured snaplength is respected.
© 2023 Pico Quantitative Trading LLC. All rights reserved 602 .
PERFORMING STORED DATA ANALYSIS USING THE
UI
Using the Stored Data Analysis feature involves the following:
l Importing a Capture File for Analysis Using the UI (Optional)
l Preparing a Session for Stored Data Analysis Using the UI
l Configuring a Stored Data Analysis Job Using the UI
In the UI, Stored Data Analysis (launched from the Inspect Data screen) can be used to rerun defined
stored data analysis jobs and overwrite stored capture files. Importing capture files, preparing sessions
and defining stored data analysis jobs is done using System Administration.
To access Stored Data Analysis, select Stored Data Analysis from the Inspect Data screen.
If no stored data analysis jobs are defined, click Stored Data Analysis Administration to start the
process of defining a job.
Importing a Capture File for Analysis Using the UI (Optional)
In cases where you want to analyze a capture file exported from the CNE UI or a capture file that was not
generated on the CNE, you must upload the capture first, then run an analysis job.
If you want to analyze a previously-run CNE manual capture, you can skip these steps.
Importing a Capture File for Analysis
© 2023 Pico Quantitative Trading LLC. All rights reserved 603 .
Step 1
In System Administration, select Stored Data Analysis.
Step 2
Select the Stored Data File Management tab and click Upload Capture File.
Step 3
Navigate to the packet capture file of interest and click Open.
Supported capture file formats:
l PCAP with microsecond resolution
l Nanosecond PCAP
l PCAP-ng with microsecond and nanosecond timestamp resolution
l Zip archive containing one capture file in any of the above formats (no password protection)
The Stored Data File Management screen displays the progress of the file upload. To cancel the file
upload, click Cancel.
Uploaded capture files are stored in the same CNE capture:/ directory as manual captures. As well as
the Stored Data File Management screen, you can also use the dir capture: CLI command to
check the current set of uploaded capture files.
Preparing a Session for Stored Data Analysis Using the UI
Defining a stored data analysis job includes specifying one or more sessions to match the captured traffic
and display the results of the analysis. To produce results when the stored data analysis job runs, the
session(s) must be configured to match traffic in the capture file and to operate in offline mode.
Switching a Session to Offline Mode for Use in a Stored Data Analysis Job
© 2023 Pico Quantitative Trading LLC. All rights reserved 604 .
Step 1
In System Administration, select Sessions.
Step 2
Duplicate or edit an existing session or define a new session using Add Session.
Step 3
In the Add/Edit Session screen, expand the Advanced Settings.
Step 4
Make sure that the relevant physical CNE measurement ports (for example, PortA) are checked and tick
the Offline operation check box.
Step 5
Complete the session configuration as required and click Save.
NOTE: Setting a session to offline mode does not in itself remove all existing session history. Session
data is deleted when the stored data analysis job is run. Stored data analysis populates these sessions
with data from capture files.
Configuring a Stored Data Analysis Job Using the UI
Configuring a Stored Data Analysis Job
Step 1
In System Administration, select Stored Data Analysis.
© 2023 Pico Quantitative Trading LLC. All rights reserved 605 .
Step 2
Select the Stored Data Analysis tab and click Add Stored Data Analysis Job.
The Add/Edit Stored Data Analysis Job dialog is displayed.
Step 3
Enter a Name for the stored data analysis job.
Step 4
Enter a Description for the job.
Step 5
Click Add Session.
Select one or more stored data analysis sessions and click OK. Use the filter field to search for a specific
session if required.
NOTE: If no sessions have been set to offline mode, then there are no sessions to display at this point.
For information on how to switch a session to offline mode, refer to the section "Preparing a Session for
Stored Data Analysis Using the UI" on page 604.
Step 6
Click Add File.
© 2023 Pico Quantitative Trading LLC. All rights reserved 606 .
Select one or more capture files and click OK. Use the filter field to search for a specific capture file if
required.
When multiple capture files are selected for a stored data analysis job, all packets from all capture files are
processed in timestamp order, so both overlapping and non-overlapping captures are supported.
For each capture file you can optionally define the CNE port (A-D) and vport number to associate with the
file, and every packet in the file is processed as if it came from the specified port and vport.
NOTE: There is no support for overriding system settings or port flow identification settings in stored
data analysis jobs.
Step 7
At this point you can:
Click Save to save the stored data analysis job and run it later.
Click Save and start to save the stored data analysis job and kick off the analysis run.
Click Cancel to cancel the stored data analysis job configuration.
If you choose to start the stored data analysis job, a dialog is displayed indicating that the stored data
analysis job begins by deleting all historical data on all sessions selected for the analysis. Click Start to
confirm that you want to kick off the stored data analysis job now or Cancel to wait until later.
The Stored Data Analysis screen indicates job progress under the Status column. The stored data
analysis job processes the capture data in timestamp order, keeping the original capture timestamps. All
time tracking is based on the capture file timestamps.
Only the specific offline-mode sessions that are associated with the stored data analysis job are loaded.
All other sessions in the configuration are ignored. The rest of the current CNE configuration is loaded
when the stored data analysis job is started. For example, custom-applications, service objectives, policy-
maps, custom PNQM signatures, sites, and subnet-groups are all loaded as normal and influence the
outcome of the offline processing.
© 2023 Pico Quantitative Trading LLC. All rights reserved 607 .
NOTE: For information on configuring stored data analysis jobs using the CLI, refer to "Configuring
Stored Data Analysis Using the CLI" on page 626.
Viewing Results for a Stored Data Analysis Job
When the stored data analysis job is complete, click View and select either Event Inspection or Traffic
Insight to see the results of the analysis for a session.
Selecting Event Inspection opens the Event Inspection drilldown window for the selected session.
For more information on using the Event Inspection drilldown window, refer to the section "Analyzing an
Event" on page 455.
Selecting Traffic Insight moves you into the UI Stored Data Analysis and opens the Traffic Insight
tab.
Stored Data Analysis focuses only on results for the relevant stored data analysis sessions based on the
capture file(s) included in the stored data analysis job.
Within Stored Data Analysis, you can switch between available stored data analysis jobs by selecting
them from the Stored Data Analysis Jobs list.
The packet timestamps from the uploaded capture files are used for all displayed timestamps and
statistics time boundaries, independent of the time of upload or analysis.
MANAGING STORED DATA ANALYSIS JOBS USING
THE UI
Stored Data Analysis Job Screen Information
When stored data analysis jobs are defined, they are listed on the Home tab in Stored Data Analysis.
© 2023 Pico Quantitative Trading LLC. All rights reserved 608 .
Click to display summary information for the session(s) associated with a stored data analysis job.
Latency
Displays a sparkline chart of the one-way latency measurements for this session (PNQM or EQ) during the
chosen reporting period. If the configured or dominant mechanism is TCP, the sparkline displays TCP
roundtrip time measurements.
Loss
Displays a sparkline chart of the packet loss for this session (PNQM or EQ) or the out of sequence packets
percentage (TCP) during the chosen reporting period.
Microburst
Displays a graphical representation of microburst measurements that indicates whether significant bursts
have been detected.
Total Bytes
Displays the total number of bytes measured during the chosen reporting period.
1s Peak
Displays the maximum measured one-second peak value during the chosen reporting period. Comparing
this value with the maximum microburst value indicated on the sparkline will give you an indication of the
extent to which the traffic has experienced millisecond level bursts that would not have been 'seen' with
one-second measurements.
Select a job from the Stored Data Analysis Jobs list to display summary results for that job and to
enable the Service Compliance, Event Inspection, Traffic Insight and Bandwidth Sizing tabs.
© 2023 Pico Quantitative Trading LLC. All rights reserved 609 .
Name
Displays the name of the stored data analysis job.
Sessions
Displays the number of sessions included in the stored data analysis job.
Files
Displays the number of capture files included in the stored data analysis job.
Status
Displays the current status of the stored data analysis job:
l Never executed: the stored data analysis job has been saved but not yet run.
l Running (%): displays the progress of the stored data analysis job, once started.
l Complete: the stored data analysis job has been run.
Data Start
Displays the date and time at the start of the capture file.
Data End
Displays the date and time at the end of the capture file.
Related Links
Click to view the relevant results for a session.
Actions
The available actions for each stored data analysis job are:
l Analyze - Click to launch the Event Inspection drilldown screen for the stored data analysis
job
l Restart Analysis - Click to rerun the stored data analysis job
© 2023 Pico Quantitative Trading LLC. All rights reserved 610 .
Restarting a Stored Data Analysis Job
Rerunning a Previously Saved Stored Data Analysis Job in Stored Data Analysis
Step 1
In Stored Data Analysis, click to expand a stored data analysis job or select the job from the
Stored Data Analysis Jobs list.
Step 2
Click Restart Analysis.
Step 3
At this point you can:
l Click Restart Job to rerun the existing stored data analysis job.
OR
l If you want to overwrite the capture file included in the stored data analysis job with new cap-
ture data, click Overwrite File.
l Navigate to the packet capture file of interest and click Open.
l Click Upload.
l When the updated capture file has been uploaded, click Restart Job.
NOTE: The updated capture file uploaded here replaces the previous version of the capture file stored
on the system.
If the stored data analysis job has a single capture file associated with it, then it can be replaced here
with only one other capture file. If you want to add additional capture files to the stored data analysis
job, or redefine the job in any other way, switch to System Administration and edit the stored data
analysis job.
Step 4
Click Start in the resulting dialog box to confirm.
© 2023 Pico Quantitative Trading LLC. All rights reserved 611 .
In System Administration, the Stored Data Analysis screen includes the following summary
information:
Name
Displays the name of the stored data analysis job.
Sessions
Displays the number of sessions included in the stored data analysis job.
Files
Displays the number of capture files included in the stored data analysis job.
Status
Displays the current status of the stored data analysis job:
l Never executed: the stored data analysis job has been saved but not yet run.
l Running (%): displays the progress of the stored data analysis job, once started.
l Complete: the stored data analysis job has been run.
Data Start
Displays the date and time at the start of the capture file.
Data End
Displays the date and time at the end of the capture file.
Actions
If a stored data analysis job has been saved but not yet run:
l start - Click to start the stored data analysis job
l end - Click to edit the stored data analysis job configuration
l delete - Click to remove the stored data analysis job
If a stored data analysis job has run:
© 2023 Pico Quantitative Trading LLC. All rights reserved 612 .
l restart - Click to run the stored data analysis job again
l View- Click to view stored data analysis job results in Event Inspection or Traffic Insight
screens
l edit - Click to edit the stored data analysis job configuration
l delete - Click to remove the stored data analysis job
Click + beside the stored data analysis job name to display the information available:
Session
Displays the name of the session.
Packets
Displays the number of packets processed by the session.
Data Start
Displays the date and time at the start of the capture file.
Data End
Displays the date and time at the end of the capture file.
Actions
l Launch Event Inspection - Click to launch the Event Inspection drilldown screen for the
selected session.
File
Displays the name of the uploaded packet capture file.
Parameters
Displays
l Size –the size of the uploaded packet capture file.
l Packets –the number of packets in the uploaded packet capture file.
l Data Start –the date and time at the start of the capture file.
l Data End –the date and time at the end of the capture file.
© 2023 Pico Quantitative Trading LLC. All rights reserved 613 .
l Uploaded –the time and date the packet capture file was uploaded.
Actions
l view period - Click to choose between launching Event Inspection drilldown or the Traffic
Insight tab for a selected session.
Starting a Stored Data Analysis Job
Start a Previously Saved Stored Data Analysis Job
Step 1
In System Administration, select Stored Data Analysis and then the Stored Data Analysis tab.
Step 2
Click start under the Actions for the stored data analysis job to be started.
Step 3
Click Start in the resulting dialog box to confirm.
The Stored Data Analysis screen indicates job progress under the Status column. The stored data
analysis job processes the capture data in timestamp order, keeping the original capture timestamps. All
time tracking is based on the capture file timestamps.
Only the specific offline-mode sessions that are associated with the stored data analysis job are loaded.
All other sessions in the configuration are ignored. The rest of the current CNE configuration is loaded
when the stored data analysis job is started. For example, custom-applications, service objectives, policy-
maps, custom PNQM signatures, sites, and subnet-groups are all loaded as normal and influence the
outcome of the offline processing.
© 2023 Pico Quantitative Trading LLC. All rights reserved 614 .
Editing a Stored Data Analysis Job
Editing a Previously Saved Stored Data Analysis Job
Step 1
In System Administration, select Stored Data Analysis and then the Stored Data Analysis tab.
Step 2
Click edit under the Actions for the stored data analysis job to be edited.
Step 3
Make the appropriate changes to the current stored data analysis job configuration.
Step 4
At this point you can:
l Click Save to save the stored data analysis job and run it later.
l Click Save and start to save the stored data analysis job and kick off the analysis run.
l Click Cancel to cancel the stored data analysis job configuration.
Restarting a Stored Data Analysis Job
Rerunning a Previously Saved Stored Data Analysis Job in System Administration
Step 1
In System Administration, select Stored Data Analysis and then the Stored Data Analysis tab.
Step 2
Click restart under the Actions for the stored data analysis job to be run.
© 2023 Pico Quantitative Trading LLC. All rights reserved 615 .
Step 3
At this point you can:
l Click Restart Job to start the analysis.
OR
l If you want to overwrite the capture file included in the stored data analysis job with new cap-
ture data, click Overwrite File.
l Navigate to the packet capture file of interest and click Open.
l Click Upload.
l When the updated capture file has been uploaded, click Restart Job.
NOTE: The updated capture file uploaded here replaces the previous version of the capture file stored
on the system.
Step 4
Click Start in the resulting dialog box to confirm.
Deleting a Stored Data Analysis Job
Deleting a Stored Data Analysis Job
Step 1
In System Administration, select Stored Data Analysis and then the Stored Data Analysis tab.
Step 2
Click delete under the Actions for the stored data analysis job to be deleted.
Step 3
Click Delete in the resulting dialog box to confirm.
© 2023 Pico Quantitative Trading LLC. All rights reserved 616 .
MANAGING STORED DATA ANALYSIS FILES USING
THE UI
The Stored Data File Management screen includes the following summary information:
File
Displays the name of the uploaded packet capture file.
Size
Displays the size of the uploaded packet capture file.
Packets
Displays the number of packets in the uploaded packet capture file.
Duration
Displays the time period covered by the uploaded packet capture file.
Uploaded
Displays the time and date the packet capture file was uploaded.
Format
Displays the packet capture file format.
Supported file formats:
l PCAP with microsecond resolution
© 2023 Pico Quantitative Trading LLC. All rights reserved 617 .
l Nanosecond PCAP
l PCAP-ng
l Zip archive containing one capture file in any of the above formats (no password protection)
Actions
The available actions for stored data analysis files are:
l delete - Click to delete the selected capture file
l Overwrite File - Click to replace the selected capture file with a different capture file
Searching for Uploaded Stored Data Analysis Files
Searching for a Stored Data Analysis File
Step 1
In System Administration, select Stored Data Analysis and then the Stored Data File
Management tab.
Step 2
Enter matching search text in the field and click Filter.
To clear the search results, click Clear.
Deleting a Stored Data Analysis File
Deleting a Stored Data Analysis File
Step 1
In System Administration, select Stored Data Analysis and then the Stored Data File
Management tab.
© 2023 Pico Quantitative Trading LLC. All rights reserved 618 .
Step 2
Click delete under the Actions for the file to be deleted.
Step 3
Click Delete in the resulting dialog box to confirm.
Replacing a Stored Data Analysis File
Replacing an Existing Stored Data Analysis File
Step 1
In System Administration, select Stored Data Analysis and then the Stored Data File
Management tab.
Step 2
Click Overwrite File under the Actions for the file to be replaced.
Step 3
Navigate to the new file of interest and click Open.
The Stored Data File Management screen displays the progress of the replacement file upload.
STORED DATA ANALYSIS USING THE CLI - EXAMPLE
Setting up and running stored data analysis using the CLI involves the following:
l Selecting the capture file to be analyzed – the capture file may be imported to the CNE from a
different device using the copy command or via ssh or may already be present in the CNE cap-
ture: directory
l Set a session with relevant configuration to operate in offline mode using the session-oper-
ation command
l Define a stored data analysis job based on the selected session and capture file using the
stored-data-analysis-job and associated commands
© 2023 Pico Quantitative Trading LLC. All rights reserved 619 .
NOTE: For more information on the CLI commands used in the following example configuration, refer
to the section "Configuring Stored Data Analysis Using the CLI" on page 626.
Selecting a File to Analyze
Use the dir capture: command to check the current set of available files for analysis.
host(config)$ dir capture:
capture:/
Size Name
9.3K Corvil-19-1397471818758831300-1397471826727127398-na-0____-
ordernone-false-bidirectional.zip
4.0K manual-capture.pcap
10.3M slow-email.pcap
6 tmp/
host(config)$
In cases where you want to analyze a capture file exported from the CNE UI or a capture file that was not
generated on the CNE, you must upload the capture first, then run an analysis job. You can upload
capture files to the CNE
l Using the CNE CLI copy command
l Using ssh from a remote machine
In the following example, the capture file named slow-email.pcap is imported using the copy scp
command:
host(config)$ copy scp://fred@acme-serv//PCAPS/slow-email.pcap capture:
enter fred@acme-serv's password:
Downloading file "/PCAPS/slow-email.pcap" from remote server ...
|=========================================================================|
100%
Transfer complete.
In the following example, the capture file named slow-email.pcap is uploaded to the CNE using ssh:
$ ssh admin@nyc-cne install capture-file slow-email.pcap < slow-email.pcap
NOTE: For more information on using the copy command and ssh upload options, refer to the section
"Configuring Stored Data Analysis Using the CLI" on page 626.
© 2023 Pico Quantitative Trading LLC. All rights reserved 620 .
Preparing a Session for Stored Data Analysis
In the following example, a session with label HTTP-RTT-offline (previously defined with the relevant
configuration to match the traffic in the capture file and produce the required results) is switched to offline
mode:
host(config)$ session HTTP-RTT-offline
host(config-session)$ session-operation offline
NOTE: If using the attached-port command to restrict the session to specific physical CNE ports
(for example, PortA) make sure that one of the input capture files goes to this port. By default, input
capture files got to PortA.
NOTE: Remember that if you define a session to measure all packets but with no subnet-filtering (that
is, using src any dst any), you have to specify a filter-class of class-default to match traffic:
host(config-session)$ filter-class class-default
Defining a Stored Data Analysis Job
In the following example, a stored-data-analysis-job named slow-email is defined using
a previously-defined stored data analysis session with label HTTP-RTT-offline
a capture file named slow-email.pcap
host(config)$ stored-data-analysis-job slow-email
host(config-stored-data-analysis-job)$ include-session HTTP-RTT-offline
host(config-stored-data-analysis-job)$ include-file capture:slow-email.pcap
host(config-stored-data-analysis-job)$ start
This will erase all measured data on attached sessions. Continue (y/n)? y
host(config-stored-data-analysis-job)$
The stored data analysis job begins by deleting all previous data on all sessions selected for the analysis.
The stored data analysis job then processes the PCAP data in timestamp order, keeping the original
PCAP timestamps. Offline analysis populates the history of these sessions with data from capture files.
© 2023 Pico Quantitative Trading LLC. All rights reserved 621 .
NOTE: If you are using a platform that does not support concurrent live measurement and offline
analysis, the following warning is displayed:
This will erase all measured data on attached sessions.
WARNING: this platform does not support concurrent measurement
and stored data analysis. Normal measurement will be interrupted.
This will log you out. Continue (y/n)? y
CHECKING STORED DATA ANALYSIS JOB STATUS WITH THE CLI
Use the show stored-data-analysis-job command to check the configuration and current
status of stored data analysis jobs:
host(config)$ show stored-data-analysis-job
stored-data-analysis-job slow-email
include-session HTTP-RTT-offline
include-file capture:slow_email-load_130114.pcap port PortA
Current status: running (23%)
Requested at: 18:26:36 17 Feb 2017 UTC
Analysis started at: 18:26:36 17 Feb 2017 UTC
Analysis finished at:
First packet timestamp:
Last packet timestamp:
When the stored data analysis is finished, the show stored-data-analysis-job output looks like
the following example:
host(config)$ show stored-data-analysis-job
stored-data-analysis-job slow-email
include-session HTTP-RTT-offline
include-file capture:slow_email-load_130114.pcap port PortA
Current status: complete
Requested at: 18:26:36 17 Feb 2017 UTC
Analysis started at: 18:26:36 17 Feb 2017 UTC
Analysis finished at: 18:26:47 17 Feb 2017 UTC
First packet timestamp: 18:02:50.503495000 13 Jan 2017 UTC
Last packet timestamp: 18:06:51.845908000 13 Jan 2017 UTC
Interface Received Sent
--------- -------- ----
PortA:
© 2023 Pico Quantitative Trading LLC. All rights reserved 622 .
bytes 10556549
packets 16272
ignored pkts 0
dropped pkts 0
frame errors 0
CRC errors 0
protocol errors 0
truncated pkts 0
duplicate pkts 0
unknown pkts 0
stored-data-analysis-job timestamp order:
successfully reordered packets: 0, failed: 0
Packets dropped during disk capture: 0
Use the show audit stored-data-analysis command to view an analysis job usage table.
show audit stored-data-analysis [timerange {day|week}]
For example:
host(config)$ show audit stored-data-analysis
Date Jobs executed Bytes analysed
Thu Jul 24 2017 3 14.6M
Thu Jul 31 2017 4 9.1G
USING SSH TO CHECK STORED DATA ANALYSIS JOB STATUS
Alternatively, use ssh admin@<name | ip-address> stored-data-analysis-job
status.
For example:
$ ssh admin@nyc-cne stored-data-analysis-job status
Password:
Job Status
dma-latency complete (100%)
hq-112 complete (100%)
sanfran-drops cancelled
slow-email not started
© 2023 Pico Quantitative Trading LLC. All rights reserved 623 .
Thread status: idle
CHECKING SESSION RESULTS FOR A STORED DATA ANALYSIS
JOB WITH THE CLI
Use the show session command to see the session results produced by the stored data analysis job.
In the following example, results are displayed following a stored data analysis job for a session with label
HTTP-RTT-offline:
host(config)$ show session HTTP-RTT-offline
session HTTP-RTT-offline
session-operation offline
attached-port PortA
session-type bidirectional-symmetric
no bandwidth
event-storage default
filter-class HTTP-HTTPS
link-adjust 0
use-tcp-rtt auto
use-tcp-art both
use-tcp-sci auto
use-eq-sci auto
pnqm-target request-response
display-name auto
pnqm-display-name label "HTTP Request/Response"
measure-messages filter-client-server include-non-message-packets
classification-policy default
configurable-stats HTTP-Requests reverse-direction HTTP-Responses
pnqm-require-clock-sync use-global
no pnqm-relative-latency
pnqm-enable one-to-many match-first custom-signature HTTP-RTT
trace-events always-on snaplength ALL
---------------------------------------------------------------------
Note: this is a stored data analysis session so live measurement is
disabled.
Statistics below are from stored-data-analysis-job `slow-email'.
Analysis finished at 18:59:11 17 Feb 2017 UTC
---------------------------------------------------------------------
Traffic Stats - 113 kbps mean message bit-rate
- 1.1 Mbps, 121 mps 1s peak
- 71.5 Mbps, 7.2 kmps 5ms peak
- 7.1 Mbps, 720 mps 50ms peak (configured)
- 9,404 packets, 4,130,771 bytes
PNQM Stats - 5 messages sampled, 0 lost messages (0.00%)
© 2023 Pico Quantitative Trading LLC. All rights reserved 624 .
class class-default
Packet Stats - 9,404 packets, 4,130,771 bytes
Message Stats - 1 message decode failures
- (1 due to TCP reassembly errors)
- 3,815 messages
- 113 kbps mean message bit-rate
- 1.1 Mbps, 121 mps 1s peak
- 71.5 Mbps, 7.2 kmps 5ms peak
- 7.1 Mbps, 720 mps 50ms peak (configured)
- 1.3 Mbps, 144 mps 500ms peak (delay target)
PNQM Stats - 5 messages sampled, 0 lost messages (0.00%)
session HTTP-RTT-offline
! configuration session HTTP-RTT-
Offline
attached-port PortA
no bandwidth
event-storage default
filter-class HTTP-HTTPS
link-adjust 0
use-eq-sci auto
measure-messages
classification-policy default
trace-events always-on snaplength ALL
--------------------------------------------------------------------
Note: this is a stored data analysis session so live measurement is
disabled.
Statistics below are from stored-data-analysis-job `slow-email'.
Analysis finished at 18:59:11 17 Feb 2017 UTC
---------------------------------------------------------------------
Traffic Stats - 151 kbps mean message bit-rate
- 1.7 Mbps, 163 mps 1s peak
- 49 Mbps, 4.4 kmps 5ms peak
- 9.6 Mbps, 978 mps 50ms peak (configured)
- 5,261 packets, 5,825,100 bytes
class class-default
Packet Stats - 5,261 packets, 5,825,100 bytes
Message Stats - 4 message decode failures
- (3 due to TCP reassembly errors)
- 4,135 messages
- 151 kbps mean message bit-rate
- 1.7 Mbps, 163 mps 1s peak
- 49 Mbps, 4.4 kmps 5ms peak
- 9.6 Mbps, 978 mps 50ms peak (configured)
- 2 Mbps, 202 mps 500ms peak (delay target)
© 2023 Pico Quantitative Trading LLC. All rights reserved 625 .
CANCELLING A STORED DATA ANALYSIS JOB WITH THE CLI
Use the no start command to cancel a stored data analysis job while it is running. For example:
host(config-stored-data-analysis-job)$ no start
Cancel request was successful (job was in progress)
host(config-stored-data-analysis-job)$ show stored-data-analysis-job
stored-data-analysis-job slow-email
include-session HTTP-RTT-offline
include-file capture:slow_email-load_130114.pcap port PortA
Current status: cancelled (74%)
WARNING: job was cancelled. Results below may be incomplete.
Requested at: 14:06:45 18 Feb 2017 UTC
Analysis started at: 14:06:45 18 Feb 2017 UTC
Analysis finished at: 14:06:54 18 Feb 2017 UTC
First packet timestamp: 18:02:50.503495000 13 Jan 2017 UTC
Last packet timestamp: 18:05:11.845908000 13 Jan 2017 UTC
Interface Received Sent
--------- -------- ----
PortA:
bytes 7811846
packets 12042
ignored pkts 0
dropped pkts 0
frame errors 0
CRC errors 0
protocol errors 0
truncated pkts 0
duplicate pkts 0
unknown pkts 0
Packets dropped during disk capture: 0
You can use the show session command to view session results up to the point the stored data
analysis job was cancelled.
CONFIGURING STORED DATA ANALYSIS USING THE
CLI
The following sections provide more detail about the CLI commands and procedures involved when
configuring stored data analysis.
© 2023 Pico Quantitative Trading LLC. All rights reserved 626 .
Configuring stored data analysis using the CLI involves:
l [Optional] Importing a capture file for analysis
l Setting a session to offline mode
l Configuring a stored data analysis job
Importing a Capture File for Analysis Using the CLI (Optional)
In cases where you want to analyze a capture file exported from the CNE UI or a capture file that was not
generated on the CNE, you must upload the capture first, then run an analysis job. You can upload
capture files to the CNE
l Using the CNE CLI copy command
l Using ssh from a Remote Machine
USING THE CNE CLI COPY COMMAND
To upload a capture file to the CNE using the CLI copy command, use:
copy URI capture:<file-name>
where URI is one of
ftp://<user>@<hostname>/<file-path>
scp://<user>@<hostname>/<file-path>
tftp://<hostname>/<file-name>
http://<hostname>/<file-name> (source only)
http://<user>:<password>@<hostname>/<file-name> (source only)
and where
<hostname> is a CNE DNS host name or a numeric IP address
<file-path> is treated as relative to the user's home directory; denotes an absolute path if prepended
with double-slash (//)
For ftp: and scp: protocols the destination file path is relative to the user's home directory. Use double-
slash to specify absolute paths, for example scp://myhost//var/tmp/myfile. Destinations can be
both file name or directory name; in the latter case the original source file name is used as the destination.
© 2023 Pico Quantitative Trading LLC. All rights reserved 627 .
In the following example, the capture file named slow-email.pcap is imported using the copy scp
command:
host(config)$ copy scp://fred@acme-serv//PCAPS/slow-email.pcap capture:
enter fred@acme-serv's password:
Downloading file "/PCAPS/slow-email.pcap" from remote server ...
|=========================================================================|
100%
Transfer complete.
USING SSH FROM A REMOTE MACHINE
To copy a capture file to the CNE using ssh from a remote device, use:
ssh admin@<cne-name | ip-address> install capture-file <capture-file-name> <
file-path/capture-file-name
In the following example, the capture file named slow-email.pcap is uploaded to the CNE:
$ ssh admin@nyc-cne install capture-file slow-email.pcap < slow-email.pcap
STORAGE OF FILES
Uploaded capture files are stored in the same CNE capture:/ directory as manual packet captures. As
well as the Stored Data File Management screen, you can also use the dir capture: CLI
command to check the current set of uploaded capture files.
NOTE: The CNE employs a separate logical hard disk configuration for storing packet capture files.
Packet capture files generated automatically by Corvil Event Inspection in response to event triggers
and those generated by manual packet capture share the same disk.
The capture-settings event-trace-quota percent command allows for the percentage
of the disk allocated to capture files generated by Event Inspection to be adjusted between zero and
100 percent. Normally the disk is split between Event Inspection and manual capture files, that is, the
default value for disk allocation for Event Inspection capture files is 90%. The remaining disk space is
used by manual capture files and uploaded capture files for analysis.
© 2023 Pico Quantitative Trading LLC. All rights reserved 628 .
Preparing a Session for Stored Data Analysis Using the CLI
Defining a stored data analysis job includes specifying one or more sessions to match the captured traffic
and display the results of the analysis. To produce results when the stored data analysis job runs, the
session(s) must be configured to match traffic in the capture file and to operate in offline mode.
To switch a session to offline mode for use in a stored data analysis job, use the session-operation
command in the session context.
session-operation {offline | online}
The default setting is online.
NOTE: Setting a session to offline mode does not in itself remove all existing session history. Session
data is deleted when the stored data analysis job is run. Offline analysis populates these sessions with
data from capture files.
A session in offline mode can be switched to online mode (for live traffic measurement) using the
session-operation online command.
In the following example, the session with label HTTP-RTT-offline is set to offline mode:
host(config)$ session HTTP-RTT-offline
host(config-session)$ session-operation offline
host(config-session)$
NOTE: Remember that if you define a session to measure all packets but with no subnet-filtering (that
is, using src any dst any), you have to specify a filter-class of class-default to match traffic:
host(config-session)$ filter-class class-default
Configuring a Stored Data Analysis Job Using the CLI
Configuring a stored data analysis job using the CLI involves the following procedure:
l Define the capture-analysis job using the stored-data-analysis-job command
© 2023 Pico Quantitative Trading LLC. All rights reserved 629 .
l Select a previously-defined stored data analysis session for the stored data analysis job using
the include session command
l Select a capture file from the CNE capture: directory using the include-file command
l Kick off the stored data analysis job using the start command
DEFINING A STORED DATA ANALYSIS JOB
To begin the process of defining a stored data analysis job, use the stored-data-analysis-job
command.
stored-data-analysis-job <job-name>
job-name
Specify a unique name for the stored data analysis job.
Use no stored-data-analysis-job <job-name> to delete a stored data analysis job. Use no
stored-data-analysis-job * to delete all stored data analysis jobs.
In the following example a stored-data-analysis-job named slow-email is defined:
host(config)$ stored-data-analysis-job slow-email
ASSIGNING A SESSION TO A STORED DATA ANALYSIS JOB
To assign a stored data analysis session to a stored data analysis job, use the include-session
command.
include-session <name>]
no include session <name>]
Name
Specify a session name.
A stored data analysis session can be attached to only one analysis job at a time. However, since a
session can only store one set of history, if a session is attached to two analysis jobs then only the results
from the most recently run analysis job are available on that session.
© 2023 Pico Quantitative Trading LLC. All rights reserved 630 .
In the following example, a stored-data-analysis-job named slow-email is defined using a previously-
defined stored data analysis session with label HTTP-RTT-offline:
host(config)$ stored-data-analysis-job slow-email
host(config-stored-data-analysis-job)$ include-session HTTP-RTT-offline
SELECTING A CAPTURE FILE FOR THE STORED DATA ANALYSIS
JOB
To specify the capture file to be included in the stored-data-analysis-job, use the include-file command.
include-file capture:<capture-filename> [port <port>] [vport <vport>]
no include-file capture:<capture-filename>
capture-filename
Specify the name of the capture file to be analyzed.
The capture files must be available in the CNE capture: directory.
port
[Optional] Specify that each packet from the capture file is treated as though it arrived on the specified
CNE physical port.
If no port is specified, PortA is assumed.
vport
[Optional] Specify that each packet from the capture file is treated as though it arrived with the specified
aggregation-tap virtual port tag.
Use no include-file to remove a single file or no include-file * to remove all files from the
stored-data-analysis-job.
For each capture file you can optionally define the CNE port (A-D) and vport number to associate with the
file, and every packet in the file is processed as if it came from the specified port and vport.
In the following example, the capture file named slow_email-load-130114.pcap is included in the
stored data analysis job:
host(config-stored-data-analysis-job)$ include-file capture:slow_email-load_
130114.pcap
© 2023 Pico Quantitative Trading LLC. All rights reserved 631 .
STARTING THE STORED DATA ANALYSIS JOB
To kick off a stored data analysis job, use the start command. The start command requires
confirmation to delete any existing data on the included session(s).
start
no start
Use no start to cancel stored data analysis job once it is running.
For example, to start a stored data analysis job:
host(config-stored-data-analysis-job)$ start
This will erase all measured data on attached sessions. Continue (y/n)? y
host(config-stored-data-analysis-job)$
Only the specific offline-mode sessions that are included in the stored data analysis job are loaded. All
other sessions in the configuration are ignored. The stored data analysis job begins by deleting all
previous data on all sessions included in the analysis. The stored data analysis job then processes the
capture data in timestamp order, keeping the original capture timestamps. Offline analysis populates the
history of the included sessions with data from capture files.
The rest of the current CNE configuration is loaded when the stored data analysis job is started. For
example, custom-applications, service objectives, policy-maps, custom PNQM signatures, sites, and
subnet-groups are all loaded as normal and influence the outcome of the offline processing.
Stored data analysis results can then be viewed for the included sessions in the UI and CLI.
USING SSH TO RUN STORED DATA ANALYSIS JOBS
As well as using the CNE CLI start command, you can run a previously-defined stored data analysis job
using:
ssh admin@<cne-name | ip-address> stored-data-analysis-job start <stored-data-
analysis-job-name>
© 2023 Pico Quantitative Trading LLC. All rights reserved 632 .
In the following example, the capture-analysis job named slow-email has not yet been started:
$ ssh admin@nyc-cne stored-data-analysis-job status
Password:
dma-latency complete (100%)
hq-112 complete (100%)
sanfran-drops cancelled
slow-email not started
Thread status: idle
The example stored data analysis job named slow-email is run using ssh:
$ ssh admin@nyc-cne stored-data-analysis-job start slow-email
Password:
job started
Checking the example stored data analysis job status shows the job running:
$ ssh admin@nyc-cne stored-data-analysis-job status
Password:
Job Status
big-job complete (100%)
home-slow-email complete (100%)
my-job cancelled
slow-email running (76%)
Thread status: processing job slow-email
The example stored data analysis job run has completed:
$ ssh admin@nyc-cne stored-data-analysis-job status
Password:
Job Status
big-job complete (100%)
home-slow-email complete (100%)
my-job cancelled
slow-email complete (100%)
Thread status: idle
© 2023 Pico Quantitative Trading LLC. All rights reserved 633 .
Working with Manual Packet Captures
Assuming you have a Corvil license with the manual packet capture feature enabled, you can capture all
the packets from a specified set of sessions into a set of capture files.
For information on setting a disk quota for manual captures, setting a capture password and capture
compression, refer to the section "Packet Capture Data Settings" on page 551.
NOTE: You must be logged in to a Corvil appliance to configure manual packet captures.
You then transfer the resulting files to an accessible location for further processing. Both config and admin
users can perform packet captures and transfer the resulting capture file(s) to a remote machine.
All the packets processed by a packet capture session are logged to disk. To view the current set of
capture files you do the following:
host(config)# dir capture:
Each file name is the same as the defined capture instance and has the file extension appropriate to the
configured file format.
NOTE: The use of pcap format files means that a pcap header is also logged for each packet stored to
disk. This pcap header contains the packet timestamp, packet length in bytes (on the wire), and
capture length. This adds 16 bytes to the size of each packet stored.
Create a Set of Capture Files Containing the Packets from a Specified Set of Sessions
Step 1
Before you start the packet capture, check the manual capture percentage to see the available free space
on the system:
host(config)# show file-systems
Filesystem Size Used Available Used%
disk0: 228.2G 45.3G 182.9G 20%
disk1: 232.7G 21.6G 211.1G 9%
20.9G 1.1M 20.9G 0% manual capture
© 2023 Pico Quantitative Trading LLC. All rights reserved 634 .
188.5G 0 188.5G 0% event trace capture
Step 2
Create a new capture instance. In this example, the capture instance is named 'nyc-cap':
host(config)# capture nyc-cap
Step 3
Assign a session to the capture instance. The session name must already be configured.
In the following example, the specified session has previously been configured:
host(config-capture)# include-session-direction local-nyc forward
NOTE: The include-session-direction command has the following form:
include-session-direction <session-name> forward | reverse
For more information, see the topic on the "include-session-direction" CLI command in the Corvil
Analytics CLI Command Reference Guide.
Step 4
By default, the exported PCAP format does not include any information indicating which port on the CNE
received a given packet.
To store such information, you can optionally use the store-port-info command:
host(config-capture)# store-port-info
NOTE: The CNE port information is embedded in the source MAC address reported in the capture file.
The resulting capture file can be read using standard tools. The originating CNE port is embedded in
the source MAC address using the following convention:
- 00 – PortA
- 01 – PortB
- 02 – PortC
- 03 – PortD
For example:
© 2023 Pico Quantitative Trading LLC. All rights reserved 635 .
tcpdump -ner <pcap-file-name> | less
16:37:40.069350 02:43:72:76:6c:02 > 00:04:23:e1:39:1f, Ethertype IPv4
(0x0800), length 60: ...
16:37:40.069356 02:43:72:76:6c:01 > 00:04:23:e1:39:1f, Ethertype IPv4
(0x0800), length 60: ...
Step 5
Set the packet payload size limit in megabytes for the packet capture.
If you do not set a packet payload size limit, there is no explicit limit set on the size of captured data. In this
example the size limit is set to 30MB:
host(config-capture)# size 30
Step 6
Set the time limit for the packet capture in minutes and the file format.
If you do not set a time limit, the default is to continue the packet capture indefinitely, until you stop the
capture manually, or the file size limit is reached, or you run out of disk space. If you run out of disk space,
packet capture will stop. In this example, the time limit is set to one hour:
host(config-capture)# duration 60 minutes
In this example configuration, a further two packet captures are set up. In each case the sessions have
been already configured:
host(config-capture)# capture hong-kong-cap
host(config-capture)# include-session-direction local-hk forward
host(config-capture)# size 30
host(config-capture)# duration 60 minutes
host(config-capture)# capture syd-cap
host(config-capture)# include-session-direction local-syd forward
host(config-capture)# size 30
host(config-capture)# duration 60 minutes
host(config-capture)# exit
Step 7
Start all of the configured packet captures using the global start capture command:
host(config)# start capture
Alternatively, if you use the start command in the config-capture context, you can start the specific
packet capture that you have just configured.
© 2023 Pico Quantitative Trading LLC. All rights reserved 636 .
Step 8
Check the current status of the capture process:
host(config)$ show capture
capture nyc-cap
started
size 30 MB
duration 1 hours
file name capture:nyc-cap
include-session-direction local-nyc forward
state: capturing to disk
Disk capture stats:
captured: packets: 977, len: 65953, caplen: 60574
dropped: packets: 0, len: 0, caplen: 0
capture hong-kong-cap
started
size 30 MB
snaplength 38 (default)
duration 60
file name capture:hong-kong-cap
include-session-direction local-hk forward
state: capturing to disk
Disk capture stats:
captured: packets: 1008, len: 68383, caplen: 62496
dropped: packets: 0, len: 0, caplen: 0
capture syd-cap
enabled
size 30 MB
snaplength 38 (default)
duration 60
file name capture:syd-cap
include-session-direction local-syd forward
state: capturing to disk
Disk capture stats:
captured: packets: 1008, len: 68383, caplen: 62496
dropped: packets: 0, len: 0, caplen: 0
The show capture command displays the following information:
l Capture configuration details
© 2023 Pico Quantitative Trading LLC. All rights reserved 637 .
l Current capture state
l Size of the capture data
l Number of captured/dropped frames
l Total number of bytes in captured/dropped frames
NOTE: The default number of bytes captured from the beginning of Ethernet frames (the snapshot
length) is 58 bytes. You can change this value with the snaplength command. For more
information, refer to the "snaplength" topic in theCLI Command Reference Guide.
The following describes the displayed packet capture states:
Not running
Packet capture not active; capture session paused (by no start command) or not yet started (by
start command)
Capturing to disk
Packet capture in progress
Packet capture complete (size limited)
Packet capture stopped because the file size limit has been reached. You need to manually stop packet
capture before performing other tasks with the capture file (for example, compressing or copying the
capture file.)
Packet capture complete (duration limited)
Packet capture stopped because the file size limit has been reached. You need to manually stop packet
capture before performing other tasks with the capture file (for example, compressing or copying the
capture file.)
Write error
CNE disk full
Step 9
To manually stop all packet capture sessions, you use the global no start command:
host(config)# no start capture *
© 2023 Pico Quantitative Trading LLC. All rights reserved 638 .
Alternatively, you can stop a specific packet capture using the config-capture context no
start command when in the context of the selected packet capture:
host(config-capture)# no start
NOTE: Stopping a packet capture session and then restarting the same session stores packets in the
new capture file. Existing capture files created by this instance are preserved.
Step 10
Examine the packet capture files:
host(config)# dir capture:
capture:/
Size Name
116512 nyc-cap
170258 hong-kong-cap
113496 syd-cap
The listed sizes of the packet capture files are usually greater than any configured size limit. The size limit
determines an upper limit on the amount of payload captured, but the final capture files include other data,
such as Event Inspection metadata, which may increase the file size.
Step 11
Export or copy the capture files to a tftp or ftp server, or using scp for further processing. There is an upper
file size limit of 2 Gigabytes on tftp transfers.
NOTE: To export the available capture files for a chosen time period on a specific session, use the
export-capture command. For more information, refer to the topic "Exporting Always-On, Event
and Manual Captures Using the CLI" on page 641.
If you have two or more sessions attached to a manual packet capture then that manual packet
capture won't be displayed in the Packet Capture Availability Bar and is not available for export using
the export-capture command. Exporting manual packet captures with the export-capture
command works only for manual captures that are attached to a single session.
To copy a defined manual packet capture from the CNE, use the copy capture command. In this
example, the capture files 'nyc-cap' and 'syd-cap' are copied using scp to the device with IP address
192.168.3.4:
host(config)# copy capture:nyc-cap scp://admin@192.168.3.4/nyc-cap
host(config)# copy capture:syd-cap scp://admin@192.168.3.4/syd-cap
© 2023 Pico Quantitative Trading LLC. All rights reserved 639 .
NOTE: scp is relative to the home directory of the user. If you want to use an absolute directory, use
the prefix // before the path name.
Alternatively, you can use the following to copy a capture file to an ftp server:
host(config)# copy capture:nyc-cap ftp://admin@192.168.3.4/nyc-cap
Or you can use the following to copy a capture file to a tftp server:
host(config)# copy capture:nyc-cap tftp://192.168.3.4/nyc-cap
For example, to copy the capture file 'nyc-cap' to an ftp server with IP address 192.168.3.4 as user
'admin', you use the following:
host(config)# copy capture:nyc-cap ftp://admin@192.168.3.4:nyc-cap
NOTE: When you export or copy a packet capture file off the appliance the file is automatically
compressed. Following an unzip you may see that the capture file size is different from that when the
file was on the appliance because a certain amount of the additional data appended to the file for use
in Event Inspection is removed. The file size may be greater than the configured size limit during the
packet capture. The size limit determines the upper limit on the amount of payload captured.
To read capture files larger than 4GB, you need to have at least Winzip version 9.0, 7-zip version 4.11,
Info-Zip's unzip version 6.0 or another zip utility that supports 64-bit zip archives.
You can only copy capture files for completed packet capture sessions.
If you have set a packet capture password, the exported capture file is encrypted and this password is
required to extract it. Refer to the section Setting a Packet Capture Password for more information.
Step 12
When you have verified the successful transfer of the files, remove the capture files:
host(config)# delete capture:*
Delete filename [nyc-cap] (y/n) ? y
Delete filename [syd-cap] (y/n) ? y
host(config)#
Alternatively, you can use the following to delete the files:
© 2023 Pico Quantitative Trading LLC. All rights reserved 640 .
host(config)# delete /force capture:*
host(config)#
Finally, you can check that the deletion has been successful by displaying the disk status:
host(config)# show file-systems
File system Size (KB) Used Available Used%
disk0: 70499556 3170948 67328608 4%
EXPORTING ALWAYS-ON, EVENT AND MANUAL
CAPTURES USING THE CLI
To export either always-on, event-triggered or manually generated captures, use the export-capture
command. You must be logged in to a CNE as an admin user to use the export-capture command.
NOTE: The export-capture command is not available on Corvil Management Center.
The file system being used (such as a local source or a remote server) dictates the syntax used in the
command.
export-capture [bidirectional | gaps| messages-unidirectional [with-
correlation] | messages-bidirectional [with-correlation] ]
<from-date-time><to-date-time>
session <name> [forward | reverse]
{capture:<capture-filename> |
tftp://[hostname|A.B.C.D]/<file-name> |
scp://username@[hostname|A.B.C.D]/filename |
ftp://username@[hostname |A.B.C.D]/filename]}
If no packet captures are available for the specified periods, the command returns with the appropriate
message. For example:
Error: No captures available for session 'HTTP-RTT' between 2017-04-14 11:30:00
and 2017-04-14 11:35:00
Otherwise, the portion of packet captures that overlap the range is exported in compressed (.zip) format.
© 2023 Pico Quantitative Trading LLC. All rights reserved 641 .
If bidirectional capture is specified, a PCAP file containing packets or messages from both directions of
the specified session is exported.
If message sequence gaps are specified with the gap parameter, a .csv file is generated with the detected
gaps.
If messages are requested, a .csv file is generated with the available messages. Messages can be
exported for a single direction or in both session directions.
In the case of message export, the optional keyword with-correlation exports the data from
correlation and translation sessions along with the data from the given session.
NOTE: If you have two or more sessions attached to a manual packet capture then that manual packet
capture won't be displayed in the Packet Capture Availability Bar and is not available for export using
the export-capture command. Exporting manual packet captures with the export-capture
command works only for manual captures that are attached to a single session.
Multiple packet captures within the same time period are merged into one file in packet timestamp order.
Where packet captures overlap, the system uses the packet traces with the largest available snaplength.
The export-capture command is used in conjunction with the global-trace-events (global
system setting) and trace-events (per session override setting) commands, where you can define a
snaplength to dictate how much of the frame is stored in the exported packet capture file, for example, if
you want the captures to contain useful data such as TCP headers.
Both commands also specify whether event detection triggers packet captures on the reverse session. By
default, bidirectional packet capture is disabled. Refer to the command topics in the Corvil Analytics CLI
Command Reference Guide for the command syntax and examples. You can also find a detailed
description in the topic "Disabling and Re-enabling Capture" on page 551 in this Guide.
Exporting Packet Captures - Examples
To export available capture files from 13:00 to 13:15 on May 15th 2017 to the CNE capture: directory for
the session with label FIX-RTT:
host(config)$ export-capture 2017-05-15 13:00:00 2017-05-15 13:15:00 session
HTTP-RTT capture:FIX-20170515
© 2023 Pico Quantitative Trading LLC. All rights reserved 642 .
To export available capture files from 15:00 to 15:15 on May 10th 2017 for the session named ldn using
ftp:
host(config)$ export-capture 2017-05-10 15:00:00 2017-05-10 15:15:00 session
ldn ftp://admin@local_serv/tmp/may102017-1500-1515
To export message data in PCAP format for both directions of the specified session between the specified
times:
host(config)$ export-capture bidirectional 2017-12-24 10:11:13 2017-01-23
01:02:03 session OrderLatency ftp://192.168.1.14/serv3
To export message sequence gap data in CSV format for the fully-specified session between the specified
times:
host(config)$ export-capture gaps 2017-12-24 10:11:13 2017-01-23 01:02:03
session OrderLatency ftp://192.168.1.14/serv3.ftp
To export message content in CSV format for only records from the session specified are exported:
host(config)$ export-capture messages-bidirectional 2017-12-24 10:11:13 2017-
01-23 01:02:03 session OrderLatency ftp://192.168.1.14/serv3
To export message content in CSV format with results from the session specified and the associated
correlation and translation sessions are exported:
host(config)$ export-capture messages-bidirectional with-correlation 2017-12-
24 10:11:13 2017-01-23 01:02:03 session OrderLatency ftp://192.168.1.14/serv3
NOTE: scp is relative to the home directory of the user. If you want to use an absolute directory, use
the prefix // before the path name.
© 2023 Pico Quantitative Trading LLC. All rights reserved 643 .
Volume Based PCAP Indexing
VOLUME BASED PCAP INDEXING OVERVIEW
Volume Based PCAP Indexing is a packet storage feature that writes all packets to a shared storage
volume to enhance capture and retrieval performance. The shared storage volume is accessed by a
special set of sessions called 'shards', which capture all packets received from the monitoring ports. The
captured packets are distributed to the shard sessions based on an index value. Sessions can be
configured to use these shards for storage and retrieval.
When you run a filter query on a session configured to use shared captures, for example, on Inspect Data,
PCAP export and CSV export, data is retrieved in parallel from shard sessions that contain data matching
the filter, making retrieval of the data faster.
Volume Based PCAP Indexing is enabled for all appliances running in “Network Capture” mode. It is not
enabled automatically in “Full Analytics” mode. This topic explains how and when to enable this new
feature.
SHOULD I ENABLE VOLUME BASED PCAP INDEXING?
Volume Based PCAP Indexing is recommended if
l you are capturing traffic on the default PortA, PortB, PortC and PortD sessions. Enabling the fea-
ture allows these sessions to avail of parallel access to shard sessions which speed up the rate of
storage and retrieval on the port sessions. Note that if you do not use the port sessions and have
intentionally deleted them, volume based capture may not be relevant on your appliance.
l you have a high-capacity CNE appliance and wish to capture all traffic with the highest per-
formance. For example, CNE-10000, CNE-9000, CNE-9000v2, CNE-8600, CNE-8600v2, CNE-
7850 and CNE-7750 appliances all benefit from being able to read/write to files in parallel. Appli-
ances such as CNE-6550, CNE-6850 and CNE-7550 will also benefit from enabling Volume
Based PCAP Indexing.
It is not recommended to enable Volume Based PCAP Indexing on smaller capacity CNEs, such as CNE-
6150. These appliances will not see a benefit from writing to an increased number of files in parallel, as the
storage subsystem does not have a sufficient number of physical write heads to make this efficient.
CONFIGURING VOLUME BASED PCAP INDEXING
Volume Based PCAP Indexing may already be enabled on your appliance.
© 2023 Pico Quantitative Trading LLC. All rights reserved 644 .
For example:
l your appliance is a CNE-9000 started in Network Capture mode running Corvil Analytics 9.4.4-
8600+9000-GA or Corvil Analytics 9.4.2-9000-GA
l your appliance is a CNE-8600 started in Network Capture mode running Corvil Analytics 9.4.4-
8600+9000-GA
l any appliance started in Network Capture mode running Corvil Analytics 9.5.0 or later
In these setups, Volume Based PCAP Indexing is already up and running - the necessary shard sessions
and the sessions that use shared captures are already defined on your appliance and are ready to start
capturing. No further configuration is required.
NOTE: Shard sessions are not included on dashboards so their configuration can only be checked on
the System Administration - Sessions screen (see the section "Volume Based PCAP Indexing
From the UI" further on) or by using the show session Shard* CLI command. They are also
visible on the show flow-diag results.
Similarly, use the System Administration screen or using the show session command to check that
the port sessions are configured to use shared captures.
Volume Based PCAP Indexing may not be enabled on your CNE (use the check method noted above). For
example, when
l your appliance is started in Full Analytics mode
l the default shard sessions have been inadvertently deleted or sessions have been re-configured
not to use shared captures. This is an unlikely event but it can happen if, for example, you change
the software mode on your appliance from Network Capture to Full Analytics mode (see note) and
have not used the parameter keep-config to prevent the shard sessions from being deleted. If
this is something that you plan to do, then when changing to Full Analytics mode, use the sys-
tem-setting software-mode full-analytics keep-config CLI command. Using
this setting keeps the previous configuration, and hence the default Volume Based PCAP Indexing
in Network Capture mode is preserved.
In these scenarios, the shard sessions and sessions using shared captures do not or no longer exist in the
appliance, and you must manually configure them if you want to avail of the retrieval efficiencies that using
Volume Based PCAP Indexing offers you.
NOTE: You must have a valid license in order to use your appliance. In Full Analytics mode, additional
monitoring and analytics features are available depending on how the product is licensed. Contact
Corvil Technical Support to request a license. Refer to the topic "Installing a License" in the Corvil
Administration Guide for details on how to install a Corvil license.
© 2023 Pico Quantitative Trading LLC. All rights reserved 645 .
HOW TO ENABLE VOLUME BASED PCAP INDEXING
If Volume Based PCAP Indexing is not enabled on your appliance, you can manually configure it if
required.
Enabling Volume Based PCAP Indexing involves changing the way packets are stored to disk for the
PortA, PortB, PortC and PortD sessions. As a result, if a session is changed to use volume based
indexing, packets captured prior to the change will not be accessible, though they will still be stored on the
disk. To avoid losing access to captures, and to avoid storing unnecessary and inaccessible packets on
disk, Corvil recommends using the following procedure when enabling Volume Based PCAP Indexing on a
CNE.
l (optionally) Disable capture on existing per-port sessions, and rename them
l create shard sessions to capture the packets on your appliance ports
l configure the port sessions to use shared captures, that is, retrieve the packets from the shard
sessions
l access/remove legacy packet captures
l align shard session quotas with quotas for original port sessions
Enabling Volume Based PCAP Indexing
Step 1: Disable capture on existing per-port sessions, and rename them
Stop captures on your port sessions by disabling trace-events, then rename the session so that you can
access any existing captured packets later.
For example, on a four-port CNE, run the following commands:
session PortA
no trace-events
rename session PortA PortA-legacy
session PortB
no trace-events
rename session PortB PortB-legacy
session PortC
no trace-events
rename session PortC PortC-legacy
session PortD
no trace-events
rename session PortD PortD-legacy
© 2023 Pico Quantitative Trading LLC. All rights reserved 646 .
NOTE: This configuration change will stop capturing traffic so captures will be missing until you apply
the new port session configuration in the next section.
If the CNE is managed by a CMC, then use the CLI command “rename session PortA PortA-legacy on-
cne cne-name” to rename the session.
Step 2: Create 'shard' sessions and configure ports sessions for shared captures
You must define a set number of shard sessions on your CNE. The number of shard sessions that must be
defined is determined by the platform you are using.
The table below shows the number of shard sessions that you must configure on each platform.
Number of Shard
Platform
Sessions
CNE-6150 4
CNE-6550, CNE-6850, CNE-7550 8
CNE-7750, CNE-7850, CNE-8600, CNE-8600v2, CNE-9000, CNE-9000v2,
16
CNE-10000
NOTE: A full cluster of shard sessions must be configured for packets to be retrievable. Failure to do
this will also result in an exception error when using getPcap, getAnalytics and getPacketCsv
API requests for a shared capture session.
CLI commands for configuring Volume Based PCAP Indexing
To configure a session as a shard session, you need to use the attached-shard command when
configuring the session. The shard session must be a packet-only, unidirectional session configured with
legacy-gui-only and attached to all monitoring ports. The session must also be configured with
attached-sensor none and it must be online with one CNE session.
For a session to retrieve data from the shard sessions, it must be configured with trace-events use-
shared-captures. This option is only available for single class, packet-only, unidirectional sessions,
configured with no legacy-gui-only with a single port attached. The session must also be
configured with default filter-class, no subnet groups, attached-sensor none and it must be online
with one cne session.
Refer to the CLI Reference Guide for more information on the trace-events and attached-shard
CLI commands.
© 2023 Pico Quantitative Trading LLC. All rights reserved 647 .
For a CNE-10000, CNE-9000, CNE-9000v2, CNE-8600 or CNE-8600v2, a full shard session
configuration (16 shards) is shown below. These appliances have 2 port sessions which must both be
configured for shared captures:
session Shard0
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 0 of 16
trace-events always-on snaplength ALL
session Shard1
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 1 of 16
trace-events always-on snaplength ALL
session Shard2
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 2 of 16
trace-events always-on snaplength ALL
session Shard3
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 3 of 16
trace-events always-on snaplength ALL
session Shard4
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 4 of 16
trace-events always-on snaplength ALL
session Shard5
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 5 of 16
trace-events always-on snaplength ALL
session Shard6
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
© 2023 Pico Quantitative Trading LLC. All rights reserved 648 .
attached-shard 6 of 16
trace-events always-on snaplength ALL
session Shard7
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 7 of 16
trace-events always-on snaplength ALL
session Shard8
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 8 of 16
trace-events always-on snaplength ALL
session Shard9
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 9 of 16
trace-events always-on snaplength ALL
session Shard10
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 10 of 16
trace-events always-on snaplength ALL
session Shard11
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 11 of 16
trace-events always-on snaplength ALL
session Shard12
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 12 of 16
trace-events always-on snaplength ALL
session Shard13
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 13 of 16
trace-events always-on snaplength ALL
session Shard14
© 2023 Pico Quantitative Trading LLC. All rights reserved 649 .
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 14 of 16
trace-events always-on snaplength ALL
session Shard15
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 15 of 16
trace-events always-on snaplength ALL
session PortA
attached-port PortA
attached-sensor none
session-type unidirectional
filter-class class-default
trace-events use-shared-captures
no legacy-gui-only
tag physical-port PortA
session PortB
attached-port PortB
attached-sensor none
session-type unidirectional
filter-class class-default
trace-events use-shared-captures
no legacy-gui-only
tag physical-port PortB
If configuring a CNE-7750 or CNE-7850 appliance, which requires 16 shards but has 4 ports, you can use
the above configuration, with the additional configuration below for the 2 extra port sessions:
session PortC
attached-port PortC
attached-sensor none
session-type unidirectional
filter-class class-default
trace-events use-shared-captures
no legacy-gui-only
tag physical-port PortC
session PortD
attached-port PortD
attached-sensor none
session-type unidirectional
filter-class class-default
trace-events use-shared-captures
no legacy-gui-only
tag physical-port PortD
© 2023 Pico Quantitative Trading LLC. All rights reserved 650 .
For CNE-6550, CNE-6850, CNE-7550, a full shard session configuration (8 shards), with 4 ports is as
follows:
session Shard0
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 0 of 8
trace-events always-on snaplength ALL
session Shard1
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 1 of 8
trace-events always-on snaplength ALL
session Shard2
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 2 of 8
trace-events always-on snaplength ALL
session Shard3
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 3 of 8
trace-events always-on snaplength ALL
session Shard4
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 4 of 8
trace-events always-on snaplength ALL
session Shard5
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 5 of 8
trace-events always-on snaplength ALL
session Shard6
filter-class class-default
© 2023 Pico Quantitative Trading LLC. All rights reserved 651 .
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 6 of 8
trace-events always-on snaplength ALL
session Shard7
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 7 of 8
trace-events always-on snaplength ALL
session PortA
attached-port PortA
attached-sensor none
session-type unidirectional
filter-class class-default
trace-events use-shared-captures
no legacy-gui-only
tag physical-port PortA
session PortB
attached-port PortB
attached-sensor none
session-type unidirectional
filter-class class-default
trace-events use-shared-captures
no legacy-gui-only
tag physical-port PortB
session PortC
attached-port PortC
attached-sensor none
session-type unidirectional
filter-class class-default
trace-events use-shared-captures
no legacy-gui-only
tag physical-port PortC
session PortD
attached-port PortD
attached-sensor none
session-type unidirectional
filter-class class-default
trace-events use-shared-captures
no legacy-gui-only
tag physical-port PortD
For CNEs managed by a CMC
For 9.5 or later releases, if the CNE is managed by a CMC, you will need to append “on-cne cne-name” to
each of the “session” lines in the configurations above. For example:
© 2023 Pico Quantitative Trading LLC. All rights reserved 652 .
session Shard0 on-cne cne1
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 0 of 8
trace-events always-on snaplength ALL
session Shard1 on-cne cne1
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 1 of 8
trace-events always-on snaplength ALL
session Shard2 on-cne cne1
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 2 of 8
trace-events always-on snaplength ALL
session Shard3 on-cne cne1
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 3 of 8
trace-events always-on snaplength ALL
session Shard4 on-cne cne1
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 4 of 8
trace-events always-on snaplength ALL
session Shard5 on-cne cne1
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 5 of 8
trace-events always-on snaplength ALL
session Shard6 on-cne cne1
filter-class class-default
attached-sensor none
session-type unidirectional
legacy-gui-only
attached-shard 6 of 8
trace-events always-on snaplength ALL
session Shard7 on-cne cne1
filter-class class-default
attached-sensor none
© 2023 Pico Quantitative Trading LLC. All rights reserved 653 .
session-type unidirectional
legacy-gui-only
attached-shard 7 of 8
trace-events always-on snaplength ALL
session PortA on-cne cne1
attached-port PortA
attached-sensor none
session-type unidirectional
filter-class class-default
trace-events use-shared-captures
no legacy-gui-only
tag physical-port PortA
session PortB on-cne cne1
attached-port PortB
attached-sensor none
session-type unidirectional
filter-class class-default
trace-events use-shared-captures
no legacy-gui-only
tag physical-port PortB
session PortC on-cne cne1
attached-port PortC
attached-sensor none
session-type unidirectional
filter-class class-default
trace-events use-shared-captures
no legacy-gui-only
tag physical-port PortC
session PortD on-cne cne1
attached-port PortD
attached-sensor none
session-type unidirectional
filter-class class-default
trace-events use-shared-captures
no legacy-gui-only
tag physical-port PortD
Step 3: Accessing legacy packet captures
After these configuration changes, new captures will be written to the new PortA / PortB / PortC / PortD
sessions that you have created.
If you need to access captures for periods preceding the configuration changes, you will need to access
the PortA-legacy / PortB-legacy / PortC-legacy / PortD-legacy sessions.
Step 4: Delete legacy sessions and align capture quotas
Once you no longer need the captures in the ‘legacy’ sessions, it is recommended that you delete them in
order to free up disk space.
© 2023 Pico Quantitative Trading LLC. All rights reserved 654 .
Also, if you have assigned additional storage to the original PortX sessions, using the ‘capture-quota’
commands, then you should apply these quotas to the new ‘ShardX’ sessions. For example, if you had
applied 10% of the capture quota to each of PortA and PortB on a CNE-9000, then after deleting the
legacy sessions you should apply a quota of (20% / 16 ) = 1.25% to each of the 16 ShardX sessions.
Volume Based PCAP Indexing From the UI
Currently you can only fully configure Volume Based PCAP Indexing using CLI commands. You can,
however, use the System Administration - Sessions screen on a CNE or Corvil Management Center
to check the configuration of Volume Based PCAP Indexings.
To check that the shard sessions are configured, filter on 'shard' on the System Administration -
Sessions screen and ensure that the correct number of shard sessions are present (and correctly
configured) for your appliance.
NOTE: Shard sessions are not included on dashboards so their configuration can only be checked on
the System Administration - Sessions screen or by using the show sessions Shard* CLI
command. They are also visible on the show flow-diag results.
To check that the port sessions are using shared captures, open Advanced Settings and check that
'Used Shared Captures' is selected for Capture Settings.
NOTE: If the port sessions are not configured to use shared captures, you can set the option here and
click Save to save the session. The 'Used Shared Captures' option is only available for single class,
packet-only, unidirectional sessions, configured with no legacy-gui-only with a single port
attached. The session must also be configured with default filter-class, no subnet groups and no
attached sensor, and it must be online with one cne session.
Disabling capture on existing per-port sessions, and renaming the sessions can also be done on the UI.
To rename the session, simply type the new name in the Session Name entry box. You can disable
captures on the session by setting Capture Settings to "Disabled".
© 2023 Pico Quantitative Trading LLC. All rights reserved 655 .
Corvil Actions
Actions Overview 657
Accessing an Action - Examples 658
© 2023 Pico Quantitative Trading LLC. All rights reserved 656 .
Actions Overview
Corvil Actions offer extended functionality which can be accessed on the User Interface through
additional options selectable from the context menus in Data Search, Inspect Data, and Streams, or from
the global launch icon in the top right menu of relevant UI screens. You can also add some Actions to
dashboards (in fact, some Actions can only be used when displayed as a widget on a dashboard). They
allow you to quickly perform certain tasks or access certain visualizations, depending on the kind of traffic
you are monitoring.
Some examples are:
l In Data Search, viewing the call ladder-diagram for a particular VoIP signalling message.
l In Inspect Data, filtering on a field value.
l In Streams, viewing the connectivity to a host IP address.
l On a dashboard widget, viewing the TCP statistics across application flows in your network
NOTE: Some Actions are only available for the type of traffic that is being decoded and monitored. For
example, the option to view a VoIP ladder-diagram is only available if you are using Corvil to decode
VoIP traffic; the Export / Display Payload Action is only available for HTTP traffic, and so on.
Refer to the Corvil Actions Guide for information on currently available Actions and for information on
how to install and configure Actions.
© 2023 Pico Quantitative Trading LLC. All rights reserved 657 .
Accessing an Action - Examples
Actions are available only from the following locations:
l Data Search results
l the Messages table in Inspect Data
l Streams
l Global launch icon
l As a widget on a dashboard
To access an Action from Data Search, Inspect Data or Streams, click on the event or message in one of
the above (however, note that not all messages or event rows will have an associated Action) and select
the Action group.
To access a global Action, click on the global launch icon available on the top right menu of UI screens
that can use this Action.
To access an Action as a dashboard widget, you must first configure an Action widget for your Action. See
the topic "Defining an Action Widget Using the Widget Editor" on page 309
In the example below, the Action group is called “VoIP”, and has been accessed from the Messages table
in Inspect Data.
Then select an Action associated with this – for example, VoIP - View Ladder Diagram.
© 2023 Pico Quantitative Trading LLC. All rights reserved 658 .
The VoIP ladder diagram for that message displays:
The message details of a VoIP call between two people display, including the direction of each message,
the message type, and whether or not it’s an error message. To access further information, click on any of
the numbered messages:
© 2023 Pico Quantitative Trading LLC. All rights reserved 659 .
To quickly download a packet capture file representing the call, click PCAP EXPORT and select
Signalling (or RTP):
In the example below, the global Action UTC Clock Sync Report can be selected.
This opens a window in which you can select the time range for which you want to generate a UTC Clock
Sync Report for your CNE.
Click View Report to download this report in PDF format to your machine.
© 2023 Pico Quantitative Trading LLC. All rights reserved 660 .
A sample page of the pdf report is shown below.
© 2023 Pico Quantitative Trading LLC. All rights reserved 661 .
In the example below, a widget has been created for the Network Health Action. The network information
is displayed for the last 24 hour period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 662 .
Corvil Flow Query
Flow Query Overview 664
Enabling Flow Indexing 665
Connecting to the Web Services API 667
Running Flow Queries 668
© 2023 Pico Quantitative Trading LLC. All rights reserved 663 .
Flow Query Overview
Corvil Flow Query captures per-second activity of all flows on Corvil appliances and enables fast and
powerful queries, including time range selection, filtering and multi-level aggregation.
In release 9.5.0 or later, Flow Query is enabled by default on Corvil appliances in Full Analytics or Network
Capture mode.
When enabled, the Corvil Flow Query feature writes information about all flows to disk, where it is ready to
be queried using Web Services API requests.
NOTE: See "Enabling Flow Indexing" on the facing page for information on how to check the flow index
setting and how to enable and disable it.
NOTE: In release 9.5.0 or later, appliances using Network Capture mode cannot run flow queries
using Web Services API requests. The information below on running flow queries applies to appliances
in Full Analytics mode only.
Corvil Flow Queries to the Web Services API supply the following parameters:
l the time range to query
l (optional) a Corvil Query Language (CQL) filter
l (optional) an aggregation list, e.g. aggregate by port, application
l whether to return all flows or just the aggregated summaries
l options to provide measurement points and watchlist information
All queries return data in CSV format.
For more information, please refer to the following topics:
"Enabling Flow Indexing" on the facing page
"Connecting to the Web Services API" on page 667
"Running Flow Queries" on page 668
© 2023 Pico Quantitative Trading LLC. All rights reserved 664 .
Enabling Flow Indexing
Flow queries use local, optimized flow indexing on Corvil appliances, which does not depend upon the
existence of pre-configured Corvil sessions.
NOTE: In release 9.5.0 or later, Flow Query is enabled by default on Corvil appliances in Full Analytics
or Network Capture mode.
To check the current setting to see if flow indexing is enabled, access the CLI and enter the following
command:
show system-settings | include global-data
Global search may be disabled, as in the following sample output.
host(config)$ show system-settings | include global-data
system-setting global-data-search disabled
Or it may be enabled. Note however that in this case, flow indexing is still not enabled.
host(config)$ show system-settings | include global-data
system-setting global-data-search enabled
To enable flow indexing, you add the extra option with-flow-index, as follows:
system-setting global-data-search enabled with-flow-index
When flow index is enabled it automatically gathers TCP statistics. You can configure the RTT calculation
mode that should be used for the flow-index RTT statistics to continuous filtered or continuous unfiltered.
Use the continuous-filtered option to monitor persistent TCP connections. The measurement is based on
the time taken for sequence numbers to be acknowledged. The possible effects of delayed
acknowledgements are filtered out when using this calculation mode. This is the default mode.
Use the continuous-unfiltered option if filtered measurements are not required (for example, delayed
acknowledgements are not an issue).
To calculate RTT traffic using continuous filtered mode, use:
system-setting flow-index-rtt-calculation continuous-filtered
© 2023 Pico Quantitative Trading LLC. All rights reserved 665 .
To calculate RTT traffic using continuous unfiltered mode, use:
system-setting flow-index-rtt-calculation continuous-unfiltered
In 9.6.x or later releases, you can set a system-setting to allow MAC address fields to be included in the
Flow Index data, allowing them to be exposed via the XML API getFlowTableCsv. To enable MAC address
fields in flow index, use:
system-setting flow-index-mac-addresses enabled
© 2023 Pico Quantitative Trading LLC. All rights reserved 666 .
Connecting to the Web Services API
Flow record information is accessed via the Corvil Web Services API. To verify API connectivity via an
unauthenticated connection, use the following URL format (note that API connectivity uses port 5101, or
port 443 in secured mode):
http:// <CNE-IP-address-or-hostname>/ws/statsMTOM-v2
The example below uses
http://172.20.4.144:5101/ws/statsMTOM-v2
to show the list of Web Services endpoints on a Corvil appliance specified by IP address.
© 2023 Pico Quantitative Trading LLC. All rights reserved 667 .
Running Flow Queries
Client applications or scripts can use the API to retrieve information from a Corvil appliance by encoding
and sending a request in XML tags. The Corvil appliance processes requests and responses are sent
directly back to the client.
Using the XML API command getFlowTableCsv, flow query results are returned as a binary CSV file
attachment over MTOM. Please refer to the topic "Retrieving Flow Query CSV Results" in the Corvil XML
API Reference Guide for more information on using this command.
NOTE: In release 9.5.0 or later, flow queries can only be run from appliances using Full Analytics
mode.
The following is the default template SOAP XML on which structured queries for a CNE are based:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:typ="http://www.corvil.com/ws/stats/types">
<soapenv:Header/>
<soapenv:Body>
<typ:flowTableCsvRequest watchlistMetadata="false"
showMeasurementPoints="false">
<!--Optional:-->
<timeRange fromNs="?" toNs="?"/>
<!--Optional:-->
<query>?</query>
<!--Zero or more repetitions:-->
<aggregation>?</aggregation>
<!--Optional:-->
<summariesOnly>?</summariesOnly>
</typ:flowTableCsvRequest>
</soapenv:Body>
</soapenv:Envelope>
For Corvil Management Center the following template is used:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:typ="http://www.corvil.com/ws/stats/types">
<soapenv:Header/>
<soapenv:Body>
<typ:flowTableCsvRequest
cne="?"
watchlistMetadata="false"
showMeasurementPoints="false">
<!--Optional:-->
<timeRange fromNs="?" toNs="?"/>
<!--Optional:-->
<query>?</query>
<!--Zero or more repetitions:-->
© 2023 Pico Quantitative Trading LLC. All rights reserved 668 .
<aggregation>?</aggregation>
<!--Optional:-->
<summariesOnly>?</summariesOnly>
</typ:flowTableCsvRequest>
</soapenv:Body>
</soapenv:Envelope>
There are a number of supported options. Below are some examples. For more detailed descriptions of
tags and their attributes, please refer to the topic "Retrieving Flow Query CSV Results" in the Corvil XML
API Reference Guide.
l To specify the start and end of the required time period in nanoseconds:
<timeRange fromNs="1465510500000000000"
l To specify a query:
<query>tcp</query>
l To group results by application:
<!--Zero or more repetitions:-->
<aggregation>applications</aggregation>
As well as application, the <aggregation> attribute supports the following time-based options:
conversations, talkers, listeners, ports, vports, time-seconds, time-minutes, and time-hours. In release
9.6.x or later aggregation is also supported for eth-talkers, eth-listeners and vlans.
l To only include summary level results, taking into account any aggregation configured, set the
Summaries option to 1 or true:
<!--Optional:-->
; <summariesOnly>1</summariesOnly>
l To ensure that all flows are included in the CSV file, set the Summaries option to 0 or false:
<!--Optional:-->
<summariesOnly>0</summariesOnly>
To also have additional metadata added to the flow records in the returned dataset, based on flows with
IPs that match the currently loaded IP watchlists, set the Watchlist Metadata attribute to true when the
Summaries option is set to zero:
watchlistMetadata="true"
The following is an example of a flow query request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:typ="http://www.corvil.com/ws/stats/types">
<soapenv:Header/>
<soapenv:Body>
<typ:flowTableCsvRequest watchlistMetadata="false">
© 2023 Pico Quantitative Trading LLC. All rights reserved 669 .
<!--Optional:-->
<timeRange fromNs="1467966300000000000" toNs="1467969900000000000"/>
<!--Optional:-->
<query></query>
<!--Optional:-->
<summariesOnly>0</summariesOnly>
</typ:flowTableCsvRequest>
</soapenv:Body>
</soapenv:Envelope>
The output of the preceding example query is shown on the right:
The following is an example of a flow query request to group results by application:
© 2023 Pico Quantitative Trading LLC. All rights reserved 670 .
The following request returns summary results for the flows grouped by applications during the same
period:
NOTE: If flow directions are spread across a CNE’s physical ports or vports, and you conduct a flow
query summarized by application, the results might not match the equivalent Event Inspection Top
Application results for the same period. If so, it is likely to be a flow-identification misconfiguration. You
can use the show-flow-diag command to check and diagnose flow identification issues. Refer to
© 2023 Pico Quantitative Trading LLC. All rights reserved 671 .
the Corvil Configuration Guide for more details.
Below is an example of query that narrows the search to a single IP address:
Results can also be returned based on watchlist matching. The example below shows a request that
returns TCP flow information (<query>tcp</query>) grouped by talkers during the specified time
period. This request returns watchlist information, as well as the standard TCP packet details and TCP
flow statistics, such as TCP event counters (Zero Window Size and OOS), TCP connection statistics
(setup/teardown) and RTT min-mean-max values:
© 2023 Pico Quantitative Trading LLC. All rights reserved 672 .
© 2023 Pico Quantitative Trading LLC. All rights reserved 673 .
UTC Clock Synchronization
Reporting
UTC Clock Synchronization Reporting Overview 675
Enabling UTC Clock Synchronization Reporting 677
Viewing UTC Clock Sync Reporting Results 678
© 2023 Pico Quantitative Trading LLC. All rights reserved 674 .
UTC Clock Synchronization Reporting
Overview
The UTC Clock Sync Reporting feature tracks the status of clock synchronization sources in your CNE
and the clock adjustments the CNE is making to keep itself synchronized to UTC. Tracking the accuracy
of timestamps from various sources against a configurable threshold of UTC is essential for MiFID II
compliance, hence UTC Clock Sync Reporting is usable for MiFID II order-record-keeping. You can
generate reports on UTC synchronization, showing details on UTC divergence and adjustments made.
Corvil’s UTC synchronization function converts the reference clock on the CNE (the hardware clock on
the monitoring NIC) to UTC, using the CNEs synchronization inputs (PTP, PPS + NTP). Hence, all packets
arriving at or being sent on CNE monitoring ports are UTC timestamped. Since the NIC clock is stable, the
UTC synchronization function can predict the next timestamp and hence report out of sync errors against
the clock sources.
The UTC Clock Sync Reporting function tracks the clock synchronization, including jitter and offsets from
UTC and stores them in a predefined session called “ClockTracking” (See note below on this session).
The amount of information that can be stored can be configured in the session.
UTC Clock Sync Reporting can capture the following types of events:
l Clock synchronization adjustments (for PPS and PTP clock sources)
l Clock synchronization state changes (for PPS and PTP clock sources)
l Secondary clock tracking: PTP (PPS as primary) (Valid for all supported platforms)
In addition to generating clock sync reports, you can also see the quality of timestamps for the events
happening in network by looking at the Streams user interface. Here, the "clock-sync lost" flag is used to
highlight if an event is out of sync. Any table entry, whose timestamp is out of sync with UTC, will have a
red clock icon (indicating that clock sync is lost) next to the timestamp. The flag is set based on the
tracking of clock events for the system’s clock sources.
Clock Adjustment Calculations
Clock adjustment events for locally captured timestamps will be collected if the global clock-sync option is
enabled. In all cases below, the adjustment is calculated on the absolute offsets between the clocks.
For primary clocks, clock adjustments are triggered by a difference between the external source
(PPS/PTP) and the NIC HW clock.
© 2023 Pico Quantitative Trading LLC. All rights reserved 675 .
For secondary clocks, the offset value is calculated as the difference between this and the primary clock-
sync source.
The data collected and stored by the UTC Clock Sync Reporting feature can be displayed via:
l getAnalytics and getMessageCSV API requests
l PDF reports for each monitored clock (PTP/PPS), generated by launching the UTC Clock
Sync Report Action.
NOTE: Predefined “ClockTracking” Session
The clock events tracked by the UTC Clock Sync Report Action are stored in a predefined session
called ClockTracking. This session is not visible on dashboards and while it can be viewed using the
show session CLI command, it can only be modified if you want to change the event-storage
setting (to configure the disk quota percentage for how much clock event information you want to
store). As this session has a reserved name, attempts to modify the session name, or to rename
another session to this name will result in an error.
You can delete the ClockTracking session, but you will get a warning if you try to delete this session
when the system clock-sync is enabled. You will also get a warning or if you try to enable clock-sync or
clock monitoring after the ClockTracking session has been removed.
If you recreate this session, after deleting it, it will inherit its original predefined settings.
You will get an error if you try to add this session to stored analytics jobs, analytics streams, multi hop
groups, multicast data feeds, user access groups, capture and capture export jobs.
On Corvil Management Center, a ClockTracking session can exist for every CNE supported. Pushing
configuration from Corvil Management Center to a CNE with an existing ClockTracking session, does
not remove the session.
No traffic will be matched by this session.
© 2023 Pico Quantitative Trading LLC. All rights reserved 676 .
Enabling UTC Clock Synchronization
Reporting
To enable the collection of clock synchronization and clock adjustment events, you need to enable clock
synchronization in your CNE. There are a number of configuration options for clock synchronization:
Option 1: Configure a primary clock sync source on your CNE using the following CLI command:
host(config)$ clock-sync <clock-source>
where clock-source can be PPS or PTP for UTC Clock Sync tracking.
Option 2: Configure a secondary clock-sync source by extending the above command with and-monitor.
host(config)$ clock-sync <clock-source> [and-monitor <other-clock-source>]
If you require both clock-sync sources, the only combination currently allowed is a primary PPS source
with a PTP secondary source:
host(config)$ clock-sync pps and-monitor ptp
Once you have configured your clock synchronization, tracking of the clock synchronization status and
any clock adjustments begins, with collected data stored in the ClockTracking session.
You can check the quality of your clock sources by running the command show clock-sync. For a
more detailed report, you can generate a UTC Clock Sync report.
Enabling clock synchronization in your system also allows you to see the quality of timestamps of events
on the Streams page.
© 2023 Pico Quantitative Trading LLC. All rights reserved 677 .
Viewing UTC Clock Sync Reporting
Results
To display the stored information, you can choose to retrieve the data using API requests or you can install
the UTC Clock Sync Report Action and display the information in a UTC Clock Sync Report in PDF format.
NOTE: If the UTC Clock Sync Report results show that your PPS clock is very inaccurate, Corvil
recommends that you configure your PPS clock source to be interrupted if the GPS signal is lost.
UTC CLOCK SYNC REPORT
By installing the UTC Clock Sync Report Action and launching the Action from the global launch icon on
the CNE user interface, you can generate a predefined report, called the UTC Clock Sync Report, which
contains information about the clocks configured on the CNE.
NOTE: The UTC Clock Sync Report Action is included in the latest Action Pack zip file. Refer to the
Corvil Actions Guide for more details on how to install and use the Action.
The UTC Clock Sync Report, which is available in PDF format, is generated for the time-period (minimum
5 minutes, maximum 60 days) that you selected when you launched the Action, rounded to the nearest
minute. It consists of a number of sections (separate reports) containing primary clock and secondary
clock information, depending on what you have configured in your CNE. Each of these sections contains
overview data for the clock, a maximum adjustment bar chart and a table detailing clock event
information. In addition to these, if the source is a PTP clock, the clock page contains clock metadata for
the PTP clock.
NOTE: All adjustments and offsets are included in the report.
The event information table shows the first 100 up and down events.
The clock event information displayed in the report includes:
l Primary clock adjustments: a new clock sample is received (HW+UTC) and the divergence
between the extrapolated future clock value and the new sample is calculated.
© 2023 Pico Quantitative Trading LLC. All rights reserved 678 .
l Clock-sync state changes: loss and restoration of clock-synchronization for primary and sec-
ondary clock sources is tracked.
l Secondary clock offsets: a new clock sample is received (HW+UTC) and the divergence
between the primary clock source value and the new sample is calculated, after the UTC clock
adjustment is applied.
l Total time synchronized, synchronization outage time and adjustment/offset statistics for
each clock source.
NOTE: The term 'adjustment' is used for HW-UTC samples, that is, system (primary) clock-sync
sources.
The term 'offset' is used for UTC-UTC samples, that is, secondary clock sources.
Below are samples of pages from a generated report for a system configured with a primary PTP clock
source.
© 2023 Pico Quantitative Trading LLC. All rights reserved 679 .
© 2023 Pico Quantitative Trading LLC. All rights reserved 680 .
For each clock source, the report contains the following sections:
© 2023 Pico Quantitative Trading LLC. All rights reserved 681 .
Overview panel
This panel displays:
l Total time synchronized: The percentage time that synchronization was up for the clock
source, for the duration of the UTC Clock Sync report. If synchronization has been up for the
whole reporting period, the circle will be in green, otherwise it will be in red.
l Max Outage: The maximum length of time that clock-sync was down, or there were no clock
events and the start and stop time when the outage occurred.
l Clock Stability: The maximum adjustment or offset time from the hardware or primary clock
source. The size and number of adjustments are reported and color-coded to highlight the
instability of the clock source.
PTP Clock Details - Displayed for clocks sources using PTP (Primary or Secondary
clock)
This section contains detailed metadata about the PTP clock synchronization source. In the example
shown, PTP clock details are displayed for the primary clock, which is a PTP clock source. This is the
information that can also be seen when using the cli command show ptp.
Clock Max Adjustment/Offset Bar Chart
This contains a bar chart showing the adjustments/offsets of the clock source over time, compared with
the hardware or primary clock source.
Clock Events Table
This table gives detailed event information with the timestamp at which the event happened:
l Time – The timestamp at which a clock event was recorded.
l Event – The Primary Clock event reported, with the following event types:
l Primary: PPS/PTP – The clock sync source that was affected
l Primary: PPS/PTP clock-sync UP – The clock sync was restored
l Primary: PPS/PTP clock-sync DOWN – The clock sync was lost. Note that disabling clock-
sync triggers a down event.
l Interval – The length of time that sync was up since the last down period.
l Status – Color-coded current status of the clock source - green for up, black for down.
© 2023 Pico Quantitative Trading LLC. All rights reserved 682 .
VIEWING CLOCK SYNC OF STREAMS EVENTS
The Streams user interface can give you an indication of the quality of the UTC clock synchronization of
your system. If a clock source has gone out of sync, any Streams events that occurred during the time the
system was out of sync will be highlighted by a red clock symbol next to the timestamp. Hovering over the
clock icon displays a tooltip indicating “UTC clock sync unavailable”, meaning that the timestamp for this
event is out of sync. The icon will only appear for out of sync events if clock-sync is enabled on your
system.
You can get more detail on the synchronization issue by clicking on the warning icon next to the rescan
button, or by generating a UTC Clock Sync Report.
© 2023 Pico Quantitative Trading LLC. All rights reserved 683 .
API REQUESTS FOR UTC CLOCK SYNC RESULTS
You can retrieve data related to UTC Clock Sync Reporting by using the getAnalytics and
getMessageCSV API requests with the predefined session “ClockTracking”.
Refer to the Corvil XML API Reference Guide for information on the request syntax and on the responses
you will get for this session.
Below is an example of the response you will get if you retrieve data for the “ClockTracking” session using
a getMessageCsv request.
# Clock synchronization event data
# Period start time: 1511863200000000000
# Period end time: 1511866800000000000
UTC time,Clock,Event type,Clock source,Nanoseconds,Debug
1511863200276734574,Secondary,offset,"PTP",115,"HW=1120184365298432"
1511863200776565919,Secondary,offset,"PTP",72,"HW=1120184865129741"
1511863201000000000,Primary,adjustment,"PPS",1,"HW=1120185088563858;NTPOffset
=-222682"
1511863201000000000,Primary,adjustment,"PPS",1,"HW=1120185088563858;NTPOffset
=-222682"
1511863200776565919,Secondary,offset,"PTP",72,"HW=1120184865129741"
1511863201276519241,Secondary,offset,"PTP",96,"HW=1120185365082960"
1511863201776463970,Secondary,offset,"PTP",105,"HW=1120185865027601"
1511863202000000000,Primary,adjustment,"PPS",-
1,"HW=1120186088563702;NTPOffset=-222682"
1511863202000000000,Primary,adjustment,"PPS",-
1,"HW=1120186088563702;NTPOffset=-222682"
1511863201776463970,Secondary,offset,"PTP",105,"HW=1120185865027601"
1511863202276431058,Secondary,offset,"PTP",72,"HW=1120186364994643"
1511863202776373562,Secondary,offset,"PTP",98,"HW=1120186864937042"
© 2023 Pico Quantitative Trading LLC. All rights reserved 684 .
Corvil Streams
Streams Overview 686
Monitoring Corvil Streams Using the Corvil UI 688
Configuring Corvil Streams 707
Connecting to an Analytics Stream - Example 729
Streams Type Conversion 738
Streams Limits 740
© 2023 Pico Quantitative Trading LLC. All rights reserved 685 .
Streams Overview
Corvil Streams identify key analytics for all applications on the monitored network, producing streams of
actionable events for review in the Corvil UI or integration with external systems. The network
environment is shared by hundreds of applications with different characteristics and requirements,
different users, and different problems.
From the continuous flow of this application data on your network, Corvil Streams pull out the key events
for each application and generates a concise summary for each one. These events can be reviewed,
filtered, and categorized in the Corvil UI or exported in real-time to third-party systems such as Splunk,
Hadoop, and Tableau.
The analytics stream for an application contains a variety of event data: performance and health reporting
generates events for server outages and response time issues; business level analytics are reported
through per-transaction summaries driven by decoding of the application payload. In release 9.5.0 or
later, you can also create an event to automatically stream the full set of captured message fields
supported by a plugin.
An analytics stream can easily be tuned. New event types can be added or existing events modified. Event
fields can be populated from any of the decoded network data or the additional analytics provided by
Corvil's Analytics Plugins suite.
Up to ten analytics streams may be defined and published concurrently, with a maximum of four clients
per stream and 20 or 50 unidirectional sessions per stream depending on the Corvil appliance being
used.
Corvil Streams also allows you to launch Actions for relevant events on the Events table. If installed, the
Actions are available in the contextual drop-down menu when you click on the timestamp of an event for
which an Action can be performed. Refer to the Corvil Actions Guide for information on currently available
Actions.
For more information, please refer to the following topics:
"Monitoring Corvil Streams Using the Corvil UI" on page 688
"Configuring Corvil Streams" on page 707
"Connecting to an Analytics Stream - Example" on page 729
"Streams Type Conversion" on page 738
"Streams Limits" on page 740
NOTE: For more information on getting Corvil Stream results via the Corvil Web Services XML API,
refer to the topic Retrieving Analytics Stream Results in the Corvil XML API Reference Guide.
© 2023 Pico Quantitative Trading LLC. All rights reserved 686 .
NOTE: In unsecured mode, the streams information is published over HTTP via the applications port
and over HTTPS via port 443. In unsecured mode, the default applications port used is 5101. You can
configure a different applications port using the app-port CLI command. If you use the force-
https CLI command to change to secured mode, port 443 will be used instead. The default or
configured applications port cannot be used in secured mode. Refer to the app-port CLI command
in the CLI Command Reference Guide for information on how to change the application port. You can
find related information on the applications port in the topic "Corvil Management Center and CNE
Access Flow" in the Corvil Administration Guide and in "Corvil Firewall Port Requirements" in the Corvil
Installation Guide.
© 2023 Pico Quantitative Trading LLC. All rights reserved 687 .
Monitoring Corvil Streams Using the
Corvil UI
When a Corvil stream has been defined using the CLI, click Streams to view stream results in the Corvil
UI.
NOTE: If you are using release 9.5.0 or later, you can configure a stream with the option include-
full-message which allows you to include all captured message fields for a given plugin in the
stream. The full message is streamed to clients and can currently only be retrieved using the
getLiveAnalyticStreamData API function. You cannot use the currently available Corvil
Connectors or getHistoricalAnalyticStream API methods for retrieving the full message field
data. Refer to the XML Guide for more information on using the getLiveAnalyticStreamData
API function.
Also, note that using the include-full-message option does not display all the message fields in
the Corvil Streams UI. Only the fields configured using set-decoded-field or set-field in the
same stream will be displayed on the UI and hence any required fields must be configured in the
stream using a mapping rule.
NOTE: If the message 'Too Many Events' is displayed on the Streams table, this is to inform you that
the Streams function has not been able to fetch and display all the events on the UI, rather than giving
an incomplete output. This affects the UI only and the complete set of events are delivered on the
stream itself.
For more information on defining Corvil Streams using the Corvil CLI, please refer to the topic "Configuring
Corvil Streams" on page 707.
NOTE: Launching Analytics Streams from Corvil Management Center is not supported.
NOTE: Access to results may be restricted depending on configured Corvil login privileges.
For example, results may be filtered to show only those Streams which the logged in user is allowed to
view. If a user is restricted from accessing results for a given session, they will also be restricted from
accessing any Stream that contains that session.
For more information on Corvil role-based access control, refer to the topic Role-based access
Control for Restricted Users in the Corvil Administration Guide.
© 2023 Pico Quantitative Trading LLC. All rights reserved 688 .
Each defined stream (up to the system-wide maximum of ten) is accessed by clicking the name.
Note that IP addresses in Streams might be displayed without the host names. Refer to the section for
information on how to also display host names.
Corvil Streams display defined stream events in live mode by default. Live view updates every five
seconds. You can pause live mode and the time at which Live view was Last Updated is displayed.
Toggle to pause or play live mode.
SELECTING A TIME PERIOD FOR STREAMS
You can switch back and forth from live mode to one of the available historical mode time periods
(includes the available system and user-defined reporting periods) or define a custom reporting period
and click Apply. Invalid custom reporting periods are flagged onscreen.
You can also change the time zone for the GUI from here.
© 2023 Pico Quantitative Trading LLC. All rights reserved 689 .
The selected time period remains the same as you move between different streams.
Unlike other UI screens, these reporting periods are relative to the millisecond timestamp (rounding
down) in server time that the reporting period was selected.
USING THE TIMELINE
In Historical mode the timeline bar covers the selected time period.
The green background indicates how much of the requested time-period was covered by the events in the
response (subject to the limit – see following table).
When you select a reporting period, the timeline populates from the start-time up to this limit and the bar
grows from left to right, starting at the period start time, acting as a progress bar as data is received.
Click Cancel to stop loading events for the selected reporting period. If the event display limit is reached,
the bar stops updating and the Cancel button is no longer available.
© 2023 Pico Quantitative Trading LLC. All rights reserved 690 .
In Live mode the bar covers the accumulated time.
The following table describes the meaning of the timeline shading and vertical bars:
Timeline
Description
Color
Green
Time period was examined and there were no events.
Dark green Time period was examined and there were events.
vertical bar
The sections of the timeline for which events or summary data is present are marked by a
background time-series, which is a graph of the number of rows per time-bucket.
Dark vertical Indicates the time of the last configuration change.
bar Rollover the bar to display tooltip details.
Time period not examined due to the event display limit being reached or due to the
results still being loaded.
Gray
The maximum number of events displayed per page is as follows:
Historic mode: 10,000 events
Live mode: 2,000 events
No data, or incomplete data available for this time period (indicates a data gap in the
White
past, or all or part of the selected time is in the future with respect to available data).
Click to display details of any measurement warnings impacting on the displayed results.
Measurements may be degraded due to
l capture drops
l clock-synchronization being unavailable
l decode failures
l decode failure due to tcp reassembly
© 2023 Pico Quantitative Trading LLC. All rights reserved 691 .
l decoded message field containing an invalid value
l duplicate packets
l flow tags being unstable
l calculating a configurable statistic resulting in an overflow
l pnqm drops
l port drops
l pnqm missing measurement (packet capture records not available, and so on.)
l pnqm hash-collisions over user-configurable threshold.
l pnqm session availability less than 100%
For more information, refer to "Corvil Measurement Warnings" on page 794.
Rolling over an indicated event displays details describing the number of matches found and the time and
date.
A packet-capture availability bar is displayed directly above the timeline.
The following table describes the meaning of different capture availability bar colors:
Description
Capture Availability Bar Color
Black Capture data available on all analytics stream sessions.
Grey Capture data available on some analytics stream sessions.
White (Gaps in the bar or no bar) No capture data available on any analytics stream sessions.
© 2023 Pico Quantitative Trading LLC. All rights reserved 692 .
NOTE: The green bar does not extend any further to the right than the capture availability bar. A gap
can arise, for example due to PNQM correlation delay, whereby data is not available up to the current
second.
Click or to page forward or back through the results.
When you move backwards or forwards along the timeline the selected reporting period is preserved. For
example, if a 1-hour reporting period is selected, clicking displays results for the preceding hour.
Click and drag on a selected area to zoom in on that timescale.
ANALYTICS STREAM RESULTS VIEW
Columns can be resized and re-ordered apart from the following:
l Events and Events in Violations fixed columns: Timestamp, Event Name
l Summaries fixed columns: Timestamp, Key-fields (defined in configuration, for example, Sym-
bol, Side)
When viewing Summaries, if the number of summaries available exceeds the configured row limit, then
the remainder are bundled into an overflow bucket.
You can select a row and click Details to display the details panel showing all fields in the selected row.
Statistic values that violate configured thresholds are displayed in red text. Hovering over violating values
displays a tooltip with the current threshold value.
© 2023 Pico Quantitative Trading LLC. All rights reserved 693 .
If clock-sync is enabled on your system, events reported as out of sync with the UTC clock, will display a
red clock symbol next to its timestamp. Hovering over the clock symbol displays a tooltip message “UTC
clock sync unavailable”, and clicking on the warning icon next to the Rescan button will show more
details. See the topic "UTC Clock Synchronization Reporting" on page 674. If clock-sync is not enabled,
out of sync events will not be highlighted on the Streams page.
The following describes the system-supplied columns in the view:
Event ID
Every event transmitted on the analytics stream, including heartbeats, has a 64-bit identifier that uniquely
identifies the event within that specific stream. These event IDs always increase from event to event, so
they can be used to request a range of missed data via historical retrieval requests. The event IDs are
approximately based on UTC time in nanoseconds, with adjustments to ensure uniqueness
Packet ID
Displays the system-defined packet identifier for the message to which this message was correlated
during PNQM latency calculation.
Msg. Offset
Displays the system-defined message offset for the message to which this message was correlated during
PNQM latency calculation.
Session ID
Displays the defined session name or ID.
Class ID
Displays the session class for which the measurement was made.
Decoder
Displays the analytics plugin used.
Msg. Type
Displays the decoded message type.
© 2023 Pico Quantitative Trading LLC. All rights reserved 694 .
Switching to Inspect Data
When viewing Events or Events in Violations the Timestamp is a link to switch to Inspect Data for the
selected session showing a one-minute time period starting with the selected message. The selected
message is highlighted at the top of the message table.
In the Inspect Data message table, click on a message timestamp to launch Event Inspection for a
one-minute period starting with the selected message.
© 2023 Pico Quantitative Trading LLC. All rights reserved 695 .
For more information on Inspect Data and using Event Inspection, please refer to the topic "Analyzing
Corvil Data" on page 420.
Exporting Stream CSV Results
In Historical mode, click to export a CSV file of the entire chosen period of events or summaries
with any filtering applied.
NOTE: Latency values are exported without escaping or quoting.
The CSV file uses its own column ordering.
NOTE: In excess of 268,000 results may be exported in the CSV file as opposed to the 10,000 event
limit or configured summary table row limit in the UI.
The actual summary table row limit may be lower than the configured value if the sum of the lengths of
individual key fields (all key fields concatenated) is greater than 32 characters.
FILTERING CORVIL STREAM RESULTS
The filter bar utilizes a simple query language, applying a case-sensitive exact-string match to determine
which results to display.
The filter applies to both event data and summary reporting and can be used in live or historical mode.
Filters consist of single-line expressions, consisting of variables and various numerical and logical
operators. The list of available variables depends on the definition of the analytics stream.
The filter provides feedback dynamically as you type a search expression, with suggestions listed on how
to complete or add to what you have typed so far.
For example, the following shows an incomplete query with a suggestion for what to type next:
© 2023 Pico Quantitative Trading LLC. All rights reserved 696 .
The following logical operators are available:
l and
l or
l not
You can also use parentheses ( ) to group terms. When evaluating boolean expressions, precedence is
given in the following order (highest to lowest): terms inside parentheses, not, and, or.
For example:
DNSquery and Latency > 1000ms;
(symbol=3402.T and currency=JPY) and not NewOrderSingle;
(src_ip=192.168.2.3) and dst_port = 53 and Latency >250ms
You can also search for particular statistics and threshold violations:
l Events
l Latency
l Loss
l MsgSeqGap
l <configurable-statistic-name> for example: Cancels
l Violation
l LatencyViolation
l LossViolation
l Violation. <configurable-statistic-name>
l Field.<event-field-name>
© 2023 Pico Quantitative Trading LLC. All rights reserved 697 .
l Summaries
l Latency (Min, Mean or Max)
l LossCount
l LossPercentage
l Count and Total Configurable statistics: <configurable-statistic-name> for example, Cancels
If you don't know which configurable statistics are available, enter ConfStat to display a list.
When the query is complete, press Enter or click SEARCH.
The set of displayed results is updated to reflect the applied query.
NOTE: For more details on the supported query language syntax, refer to the section Analytic Streams
Filter Query Language.
STREAMS FILTER QUERY LANGUAGE
The following describes the supported Analytics Streams filter query language:
Integers
An expression consisting of a single integer is matched by:
l any integer field containing the same value
l any string field consisting of a ASCII base-10 representation of the same value (exact match),
plus optionally leading zeros, a decimal point and zero or more trailing zeros
Example:
42
is matched by fields containing
42, "42", "42.000", "0042"
© 2023 Pico Quantitative Trading LLC. All rights reserved 698 .
Decimals
An expression consisting of a single decimal value with only zeros after a decimal point is treated as a
corresponding integer.
An expression consisting of a proper decimal value with non-zero fractional part is matched by a string
field containing an ASCII base-10 representation of the decimal, with zero or more trailing zeros and zero
or more leading zeros.
Example:
42.5
is matched by
"42.5", "42.500", "042.5" in any of the string fields.
Bare string literals
An expression consisting of an unquoted alphanumeric string that is not an integer or a decimal value or a
reserved word is matched by:
l any string field containing exactly the same value, case-sensitive
l a string field with a name identical (case-insensitive) to the literal, if it's present in the specific
event, regardless of the value
l an event type of a given name
l a virtual field (Violation flag, conf stat boolean field)
It is also allowed to use punctuation symbols in bare literals, except for characters that are operators or
parts of operators (!, <, >, =, ~, \, round brackets, single quote, double quote), unless they are escaped by
a '\' character.
Allowed characters:
#$%&*+,-./:;?@[ ]^_`{|}
\ is a generic escaping character.
Example:
An expression BGPNewRoutes is matched by any event of type BGPNewRoutes, and by any string field
with a case-ignore value "BGPNewRoutes".
© 2023 Pico Quantitative Trading LLC. All rights reserved 699 .
Quoted string literals
A string enclosed in either single or double quotes is treated similarly to bare string literals, except it may
contain spaces and other characters not allowed in bare literals. In order to use a single quote within
single-quoted string it needs to be escaped by a back-slash: 'O\'Neill' = O'Neill.
Also, for strings containing a large number of quote characters and backslashes, a triple-double-quote
syntax is available. """string'string"string\string""" = string'string"string\string. There are no provisions for
quoting characters inside a triple-double-quoted string, even if they contain a series of double-quote
characters. This is based on the Corvil implementation.
Example:
"VoIP Calls" or ‘VoIP Calls’ or """VoIP Calls"""
is matched by any string field with a value
"VoIP Calls" (case-insensitive, without quotes).
A single quote character can be expressed as '\' ', "'" or """'"""."O'Hare International" or 'O\'Hare
International'
Field-specific matching
An expression of the form:
field = expression
or
field <> expression
where expression is a basic match as defined above, is used for matching single fields, using the same
rules as the basic match, except restricted to a specified field.
Example:
CalledParty = #23#
is matched by events that contain a field CalledParty with the value equal to #23#.
Similarly, an expression of the form:
Field <> expression
matches the events that contain a field named Field, but are not matched by Field = expression.
Example:
CalledParty <> #23#
© 2023 Pico Quantitative Trading LLC. All rights reserved 700 .
is matched by events that contain a field CalledParty with the value not equal to #23#.
Other examples:
orderQty = 200
src_ip = 192.168.1.1
Field-specific regular expression matching
An expression of a form:
field ~ string
(where string is either a bare string literal or a quoted string or triple quoted string)
Matches whenever a value of field field matches the regular expression string.
A backslash in a triple quoted string is not treated as an escape character.
Example:
~ "NewOrder[SM]"
is matched by event type NewOrderSingle or NewOrderMultiple but not event type NewOrderList, field
name NewOrderCount or field value NewOrders.
Regular expression syntax is validated (for example, all groups are closed).
Numeric relational operators
<field><operator><number>
where
field is an integer or string field defined in the stream
operator is one of:
<
>
<=
>=
© 2023 Pico Quantitative Trading LLC. All rights reserved 701 .
<>
number may be decimal or integer.
The comparison cannot be used for fields that use latency units - in that case, the form involving numbers
with units should be used instead. The comparison is done using floating point numbers.
Example:
price > 200
is matched by events that have a defined field named price (string or integer) that contains a single
numeric value greater than 200.
Other examples:
orderQty > 200
orderQty < 200
orderQty >= 100
orderQty <= 300
price <=7.50
Numeric relational operators on latency values
<field><operator><number-unit>
where
field is an integer or string field,
operator is one of:
<
>
<=
>=
<>
© 2023 Pico Quantitative Trading LLC. All rights reserved 702 .
number-unit may be decimal or integer followed by s, ms, us, ns, with no spaces in between. The
comparison only applies to those fields that use latency units, and compares the nanosecond values.
Example
Latency > 200ms
is matched by events that have a field called Latency whose value, expressed as nanoseconds, is greater
than 200000000.
The following statistics are available as fields to be used with operators when searching Events:
Canonical Name Alias Type Definition
Any threshold violation (latency, loss or
Violation.Any Violation Boolean
conf-stat)
Statistic.Latency Latency numeric with unit Latency value
Latency threshold violation if event-
Violation.Latency LatencyViolation Boolean
threshold latency
Violation.Loss LossViolation boolean Loss if event-threshold loss
Statistic.Loss Loss boolean Loss (unconditionally)
Message sequence gap
Statistic.MsgSeqGap MsgSeqGap boolean
(unconditionally)
Message sequence gap (only when
Violation.MsgSeqGap MsgSeqGap boolean
event-threshold configured)
Count configurable statistic (no
ConfStat.<name> (count) <name> boolean
percentage)
numeric with or
ConfStat.<name> (total) <name> Total configurable statistic
without unit
ConfStat.<name> (min- numeric with or
<name> Min-mean-max configurable statistic
mean-max) without unit
Threshold violation for a specific
Violation.ConfStat.<name> Violation.<name> boolean
configurable statistic
Field.<name> <name> as defined Field value
The names are not case-sensitive.
In case of a name conflict, the canonical names (which are unique) are searched before the aliases, which
are searched in order of occurrence in the above table. For example, if a field named "Statistic.Loss" exists
in conflict with a built-in loss statistic, the built-in statistic takes precedence. The field needs to be
referenced by "Field.Statistic.Loss".
The following statistics are available as fields to be used with operators when searching Summaries:
© 2023 Pico Quantitative Trading LLC. All rights reserved 703 .
Canonical Name Alias Type Definition
Latency. Latency value (min, mean or
Statistic.Latency.{Min,Mean,Max} numeric with unit
{Min,Mean,Max} max)
Statistic.Loss.Count LossCount numeric Number of loss events
Statistic.Loss.Percentage LossPercentage numeric Percentage of loss events
Statistic.MsgCount MsgCount numeric Message count
Count configurable statistic
ConfStat.<name> (count) <name> numeric
(no percentage)
numeric with or
ConfStat.<name> (total) <name> Total configurable statistic
without unit
ConfStat.<name>.{min,mean,max} <name>.{min, numeric with or Min-mean-max configurable
(min-mean-max) mean, max} without unit statistic
Field.<name> <name> string Key field value
There are no violation related fields in the summary table, only the raw statistics.
FILTERING STREAMS EVENTS
Quick filter options enable you to focus on individual types of event within a stream. The information
displayed on the Streams screen can be filtered by selecting one of the following in the Data filter:
l Events – display all stream events
l Events in Violation – display only events that include a value that violates a defined threshold
l Summaries – display summary tables of results (if configured)
© 2023 Pico Quantitative Trading LLC. All rights reserved 704 .
By default the Streams window displays Summaries (if configured) in Live mode. If no Summaries are
defined, Events are displayed by default in Live mode.
Use Select All to do a bulk select or deselect of all defined events to display in the stream. To include or
omit events, click on the individual event and click Apply.
© 2023 Pico Quantitative Trading LLC. All rights reserved 705 .
© 2023 Pico Quantitative Trading LLC. All rights reserved 706 .
Configuring Corvil Streams
Corvil Stream configuration is done using the Corvil CLI and comprises:
l Defining the Analytics Stream Message Format
l Specifying the Sessions to Supply Measurements to the Stream
l Defining How Analytics Stream Event Fields Get Their Published Values
l Defining a Summary Table (Optional)
l Defining a Stream to Include All Message Fields for a Plugin (Optional) - (9.5.0 or later)
l Publishing the Analytics Stream
In the following Corvil configuration example, the stream is named Routing and the defined events are
named BGPNewRoutes and BGPWithdrawnRoutes.
Defining the Analytics Stream Message Format
For each event to be published in the stream, you define
l the fields of interest to publish. The field types defined here (for example string, unsigned-
integer, signed-integer) are intended to match the equivalent protocol field types that will
provide the values to the stream.
l Statistics (latency, loss, or message sequence-gap) and configurable statistics to report, with
(default) or without threshold and violation information
analytics-stream Routing
description BGP events
event BGPNewRoutes
string NetworkLayerReachabilityCount
string NewDestinationASName
string NewDestinationASNumber
event BGPWithdrawnRoutes
string WithdrawnRouteASName
string WithdrawnRouteASNumber
string WithdrawnRouteCount
For more information on conversion rules when mapping event and analytics plug-in field types, refer to
the topic "Streams Type Conversion" on page 738.
The mapping between the stream fields defined here and the protocol fields is defined later in the
configuration.
© 2023 Pico Quantitative Trading LLC. All rights reserved 707 .
The following describes the Corvil CLI commands used to define a Corvil Stream. For more information on
any of the commands, please refer to the CLI Command Reference.
[no] analytics-stream <event-stream-name>
Define an analytics stream name and enter the stream configuration context.
[no] description <text>
Define a description of the stream. The text defined here is displayed in the Corvil UI under the stream
name.
[no] event <event-name>
Define an event for the stream to publish and enter the stream event configuration context
[down | up] <event-name>
Re-order the events in a stream. Changing the order affects the schema generated by the stream. The
order of the events in the published stream follows the order of declaration in the configuration.
[no] <binary | signed-integer | string | unsigned-integer> <field-name>
Define a field to be included when publishing a stream.
[no] report-statistic <latency | loss | message-sequence-gap> [without
[threshold][violation]]
Add a field to the stream to report one of the available system-defined statistics that is calculated for a
decoded message, with or without threshold and threshold violation reporting.
[no] report-measure <configurable-statistic-name> [without [threshold]
[violation]]
Add a field to the stream to report one of the available user-defined configurable statistics that is
calculated for a decoded message, with or without threshold and threshold violation reporting.
down | up field < binary | string | unsigned-integer | signed-integer|report-
measure|report-statistic> <field-name>
Re-order the fields in an event. Changing the order affects the schema generated by the stream. The
order of the fields in the published stream follows the order of declaration in the configuration.
[no] message-url
Optionally add a URL to the stream that can be used to launch Event Inspection in the Corvil UI with the
relevant message highlighted. For more information, please refer to the section Constructing a Callback
URL from Analytics Stream Content.
© 2023 Pico Quantitative Trading LLC. All rights reserved 708 .
[no] include-full-message
[9.5.0 or later]
Define that all captured message fields for a specified analytics plugin should be included when publishing
to a stream
Specifying the Sessions to Supply Measurements to the Stream
You specify a previously-defined session that provide measurements to the stream:
include-session BGP with-id BGP
The following describes the Corvil CLI commands used to define a Corvil Stream. For more information on
any of the commands, please refer to the CLI Command Reference.
[no] include-session <name> [with-id <session-id>]
Use the include-session command to specify the message session(s) that provide measurements to
the stream.
[no] include-session-direction <name> forward | reverse [with-id <session-id>]
Use the include-session-direction command to only include a specified direction of a
bidirectional session in the stream.
NOTE: You can optionally specify a single direction of a session using the include-session-
direction command.
All included sessions must have always-on capture enabled. (trace-events always-on)
Defining How Analytics Stream Event Fields Get Their Published
Values
You define rules to identify the target protocol traffic and then map the previously-defined fields of interest
to decoded message fields.
The decoded message field values provide the values to the corresponding fields defined above for the
published stream.
© 2023 Pico Quantitative Trading LLC. All rights reserved 709 .
You can optionally apply default field mapping values for all fields in all events defined in the stream from
the field-defaults context. In this example, we have a look at defining both default field mappings
and defining the mapping in a mapping-rule.
field-defaults
set-decoded-field WithdrawnRouteASName message-protocol IPProtocols
bgp.virtWithdrawnRouteASName
set-decoded-field WithdrawnRouteASNumber message-protocol IPProtocols
bgp.virtWithdrawnRouteASNumber
set-decoded-field WithdrawnRouteCount message-protocol IPProtocols
bgp.virtWithdrawnRouteCount
The following describes the Corvil CLI commands used to define a Corvil Stream. For more information on
any of the commands, please refer to the CLI Command Reference.
[no] field-defaults
When defining an event for a stream, you can optionally specify default values to publish for event fields.
Enter the default field mapping context to set up these default values.
Alternatively, you can specify how event fields get their published values, or override the default settings
by defining a stream mapping rule.
[no] set-constant <stream-event-field> <literal-value>
Define a constant value to use as a default value for a specified event field in the field-defaults
context.
[no] set-decoded-field <stream-event-field> message-protocol <analytics-plugin-
name> <decoded-message-field> [regex <regular-expression>]
Define a default value to use for a specified event field based on the specified decoded message field in
the field-defaults context.
[no] set-field <stream-event-field> <session-id | port | correlated-id | corvil-
order-id | dst-ip-addr | dst-port | message-decoder | src-ip-addr | src-port
|vlan | vport | xlate-stage1-id | xlate-stage2-id>
Define a default value to use for a specified event field from the available fields in the field-defaults
context.
Having defined the format of the messages in the analytics stream, you identify and map the appropriate
sources that will provide the stream values by defining mapping rules. Defining a mapping rule involves:
l Specifying the message protocol
© 2023 Pico Quantitative Trading LLC. All rights reserved 710 .
l [Optional] Defining match rules to identify particular decoded traffic
l Specifying previously-defined events for inclusion in the published analytics stream
l [Optional] Defining match rules to filter event generation
l Mapping the previous user-defined event fields to sources of published values
l decoded protocol fields
l decoded message types
l constants
l network fields
NOTE: The order of mapping-rule precedence is important because if multiple mapping-rules match a
given message, only the first mapping-rule to match is applied. The order of mapping-rules can be
changed using the up and down commands.
Mapping rules are match-first. Multiple events can be generated from a single native message via multiple
generate-event commands.
mapping-rule WithdrawnRoutes
message-protocol IPProtocols
match class-map "BGP UPDATE (Withdrawn)"
generate-event BGPWithdrawnRoutes
mapping-rule UpdateRoutes
message-protocol IPProtocols
match class-map "BGP UPDATE"
generate-event BGPNewRoutes
set-decoded-field NetworkLayerReachabilityCount
bgp.virtNetworkLayerReachabilityCount
set-decoded-field NewDestinationASName bgp.virtDestinationASName
set-decoded-field NewDestinationASNumber bgp.virtDestinationASNumber
The following describes the Corvil CLI commands used to define a Corvil Stream. For more information on
any of the commands, please refer to the CLI Command Reference.
[no] mapping-rule <mapping-rule-name>
Having defined the format of the messages in the stream, identify and map the appropriate sources that
provide the stream values by defining named mapping rules and entering the mapping-rule context.
[down | up] <mapping-rule-name>
Re-order the mapping rules in a stream. The order of mapping-rule precedence is important because if
multiple mapping-rules match a given message, only the first mapping-rule to match is applied.
© 2023 Pico Quantitative Trading LLC. All rights reserved 711 .
[no] message-protocol <analytics-plugin-name>
Specify the analytics plugin to which the incoming decoded messages must belong to match this
mapping-rule.
match [not] message-type <message-type>
Matches traffic with messages of the specified type.
>match [not] message-field <message-field> [= <value> | regex <regular-
expression>]
Matches traffic based on a message field. If neither an exact value nor a regular expression is provided,
the presence of the field is enough to make a match. If the specified field is not present in the message, a
match cannot be made.
match [not] class-map <class-map>
Matches traffic from the specified class-map. Must be specified on its own, that is, no other match rules
are allowed. The class-map and mapping-rule must be using the same message-protocol.
match [not] message-direction client-to-server | server-to-client
Matches traffic based on specified flow direction. Certain analytics plug-ins expose a special system field
indicating flow direction for each analyzed packet.
match [not] watchlist {<name>| any } [metadata-field <field> {= | regex}
<expression>] [ first-message-in-flow]
Matches traffic based on a specified watchlist or a metadata field match within the watchlist information.
The set-field command supports the sources 'watchlist-name' and 'watchlist metadata-field'.
[no] generate-event <event-name>
Specify the name of a previously-defined event to include in the published stream, and enter the generate-
event contents to start the process of mapping user-defined event fields to analytics plugin fields. Further
content configuration may not be required if the event contains the option include-full-message
only.
matching-class-map <class-map-name>
Optionally specify a previously configured message class-map that must be matched before event
generation occurs.
[no] permit-session-id <session-id>
© 2023 Pico Quantitative Trading LLC. All rights reserved 712 .
Restrict the generation of events to messages coming from a specific session. Specify the unique session
identifier. This may be either the session name or the session ID defined using the with-id parameter.
There must be a session with the specified session-id defined in the analytics stream.
[no] set-constant <stream-event-field> <literal-value>
Define a constant value to use as a default value for a specified event field in the generate-event context.
[no] set-decoded-field <stream-event-field> <decoded-message-field>
Define a default value to use for a specified event field based on the specified decoded message field in
the generate-event context.
[no] set-field <stream-event-field> < session-id | port | correlated-id | corvil-
order-id | dst-ip-addr | dst-port | message-decoder | src-ip-addr | src-port |
vlan | vport | watchlist | watchlist-name | xlate-stage1-id | xlate-stage2-id>
Define a default value to use for a specified event field from the available fields in the generate-event
context.
Defining a Summary Table (Optional)
Corvil Streams map wire messages to normalized business events. Analytics streams can also be
configured to publish periodic summary tables for aggregations of events. For example, per-symbol, per-
second counts of trades and total traded value from market data, or per-handset, per-second summary of
call quality. To add a summary table to the event stream, use the summary-table command.
Configuring a summary table involves:
l Defining an aggregation period for the table results with the period command
l Defining the maximum number of rows in a table with the row-limit command
l Specifying the previously-defined stream event on which the table is based with the source-
event command (mapping from event stream events to the table keys and values)
l Specifying the summary table columns for which results are aggregated with the key-field
command (with multiple key support) based on previously-defined stream event fields.
l Specifying the measurements to include as summary table columns with the report-stat-
istic and report-measure commands
Key fields are used to separate the summary table rows. For example, defining a key-field based on the
VoIP SSRC field means that the summary table rows of aggregated results will be split out on a per-SSRC
basis. Statistics are aggregated for all the events reported on a single row. There is always an event count
value column that counts the number of separate stream events that were aggregated into the table row.
© 2023 Pico Quantitative Trading LLC. All rights reserved 713 .
One summary table can be provided per event stream.
In the following example, a summary table is defined for a VoIP stream.
summary-table MOS
source-event RTCP_ExtendedReport
key-field SSRC
key-field SSRC_Source
report-measure min-mean-max "MOS-CQ x10" min
report-measure min-mean-max "MOS-CQ x10" mean
report-measure min-mean-max "MOS-CQ x10" max
report-measure min-mean-max "MOS-LQ x10" min
report-measure min-mean-max "MOS-LQ x10" mean
report-measure min-mean-max "MOS-LQ x10" max
report-measure min-mean-max RTCP-RoundTripTime max
report-measure min-mean-max SignalToNoise min
report-measure min-mean-max SignalToNoise mean
report-measure min-mean-max SignalToNoise max
report-measure total RTP-LostPackets
report-measure total RTP-Packets
The following describes the Corvil CLI commands used to define a Corvil Stream. For more information on
any of the commands, please refer to the CLI Command Reference.
[no] summary-table <summary-table-name>
The analytics stream maps wire messages to normalized business events. Analytics streams can also be
configured to publish periodic summary tables for aggregations of events. For example, per-symbol, per-
second counts of trades and total traded value from market data, or per-handset, per-second summary of
call quality.
period seconds <aggregation-period>
Optionally define the aggregation period for a summary table.
row-limit <max-number-of-rows>
Optionally specify the maximum number of unique entries in the summary table.
source-event<stream-event>
Specify a previously-defined stream event to provide data for a summary table
© 2023 Pico Quantitative Trading LLC. All rights reserved 714 .
key-field <field-name>
no key-field <field-name> | *
Specify the previously-defined stream event fields that provide summary table column values.
down | up key-field <field-name>
Re-order the key fields in a summary table. Changing the order affects the schema generated by the
stream. The order of the key fields (summary table columns) in the published stream follows the order of
declaration in the configuration.
[no] report-statistic <latency <min | mean | max> | loss | loss-percent>
Add a field to the stream to report one of the available system-defined statistics that is calculated for a
decoded message.
[no] report-measure count <configurable-statistic-name>
[no] report-measure total <configurable-statistic-name>
[no] report-measure min-mean-max <configurable-statistic-
name><count|min|mean|max>
Add a field to the stream to report one of the available user-defined configurable statistics that is
calculated for a decoded message.
NOTE: When summaries are displayed in the Streams screen in live view, a fixed summarization
period of one second is used, and empty summaries are not shown. This can result in the displayed
timestamps not conforming to a regular time period.
By comparison, summaries returned in real time by the getLiveAnalyticsStreamData API
request use the summarisation period configured in the CLI. For example, you can specify summaries
every 30 seconds, so all events within each 30 second period are summarised in a single summary
table.
© 2023 Pico Quantitative Trading LLC. All rights reserved 715 .
Defining a Stream to Include All Message Fields for a Plugin
(Optional)
[9.5.0 or later]
You may wish to stream all captured message fields contained in an analytics plugin. To add this option to
the event stream, use the include-full-message command.
Configuring a stream to include all captured message fields involves:
l Defining an event with the option include-full-message
l Defining a mapping-rule with the relevant message-protocol
l Starting the process of automatically generating the plugin message fields using generate-
event
NOTE: Review the custom application definition for the plugin to ensure that all required fields are
captured. Create a new custom application or add new fields via the capture-field or capture-
field-pattern commands if required.
[no] include-full-message
Define that all captured message fields for a specified analytics plugin should be included when publishing
to a stream.
[no] mapping-rule <mapping-rule-name>
Having defined that all messages for a plugin should be included in the stream, identify the appropriate
sources (that is, the analytics plugins) that provide the stream values by defining named mapping rules
and entering the mapping-rule context. If you want to include all messages for a number of plugins, you
need to define a unique mapping rule for each one.
[no] message-protocol <analytics-plugin-name>
Specify the analytics plugin to which the incoming decoded messages must belong for this mapping-rule.
[no] generate-event <event-name>
Specify the name of the previously-defined event that contains the option include-full-message to
include in the published stream. No further content configuration is required for this case.
© 2023 Pico Quantitative Trading LLC. All rights reserved 716 .
For example
host(config-analytics-stream)$ event AllFIX
host(config-analytics-stream-event)$ include-full-message
host(config-analytics-stream)$ mapping-rule fixonly
host(config-analytics-stream-mapping-rule)$ message-protocol FIX
host(config-analytics-stream-mapping-rule)$ generate-event AllFIX
Publishing the Analytics Stream
When the stream is fully defined, you publish the defined event stream using the publishing command:
publishing
[no] publishing
Enable or disable stream publishing. By default, new analytics streams are disabled and until the
publishing command is issued, they do not publish any events. Disabled analytics streams report to any
connected clients that the stream is stopped. When the analytics stream is enabled a number of checks
are performed to assure that configuration is valid.
If the no publishing command is issued when there are clients connected, a warning is displayed.
The stream must be disabled to delete a stream or modify
l the stream's configured events
l message to event mapping
l message protocols
The included sessions in the stream can be added and removed while the stream is publishing.
When stream publishing is enabled the stream is ready to accept client connections.
NOTE: When first published, streams that contain events with PNQM latency or loss statistics will
display a lag before stream messages are delivered. This lag corresponds to the PNQM correlation
delay. Streams with no PNQM latency and loss statistics are delivered without the correlation lag.
© 2023 Pico Quantitative Trading LLC. All rights reserved 717 .
Checking Analytics Stream Status
To check the status of an analytics stream, use the show analytics-stream command. In the
following example, the analytics stream named TradeReportStream is checked:
host(config)$ show analytics-stream
analytics-stream TradeReportStream
event TradeUpdate
string session
string symbol
signed-integer quantity
unsigned-integer price
string currency
report-statistic latency
string client_src_ip
include-session FIX-RTT with-id 6
mapping-rule fixMap
message-protocol FIX
match class-map FIX-Fills
generate-event TradeUpdate
set-decoded-field session VirtSessionID
set-decoded-field symbol Symbol
set-decoded-field quantity LastQty
set-field client_src_ip src-ip-addr
set-decoded-field currency Currency
mapping-rule ouchMap
message-protocol NASDAQ-OUCH-4
match class-map NASDAQ-Fills
generate-event TradeUpdate
set-decoded-field session VirtSessionId
set-decoded-field symbol Stock
set-decoded-field quantity "Executed shares"
set-field client_src_ip src-ip-addr
set-constant currency "USD"
publishing
! use "show analytics-stream TradeReportStream schema" to view the proto
schema
Uptime: 1 minute, 36 seconds
Clients connected: 2
Client Id Client IP address Events sent Events dropped
--------------------------------------------------------------------------
4 192.168.1.225 5.3k 11k
5 192.168.1.225 231 0
show analytics-stream <stream-name>
The show analytics-stream command output
© 2023 Pico Quantitative Trading LLC. All rights reserved 718 .
l lists the analytics stream configuration
l displays how long the stream has been publishing
l indicates the number of clients connected to the analytics stream
l indicates for each client the IP address, the number of messages sent and any messages
dropped in the case where the client cannot keep up with the stream output
To check the uptime and connected clients only, use show analytics-stream <stream-name>
status
If the current configuration is no longer valid for any of the streams, for example due to a change of the
installed analytics plugins, the affected stream will not work as expected.
Possible configuration problems may be:
l The stream references an analytics plug-in no longer present on the system.
l The stream has references to one or more fields no longer present in the analytics plug-in.
l The stream has references to one or more mappings between incompatible field types.
Affected streams are switched to the non-publishing state and any client trying to connect to them is
rejected with an appropriate message. This behavior continues until the problems are fixed.
Disconnecting a Client from an Analytics Stream
To disconnect a client from an analytics stream, use the disconnect command:
disconnect <client-id | * >
Disconnect a client from an analytics stream by specifying the unique client ID displayed in the show
analytics-stream command output.
Use disconnect * to disconnect all clients.
Event Field Sources
In addition to native message fields (binary, int64, uint64, ascii), event fields can be populated from the
following sources:
l Session identifier
© 2023 Pico Quantitative Trading LLC. All rights reserved 719 .
l Constant values
l Timestamp
l Event ID
l Network fields (IP addresses, TCP/UDP ports, vlan, CNE port, vport)
l Analytics plug-in name
l Message type name (as defined by analytics plug-in)
Also the following per-session sources are supported (each session can have different values for the
same message):
l PNQM delay, loss (no incoming loss)
l Message sequence gap (gap size)
l Configurable statistics (specified by name)
l Violations (boolean)
l Thresholds (numeric) from the service objective
l Fields required for Message URL
Events are generated by the following triggers:
l Messages on any of the attached sessions can generate events according to the configured
filtering and mapping
l Periodic heartbeat events
l Drop events
EXAMPLE CORVIL STREAM CONFIGURATIONS
The following example Corvil Stream configuration is named Network and generates DNS and DHCP
events based on the installed DNS and IPProtocols analytics plugins. The defined stream events are
named
l DHCPinform
l DHCPrequest
l DHCPresponse
l DNSquery
l DNSresponse
© 2023 Pico Quantitative Trading LLC. All rights reserved 720 .
For each event to be published in the stream, you define
l the fields of interest to publish. The field types defined here (for example string, unsigned-
integer, signed-integer) are intended to match the equivalent protocol field types that will
provide the values to the stream. In 9.5.0 or later releases, if all captured fields for a plugin are
to be published, specify this with the option include-full-message
l Statistics (latency, loss, or message sequence-gap) and configurable statistics to report, with
(default) or without threshold and violation information
analytics-stream Network
description DNS,DHCP
event DHCPinform
string src_ip
string src_port
string dst_ip
string dst_port
string hostname
string ciaddr
string client_id
event DHCPrequest
string src_ip
string src_port
string dst_ip
string dst_port
string hostname
string ciaddr
string client_id
report-statistic latency
event DHCPresponse
string src_ip
string src_port
string dst_ip
string dst_port
string hostname
string ciaddr
string client_id
event DNSquery
string src_ip
string src_port
string dst_ip
string dst_port
report-statistic latency
string question_name
string question_type
event DNSresponse
string src_ip
string src_port
string dst_ip
string dst_port
string answer_name
© 2023 Pico Quantitative Trading LLC. All rights reserved 721 .
string answer_type
NOTE: For more information on conversion rules when mapping event and analytics plug-in field
types, refer to the section "Streams Type Conversion" on page 738.
The mapping between the stream fields defined here and the protocol fields is defined later in the
configuration.
Next, we specify the previously-defined sessions that provide measurements to the stream:
include-session DHCP
include-session DNS
NOTE: You can optionally specify a single direction of a session using the include-direction
command.
All included sessions must have always-on capture enabled. (trace-events always-on)
The next part of the configuration determines how the published stream event fields get their values. The
values come from decoded plugin message fields, so the stream configuration defines a mapping
between decoded plugin message fields and the corresponding stream event fields defined earlier.
This example uses the field-defaults context to apply default field mapping values for all fields in all
events defined in the stream. You also have the option of defining the stream event field to decoded plugin
field mapping within a mapping rule. Then, the configuration defines mapping rules that generate stream
events when specific decoded plugin messages are detected.
field-defaults
set-field dst_ip dst-ip-addr
set-field dst_port dst-port
set-field src_ip src-ip-addr
set-field src_port src-port
set-decoded-field answer_name message-protocol DNS answer.Name
set-decoded-field answer_type message-protocol DNS answer.Type
set-decoded-field ciaddr message-protocol IPProtocols dhcp.ciaddr
set-decoded-field client_id message-protocol IPProtocols dchp.client_
identifier
set-decoded-field hostname message-protocol IPProtocols dhcp.hostname
set-decoded-field question_name message-protocol DNS question.Name
set-decoded-field question_type message-protocol DNS question.Type
mapping-rule DHCPinform
© 2023 Pico Quantitative Trading LLC. All rights reserved 722 .
message-protocol IPProtocols
match message-type "DHCP Inform"
generate-event DHCPinform
mapping-rule DHCPrequest
message-protocol IPProtocols
match message-type "DHCP Request"
generate-event DHCPrequest
mapping-rule DHCPresponse
message-protocol IPProtocols
match message-type "DHCP Ack"
generate-event DHCPresponse
mapping-rule DNSquery
message-protocol DNS
match message-type "DNS Query"
generate-event DNSquery
mapping-rule DNSresponse
message-protocol DNS
match message-type "DNS Response"
generate-event DNSresponse
Mapping rules are match-first. Multiple events can be generated from a single decoded plugin message
via multiple generate-event commands.
When fully defined, you publish the defined event stream using the publishing command:
publishing
The following example Corvil Stream configuration is named VoIP and generates VoIP-related events
based on the installed VoIP analytics plugin and including previously-defined VoIP-related configurable
statistics.
This example configuration also includes a summary table. The stream maps wire messages to
normalized business events, and events can be summarized to produce aggregated results, for example,
a per-call report of VoIP statistics.
analytics-stream VoIP
description SIP,H.323,RTP
event CallComplete
message-url
string SSRC
string Status
binary CallId
string Message
string LogicalChannelNumber
string src_ip
string src_port
© 2023 Pico Quantitative Trading LLC. All rights reserved 723 .
string dst_ip
string dst_port
event CallSetup
message-url
string SSRC
string CalledParty
string CallingParty
string Message
binary CallId
string LogicalChannelNumber
string src_ip
string src_port
string dst_ip
string dst_port
event LowQualityCall
message-url
string SSRC
string Status
binary CallId
string Message
string LogicalChannelNumber
string src_ip
string src_port
string dst_ip
string dst_port
event RTCP_ExtendedReport
message-url
string SSRC
report-measure "MOS-CQ x10"
report-measure "MOS-LQ x10"
report-measure RTP-LostPackets
report-measure RTP-Packets
report-measure SignalToNoise
string SSRC_Source
report-measure RTCP-RoundTripTime
string src_ip
string src_port
string dst_ip
string dst_port
event RTCP_SourceDescription
message-url
string SSRC
string CNAME
string src_ip
string src_port
string dst_ip
string dst_port
event RTP
message-url
string SSRC
report-measure RTP-Jitter
report-measure "RTP-MOS x100"
string src_ip
© 2023 Pico Quantitative Trading LLC. All rights reserved 724 .
string src_port
string dst_ip
string dst_port
include-session VoIP-All with-id VoIP-All
field-defaults
set-field dst_ip dst-ip-addr
set-field dst_port dst-port
set-field src_ip src-ip-addr
set-field src_port src-port
set-decoded-field CNAME message-protocol VoIP "RTCP SDES Value"
set-decoded-field CallId message-protocol VoIP VirtCallId
set-decoded-field CalledParty message-protocol VoIP "H225
destinationInfo.dialledDigits"
set-decoded-field CallingParty message-protocol VoIP "H225
srcInfo.dialledDigits"
set-decoded-field SSRC message-protocol VoIP "RTCP SSRC Of Sender"
set-decoded-field SSRC_Source message-protocol VoIP "RTCP SSRC Of Source"
mapping-rule RTP
message-protocol VoIP
match class-map VoIP-RTP-msgs
generate-event RTP
set-decoded-field SSRC "RTP SSRC"
mapping-rule RTCP
message-protocol VoIP
match class-map VoIP-RTCP-XR-MOS
generate-event RTCP_ExtendedReport
mapping-rule RTCP_SourceDescription
message-protocol VoIP
match class-map VoIP-RTCP-SourceDescription
generate-event RTCP_SourceDescription
set-decoded-field SSRC "RTCP SSRC"
mapping-rule RTCP_SenderReport
message-protocol VoIP
match class-map VoIP-RTCP-SenderReport
generate-event RTCP_ExtendedReport
set-decoded-field SSRC_Source "RTCP SSRC"
mapping-rule H225-Admission
message-protocol VoIP
match class-map VoIP-H225-Admission
generate-event CallSetup
set-field Message message-type
mapping-rule H225-Disengage
message-protocol VoIP
match class-map VoIP-H225-Disengage
generate-event CallComplete
set-constant Status NormalDrop
set-field Message message-type
mapping-rule H225-Setup
message-protocol VoIP
match class-map VoIP-H225-Setup
generate-event CallSetup
set-decoded-field CalledParty "Q931 Called Party Number"
set-decoded-field CallingParty "Q931 Calling Party Number"
© 2023 Pico Quantitative Trading LLC. All rights reserved 725 .
set-field Message message-type
set-decoded-field CallId "H225 CallIdentifier.guid"
mapping-rule H225-Proceeding
message-protocol VoIP
match class-map VoIP-H225-CallProceeding
generate-event CallSetup
set-field Message message-type
set-decoded-field CallId "H225 CallIdentifier.guid"
mapping-rule H225-Alerting
message-protocol VoIP
match class-map VoIP-H225-Alerting
generate-event CallSetup
set-field Message message-type
set-decoded-field CallId "H225 CallIdentifier.guid"
mapping-rule H225-Connect
message-protocol VoIP
match class-map VoIP-H225-Connect
generate-event CallSetup
set-field Message message-type
set-decoded-field CallId "H225 CallIdentifier.guid"
mapping-rule H225-ReleaseComplete
message-protocol VoIP
match class-map VoIP-H225-ReleaseComplete
generate-event CallComplete
set-decoded-field CallId "H225 CallIdentifier.guid"
set-field Message message-type
mapping-rule H245-Negotiation
message-protocol VoIP
match class-map VoIP-H245-SessionNegotiation
generate-event CallSetup
set-field Message message-type
set-decoded-field LogicalChannelNumber "H245
OpenLogicalChannel.forwardLogicalChannelNumber"
mapping-rule H245-CloseLogicalChannel
message-protocol VoIP
match class-map VoIP-H245-CloseLogicalChannel
generate-event CallComplete
set-field Message message-type
set-decoded-field LogicalChannelNumber "H245
CloseLogicalChannel.forwardLogicalChannelNumber"
mapping-rule H245-CloseLogicalChannelAck
message-protocol VoIP
match class-map VoIP-H245-CloseLogicalChannelAck
generate-event CallComplete
set-field Message message-type
set-decoded-field LogicalChannelNumber "H245
CloseLogicalChannelAck.forwardLogicalChannelNumber"
mapping-rule LowQualityCall
message-protocol VoIP
match class-map VoIP-RTCP-XR-MOS-Low
generate-event LowQualityCall
© 2023 Pico Quantitative Trading LLC. All rights reserved 726 .
A summary table is defined using the summary-table command.
Configuring a summary table involves:
l Specifying the previously-defined stream event on which the table is based with the source-
event command (mapping from event stream events to the table keys and values)
l Specifying the summary table columns for which results are aggregated with the key-field
command (with multiple key support) based on previously-defined stream event fields.
l Specifying the measurements to include as summary table columns with the report-stat-
istic and report-measure commands
Key fields are used to separate the summary table rows. For example, defining a key-field based on the
VoIP SSRC field means that the summary table rows of aggregated results will be split out on a per-call
basis. Statistics are aggregated for all the events reported on a single row. There is always an event count
value column that counts the number of separate stream events that were aggregated into the table row.
summary-table MOS
source-event RTCP_ExtendedReport
key-field SSRC
key-field SSRC_Source
report-measure min-mean-max "MOS-CQ x10" min
report-measure min-mean-max "MOS-CQ x10" mean
report-measure min-mean-max "MOS-CQ x10" max
report-measure min-mean-max "MOS-LQ x10" min
report-measure min-mean-max "MOS-LQ x10" mean
report-measure min-mean-max "MOS-LQ x10" max
report-measure min-mean-max RTCP-RoundTripTime max
report-measure min-mean-max SignalToNoise min
report-measure min-mean-max SignalToNoise mean
report-measure min-mean-max SignalToNoise max
report-measure total RTP-LostPackets
report-measure total RTP-Packets
In the 9.5.0 configuration example below, all fields decoded by the FIX and BATS-BinaryOrderEntry
analytics plugins and configured to be captured in the defined custom applications, are defined for the
analytics stream to publish. An additional field containing the client order id will be published with the field
name 'order_id':
host(config-analytics-stream)$ event orders
host(config-analytics-stream-event)$ include-full-message
host(config-analytics-stream-event)$ string order_id
host(config-analytics-stream)$ mapping-rule fixonly
host(config-analytics-stream-mapping-rule)$ message-protocol FIX
© 2023 Pico Quantitative Trading LLC. All rights reserved 727 .
host(config-analytics-stream-mapping-rule)$ generate-event orders
host(config-analytics-stream-mapping-rule-generate-event)$ set-decoded-field
order_id ClOrdID
host(config-analytics-stream)$ mapping-rule batsonly
host(config-analytics-stream-mapping-rule)$ message-protocol BATS-
BinaryOrderEntry
host(config-analytics-stream-mapping-rule)$ generate-event orders
host(config-analytics-stream-mapping-rule-generate-event)$ set-decoded-field
order_id ClOrdID
host(config)$ custom-application match-any FIX
host(config-custom-app)$ capture-field-pattern *
host(config)$
host(config)$ custom-application match-any BATS-BinaryOrderEntry
host(config-custom-app)$ capture-field ClOrdID indexed
host(config-custom-app)$ capture-field "Ord ID" indexed
host(config-custom-app)$ capture-field Price
host(config-custom-app)$ capture-field VirtOrderComplete
© 2023 Pico Quantitative Trading LLC. All rights reserved 728 .
Connecting to an Analytics Stream -
Example
Corvil provides C++ and Java sample streaming clients, available on the Corvil Customer Center, that
enable you to connect to a specified stream and print the content of the events to stdout.
NOTE: Due to the nature of the SOAP MTOM technology, most clients and libraries are not optimized
to provide low latency streams of the attachments, introducing delays due to buffering. The provided
sample clients perform the request and provides the event stream, raw or decoded, on the stdout with
minimal delay.
UNIQUE EVENT IDS
Every event transmitted on the analytics stream, including heartbeats, has a 64-bit identifier that uniquely
identifies the event within that specific stream. These event IDs always increase from event to event, so
they can be used to request a range of missed data via historical retrieval requests.
The event IDs are approximately based on UTC time in nanoseconds, with adjustments to ensure
uniqueness.
STREAM DROPS
If a connected client cannot keep up with the rate of the detected events, the events are dropped, and
when the client is read again a message is sent immediately informing of the dropped events.
The drop message includes
l the timestamp and eventID of the first and last dropped events
l a count of dropped events
l a count of the number of packets within buffers that were written to disk without being pro-
cessed in the stream
© 2023 Pico Quantitative Trading LLC. All rights reserved 729 .
The show analytics-stream <stream-name> status command also displays a warning if high
packet rates cause packets to be discarded from the stream:
host(config)$ show analytics-stream Routing status
Uptime: 18 minutes, 32 seconds
Clients connected: 4 (events processed: 103050000)
WARNING: 260947112 packets were written into disk without being processed in
the stream due to high packet rates
** last packets discarded 2 seconds ago **
DISPLAYING THE ANALYTICS STREAM SCHEMA
The analytics stream data is encoded using the Google protocol buffer format. The structure of a protocol
buffer message is defined in a .proto file.
When putting together a client for a Corvil analytics stream, you obtain the protocol definition file and
compile it.
NOTE: The supplied sample client allows the decoding of any analytics stream without recompilation.
This is done using the dynamic schema support available in the protocol buffer library.
After checking the connection to the analytics stream works, you can obtain the protocol definition file
using the CLI command show analytics-stream <stream-name> schema, and copy and
save the result into a .proto file.
Alternatively, use
ssh admin@<cne-name | ip-address> retrieve analytics-stream-schema <stream-name>
In the following example, the output of the show analytics-stream <stream-name> schema
command for the example stream named TradeReportStream could be copied and pasted into a .proto
file named TradeReportStream.proto:
host(config)$ show analytics-stream TradeReportStream schema
syntax = "proto2";
package corvil;
message EventHeader {
required uint64 timestamp = 1;
© 2023 Pico Quantitative Trading LLC. All rights reserved 730 .
required uint64 eventID = 2;
required string eventName = 3;
optional string sessionID = 4;
optional bool sessionDir = 5;
optional string classID = 6;
optional uint64 packetID = 7;
optional uint64 messageOffset = 8;
optional uint64 lastConfigChange = 9;
optional uint64 captureAvailability = 10;
optional bool warnPortDrop = 20;
optional bool warnCaptureDrop = 21;
optional bool warnDecodeFailure = 22;
optional bool warnPNQMSignatureDrop = 23;
optional bool warnPNQMMissedSignature = 24;
optional bool warnPNQMHashCollision = 25;
optional bool warnPNQMUnavilable = 26;
optional bool warnClockSyncUnavailable = 27;
optional bool warnCSMInvalidSample = 28;
optional bool warnCSMOverflow = 29;
optional bool warnDuplicatePacket = 30;
optional bool warnMsgTCPReassembly = 31;
optional bool warnEventInvalidSample = 32;
optional bool warnConfigChange = 33;
optional bool warnIncompleteHistory = 34;
}
message FeedDrop {
required uint64 firstDroppedTimestamp = 1;
required uint64 firstDroppedEventId = 2;
required uint64 lastDroppedtimestamp = 3;
required uint64 lastDroppedEventId = 4;
required uint64 droppedEventCount = 5;
required uint64 unprocessedPackets = 6;
}
message TradeUpdate {
optional string session = 1;
optional string symbol = 2;
optional sint64 quantity = 3;
optional uint64 price = 4;
optional string currency = 5;
optional string client_src_ip = 6;
optional sint64 statistic_LatencyValue_ns = 7;
optional sint64 statistic_LatencyThreshold_ns = 8;
optional bool statistic_LatencyViolation = 9;
optional bool statistic_measure_CancelsValue = 10;
optional bool statistic_measure_CancelsThreshold = 11;
optional bool statistic_measure_CancelsViolation = 12;
}
message MinMeanMaxSigned {
optional sint64 min = 1;
optional sint64 mean = 2;
optional sint64 max = 3;
optional uint64 count = 4;
© 2023 Pico Quantitative Trading LLC. All rights reserved 731 .
}
message SummaryTableRow {
optional uint64 rowNumber = 1;
optional uint64 msgCount = 2;
optional string symbol = 3;
optional string session = 4;
optional string price = 5;
optional .corvil.MinMeanMaxSigned statistic_Latency = 6;
optional uint64 statistic_measure_Cancels = 7;
}
message Event {
optional .corvil.EventHeader header = 1;
optional .corvil.FeedDrop drop = 2;
optional .corvil.TradeUpdate TradeUpdate = 32;
repeated .corvil.SummaryTableRow summaryTableRow = 33;
optional .corvil.SummaryTableRow summaryTableOverflowRow = 34;
}
host(config)$
Field Naming
In the feed schema reported statistic names are prefixed by "statistic" and suffixed by "Value", "Threshold"
or "Violation" depending on the type of the field.
The latency statistic also includes the suffix "_ns" to the value and threshold, allowing the client to
understand the unit used.
Reported configurable statistic names are prefixed by "statistic_measure_" and suffixed by "Value",
"Threshold" or "Violation" depending on the type of the field.
For example:
message TradeUpdate {
optional string session = 1;
optional string symbol = 2;
optional sint64 quantity = 3;
optional uint64 price = 4;
optional string currency = 5;
optional string client_src_ip = 6;
optional sint64 statistic_LatencyValue_ns = 7;
optional sint64 statistic_LatencyThreshold_ns = 8;
optional bool statistic_LatencyViolation = 9;
optional bool statistic_measure_CancelsValue = 10;
optional bool statistic_measure_CancelsThreshold = 11;
optional bool statistic_measure_CancelsViolation = 12;
}
© 2023 Pico Quantitative Trading LLC. All rights reserved 732 .
Any invalid character used in configurable statistic names are replaced by an underscore ( _ ). As the
name of a field has to be unique within an event, any attempt to add more than one field producing the
same field name is disallowed.
NOTE: The field naming for automatically generated fields is described in the next section.
Streams configured to include full message
[9.5.0 or later]
If an analytics stream is defined with the option include-full-message, the stream schema depends
on the fields provided by the plugins referenced in the stream definition.
For example, for the stream 'ntp' defined here, where all captured message fields should be included
host(config)$ analytics-stream ntp
host(config-analytics-stream)$ event ntp
host(config-analytics-stream-event)$ include-full-message
host(config-analytics-stream)$ mapping-rule ntp
host(config-analytics-stream-mapping-rule)$ message-protocol NTP
host(config-analytics-stream-mapping-rule)$ generate-event ntp
the schema will contain the message 'FullMessage' containing all fields supported by the current NTP
plugin.
message FullMessage {
message D_NTP {
optional uint64 f_Virt_5FOrigin_5FUTC_5Fns = 1;
optional uint64 f_Virt_5FReceive_5FUTC_5Fns = 2;
optional uint64 f_Virt_5FReference_5FUTC_5Fns = 3;
optional uint64 f_Virt_5FTransmit_5FUTC_5Fns = 4;
optional string f_destination_20timestamp = 5;
optional uint64 f_field_20length = 6;
optional string f_field_20length_3Arepeating = 7;
optional uint64 f_field_20type = 8;
optional string f_field_20type_3Arepeating = 9;
optional bytes f_field_20value = 10;
optional string f_field_20value_3Arepeating = 11;
optional uint64 f_key_2Falgorithm_20id = 12;
optional uint64 f_leap = 13;
optional bytes f_message_20digest = 14;
© 2023 Pico Quantitative Trading LLC. All rights reserved 733 .
optional uint64 f_mode = 15;
optional string f_origin_20timestamp = 16;
optional uint64 f_poll_20exponent = 17;
optional uint64 f_precision_20exponent = 18;
optional string f_receive_20timestamp = 19;
optional string f_reference_20ID = 20;
optional string f_reference_20timestamp = 21;
optional uint64 f_root_20delay = 22;
optional uint64 f_root_20dispersion = 23;
optional uint64 f_stratum = 24;
optional uint64 f_sub_20option_20id = 25;
optional string f_transmit_20timestamp = 26;
optional uint64 f_version = 27;
}
optional string messageType = 1;
optional .corvil.FullMessage.D_NTP d_NTP = 32;
}
message ntp {
}
message Event {
optional .corvil.EventHeader header = 1;
optional .corvil.FeedDrop drop = 2;
optional .corvil.FullMessage fullMessage = 3;
optional .corvil.ntp ntp = 32;
}
NOTE: The schema has an additional event field called “messageType” containing the message type
of each field in the string format.
The list of supported fields is always retrieved from currently installed plugins, therefore, if the time period
for which you are retrieving streams results includes historical data captured using a different version of
the plugin, the following should be noted:
- Removed or renamed fields will not be included in the stream events
- Fields with changed type will not be included in the stream events
Fields with unchanged names and types will be not affected.
FIELD NAMING FOR INCLUDE FULL MESSAGE
When the option include-full-message is configured, the field names for the automatically
generated fields are prefixed by "f_" and characters other than alphanumeric characters are replaced by
an underscore escape character ( _ ) followed by the representative ASCII hex digit.
For example:
© 2023 Pico Quantitative Trading LLC. All rights reserved 734 .
Decoder field name: Sequence Number
Event field name: f_Sequence_20Number
Decoder field name: BidShortPrice (unscaled):repeating
Event field name: f_BidShortPrice_20_28unscaled_29_3Arepeating
Constructing a Callback URL from Analytics Stream Content
When you specify that you want to get a callback URL in one or more events in the published analytics
stream using the message-url command, you need to construct a URL from the resulting analytics
stream message header content. URL redirection is available to the following Corvil UI screens:
l Analytics Streams
l Event inspection
ANALYTICS STREAMS
The following URL redirects to the analytics stream UI:
http[s]://<cne-name>/ui#/streams?stream=<stream-name>&events=<event-id>&
reportingPeriodName=<periodname>&query=<anyquery>
or
http[s]://<cne-name>/ui#/streams?stream=<stream-name>&events=<event-id>&
from=<timestamp>&to=<timestamp>&query=<anyquery>
For example:
https://192.168.1.47/ui#/streams?stream=ASX-ITCH&reportingPeriodName=
Last%201%20Hour&events=ASXITCH_AddOrdernoParticipantID&events=ASXITCH_
AddOrderwithParticipantID
The following table describes the components required to construct the URL:
URL
URL Parameter Description
Component
cne-name
Specifies the host name of the CNE being used to connect to
the analytics stream.
stream stream-name Specifies the name of the analytics stream.
© 2023 Pico Quantitative Trading LLC. All rights reserved 735 .
URL
URL Parameter Description
Component
events event-id Specifies the name of the event(s) of interest.
from/to timestamp
Specifies the nanosecond UTC start and stop timestamp of
the analytics stream message of interest.
Specifies a predefined time period: Live View, Last 1/24/48
reportingPeriodName periodname hours, Last 7/30/60 days, Business Day or a defined Custom
period.
query anyquery Specifies the query filter to auto filter displayed stream results.
The following sample Python code shows an example of how to construct an analytics stream UI URL from
the contents of an analytics stream message header:
def printMessageASURL(host, stream, msg):
h = msg.header
if h.eventID is not None:
print 'https://%s/streams?' % host + urllib.urlencode(
{ 'stream' : stream,
'events' : h.eventID,
'reportingPeriodName' : h.timestamp
‘query' : h:anyquery})
Using the preceding example Python code, the following URL can be constructed for the
TradeReportStream analytics stream event message with event ID ASXITCH_
AddOrdernoParticipantID, username Admin1 and a reporting period Last 1 hour as seen on a
CNE named nyc-cne:
https://nyc-cne/ui#/streams?stream=TradeReportStream&events=ASXITCH_
AddOrdernoParticipantID&reportingPeriodName=Last%201%20hour&&query=user%3DAdm
in1
The URL launches the relevant historical analytics stream UI page (following successful login) with the
specified message.
EVENT INSPECTION
The following URL redirects to the event inspection UI:
http[s]://<cne-name>/mi?f=<stream-name>&ch=<session-
id>&d=<direction>&cl=<class-id>&t=<timestamp>&p=<packet-id>&m=<message-
offset>
© 2023 Pico Quantitative Trading LLC. All rights reserved 736 .
The following table describes the components required to construct the URL:
URL
Description
Component
cne-name Specifies the host name of the CNE being used to connect to the analytics stream.
stream-name Specifies the name of the analytics stream.
session-id Specifies the defined session name or ID.
direction Specifies the session direction: primary or secondary.
class-id Specifies the session class for which the measurement was made.
packet-id
Specifies the system-defined packet identifier for the message to which this message
was correlated during PNQM latency calculation.
message- Specifies the system-defined message offset for the message to which this message
offset was correlated during PNQM latency calculation.
The following sample Python code shows an example of how to construct an event inspection URL from
the contents of an analytics stream message header:
def printMessageEIURL(host, stream, msg):
h = msg.header
if h.sessionID is not None and h.sessionDir is not None and\
h.classID is not None and h.packetID is not None and\
h.messageOffset is not None:
print 'https://%s/mi?' % host + urllib.urlencode(
{ 'f' : stream,
'ch' : h.sessionID,
'd' : 'primary' if h.sessionDir else 'secondary',
'cl' : h.classID,
't' : h.timestamp,
'p' : h.packetID,
'm' : h.messageOffset })
Using the preceding example Python code, the following URL can be constructed for the primary direction
of a single-class session (class-default) with label DPFMEU:CSFBLL for a message with packetID
506587616363000, zero message offset and a timestamp of 1409741463874022480 as seen in an
analytics stream named TradeReportStream on a CNE named nyc-cne:
https://nyc-cne/mi?ch=DPFMEU%3ACSFBLL&d=primary&cl=class-
default&f=TradeReportStream&m=0&p=506587616363000&t=1409741463874022480
The URL launches the relevant event inspection page (following successful login) with one minute of data
starting with the specified message.
© 2023 Pico Quantitative Trading LLC. All rights reserved 737 .
Streams Type Conversion
This topic describes the conversion rules when mapping event and analytics plug-in field types.
STATISTIC TYPES
Fixed statistics:
l Latency: signed integer containing the latency value expressed in nanosecond resolution.
l Loss: boolean, reports if PNQM loss is detected.
l Message sequence gap: unsigned integer with the length of the detected message sequence
gap
Configurable statistics:
l Min-Mean-Max: unsigned integer.
l Total: unsigned integer.
l Count: boolean.
Statistics threshold:
l Unsigned integer threshold: for latency, min-mean-max measures. Value of the configured
threshold.
l Boolean thresholds: loss, message gaps, measure total, measure count. Flag indicating if
events for this statistics are enabled.
Statistic violations: All statistic violations are reported as a boolean field.
BASIC TYPE CONVERSION
Different analytics plug-ins may supply the value for the same information using different types. The field
mapping allows the mapping from different value types from the decoded protocol fields to the defined
event fields. These same rules apply when assigning a constant value. Not all conversions are
straightforward and may lead to errors.
© 2023 Pico Quantitative Trading LLC. All rights reserved 738 .
Decoder (in)\Event (out) Binary String Unsigned Integer Signed Integer
Binary
Direct Direct Unsupported Unsupported
String
Direct Direct ASCII to Integer ASCII to Integer
Unsigned Integer
Direct Integer to ASCII Direct Almost direct
Signed Integer Direct Integer to ASCII Almost Direct Direct
l Direct conversion: the conversion between types is straightforward without any kind of modi-
fication.
l ASCII to integer conversion: This conversion may fail if invalid characters are found or the
interpreted numeric value is outside the valid range.
l Integer to ASCII conversion: base 10 representation with sign for negative values and no pre-
ceding zeros.
l Almost direct conversion: integer to integer conversion. Issues may arise if the input value is
outside the valid range of values for the output type.
NOTE: For automatically generated fields generated by using the option include-full-message
(available in release 9.5.0 or later), direct conversion is always applied.
NETWORK FIELD CONVERSION
Some network fields use specific conversions when applied to certain event field types:
l vlan, vport: same as integer to ASCII.
l src-ip-addr, dst-ip-addr: Conversion to string uses dot notation (A.B.C.D). All other con-
versions follow the unsigned integer conversion rules.
l src-port, dst-port: same as unsigned integer conversion.
l session-id, message-decoder, message-type: no conversion to integer supported, follows the
string conversion rules for the other cases.
l port: uses the integer value 0 for PortA, 1 for PortB, and so on, in integer conversions. For
other types it follows the string conversion rules using the port name (for example: "PortA").
© 2023 Pico Quantitative Trading LLC. All rights reserved 739 .
Streams Limits
The following limits apply to a whole system, regardless of the distribution across the different configured
analytics streams:
The limits are valid for all currently supported CNE platforms.
Element Limit
analytics-stream 10
clients (per stream) 4
event 400
user-defined event field 2000
auto-generated event field (include-full-message)
NA - See note
[9.5.0 or later]
session direction
100
(include-session/direction)
set-decoded-field/field/constant
6000
(from field-defaults or generate-event)
mapping-rule 200
generate-event 1200
matching-class-map 400
permit-session-id 400
summary-table report-statistic or report-measure 400
NOTE: For the auto-generated event field available in release 9.5.0 or later, all fields configured to be
captured in the custom application for a plugin are streamed.
The following limits are applied per analytics stream or parent configuration element:
© 2023 Pico Quantitative Trading LLC. All rights reserved 740 .
CNE-6550
CNE-6850
CNE-7550
CNE-7750
CNE- CNE-7850
Element Notes
6150
CNE-
8600/8600v2
CNE-
9000/9000v2
CNE-10000
Event 100 100
message-url 1 1 Per event
user-defined event
400/400 400/400 400 per event, 400 unique names per analytics stream
field
auto-generated
event field (include-
full-message) NA NA See the note above
[9.5.0 and later]
include-
20 50 Sessions directions per analytics stream
session/direction
set-decoded-
N/A N/A Only limited system wide
field/field/constant
mapping-rule 100 100 Per analytics stream
generate-event 8 8 Per mapping-rule
matching-class-
1 1 Per generate-event
map
summary-table 1 1 Per analytics stream
key-field 4 4 Per summary-table
summary-table) 10 unique statistics/measures. 40 total aspects (taking
report-statistic or 10/40 10/40 into account count, min, mean, and max variations of
report-measure the report-measure min-mean-max command).
NOTE: When summaries are displayed in the Streams screen in live view, a fixed summarization
period of one second is used, and empty summaries are not shown. This can result in the displayed
timestamps not conforming to a regular time period.
By comparison, summaries returned in real time by the getLiveAnalyticsStreamData API
request use the summarization period configured in the CLI. For example, you can specify summaries
every 30 seconds, so all events within each 30 second period are summarized in a single summary
table.
© 2023 Pico Quantitative Trading LLC. All rights reserved 741 .
Corvil Giga+ Mode
Giga+ Mode Overview 743
Accessing Giga+ Mode 744
Giga+ Mode Service Compliance 746
Giga+ Mode Event Analysis 747
Giga+ Mode Traffic Insight 749
Giga+ Mode Bandwidth Sizing 750
© 2023 Pico Quantitative Trading LLC. All rights reserved 742 .
Giga+ Mode Overview
Corvil Giga+ mode allows legacy users of Corvil to view Corvil in a previous mode, which is different in
look-and-feel to Corvil Analytics, although functionally similar.
© 2023 Pico Quantitative Trading LLC. All rights reserved 743 .
Accessing Giga+ Mode
Giga+ mode is accessible from the menu.
The Giga+ screen appears in its own separate window and the Dashboards display by default.
On a CNE, as in the example above, this tab displays a summary of interfaces and channels experiencing
service compliance issues, top applications, service compliant channels, and recent alarms. Corvil
Management Center displays similar summary information for its connected CNEs. The default reporting
period is for the last 24 hours.
© 2023 Pico Quantitative Trading LLC. All rights reserved 744 .
The tree view on the left allows you to navigate to a channel, interface or class of interest and view
summary congestion, top application and microburst results.
Or you can click on any session to view detailed information relating to it.
© 2023 Pico Quantitative Trading LLC. All rights reserved 745 .
Giga+ Mode Service Compliance
By default, when you click on a session, the Service Compliance tab opens.
This tab lists various graphs relating to the session, such as Latency, Jitter, Expected Queuing Latency,
and Out of Sequence Packets.
Again, the default reporting period is for the last 24 hours, but you can select from the defined reporting
periods.
NOTE: For more information about the Service Compliance tab, please refer to the Service
Compliance section.
© 2023 Pico Quantitative Trading LLC. All rights reserved 746 .
Giga+ Mode Event Analysis
The Event Analysis tab displays similar graphs to the Service Compliance tab, such as Latency, Jitter,
and so on.
Again, this defaults to the last 24 hours. Click Live View to view real-time events in a separate window:
© 2023 Pico Quantitative Trading LLC. All rights reserved 747 .
On the Event Analysis tab, you can zoom in on a particular time to analyze with more precision. To do
so, click and drag on the event timeline and click Analyze.
The Event Inspection window for that period of time is displayed, where you can do detailed analysis of
decoded message and packet data.
NOTE: For more information about the Event Analysis tab, please refer to the topic Event Analysis.
© 2023 Pico Quantitative Trading LLC. All rights reserved 748 .
Giga+ Mode Traffic Insight
The Traffic Insight tab displays packet or message bit rate microburst measurement plots and pie charts
for top applications and top conversations for the selected reporting period.
This tab has a number of sub-tabs with further details that you can view for the session:
l Message Statistics
l Applications
l Talkers
l Listeners
l Conversations
l TCP Statistics
l Configurable statistics
NOTE: For more information about the Traffic Insight tab, please refer to the section Traffic Insight.
© 2023 Pico Quantitative Trading LLC. All rights reserved 749 .
Giga+ Mode Bandwidth Sizing
By default the legacy Bandwidth Sizing screen shows results for network-level sessions.
NOTE: Bandwidth Sizing results are not displayed for application sessions.
Bandwidth sizing results and Sizing Index values are only available for network sessions with a
configured bandwidth and Expected Queuing explicitly enabled. For instructions on how to configure
session bandwidth and enable Expected Queuing for sessions, refer to the section Defining Sessions
in the Corvil Configuration Guide.
You typically should allow the system to measure traffic for at least a week before considering the
bandwidth sizing results. In many cases, you would wait until the system has accumulated a month's
worth of measurements.
The displayed information provides a guide to bandwidth utilization on network links.
NOTE: For more information about the Bandwidth Sizing tab, please refer to the topic Bandwidth
Sizing.
© 2023 Pico Quantitative Trading LLC. All rights reserved 750 .
Corvil Graphs and Charts
Viewing Congestion Graphs 752
Viewing Latency Graphs 761
Viewing Message Statistics 766
Viewing TCP Results 771
Viewing Top N Traffic Leader Results 784
Viewing Traffic Patterns 788
© 2023 Pico Quantitative Trading LLC. All rights reserved 751 .
Viewing Congestion Graphs
The Event Inspection Data Selector includes the following graphs that, when configured, provide
information about congestion points in the network:
l Expected Queuing Latency
l Expected Queue Length
l Expected Queuing Loss
l Corvil Bandwidth – Delay
l Corvil Bandwidth – Queue Length
Density graphs (where provided) display a scatter plot of the chosen results.
WHAT IS EXPECTED QUEUING?
Expected Queuing (EQ) is a Corvil technology that estimates the loss and queuing latency that
applications can expect to incur when they interact with router queues and schedulers in the monitored
network. Expected Queuing results are generated by a simulation based on the traffic seen by the Corvil
appliance. Although Expected Queuing focuses on the principal speed mismatch points in the network,
rather than an end-to-end view, it is true to say that if the end-to-end target is violated in the EQ-modeled
queue, then it will be violated end-to-end for the application traffic.
WHAT IS CORVIL BANDWIDTH?
Corvil Bandwidth (CB) is a Corvil technology that calculates the minimum bandwidth required to meet
specified Quality of Service (QoS) targets for network traffic. Corvil Bandwidth is calculated by the CNE
based on the traffic it monitors and the configured QoS targets.
EXPECTED QUEUING LATENCY
The expected queuing latency graph plots the per-packet delay calculated by the system using a
simulation of the chosen traffic. The expected queuing latency is displayed as a series of millisecond
values during the reporting period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 752 .
The expected queuing latency calculation is made for every packet in the chosen session measured by
the system. The maximum, configured percentile, mean and minimum values are plotted. The graph
legend indicates the colors used to display each:
Max
Displays the maximum of the expected latency values (in milliseconds) calculated during the chosen
reporting period.
x%
Displays the xth percentile of expected latency values during the chosen reporting period. This percentile
is configurable as part of the sizing policy in the service objective being applied to the class. If none has
been configured, the system defaults to the 99.9th percentile.
Mean
Displays the mean of the expected latency values during the chosen reporting period.
Min
Displays the minimum of the expected latency values during the chosen reporting period.
Configuration changes are indicated by a vertical line at the point where the change was made. The graph
to the left of the line is shaded to indicate that it refers to an old configuration.
© 2023 Pico Quantitative Trading LLC. All rights reserved 753 .
NOTE: The displayed maximum, minimum and mean values are calculated over the entire selected
reporting period. Each value includes data measured before any configuration changes during this
period.
NOTE: Select a density graph to display a scatter plot of the chosen results.
EXPECTED QUEUE LENGTH
The expected queue length graph plots the per-packet queue length calculated by the system using a
simulation of the chosen traffic. The expected queue length is displayed as a series of packet count values
during the reporting period. The expected queue length calculation is made for every packet in the chosen
class measured by the system. Then for each period, the maximum, configured percentile, mean and
minimum values are plotted along with the configured queue limit.
Max
Displays the maximum of the expected queuing delay variation values (in milliseconds) calculated during
the chosen reporting period.
x%
Displays the xth percentile of expected queuing delay variation values during the chosen reporting period.
This percentile is configurable as part of the sizing policy in the service objective being applied to the
class. If none has been configured, the system defaults to the 99.9th percentile.
Mean
Displays the mean of the expected queuing delay variation values during the chosen reporting period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 754 .
Min
Displays the minimum of the expected queuing delay variation values during the chosen reporting period.
EXPECTED QUEUING LOSS
The expected queuing loss graph plots the expected packet loss due to queue buffer overflow calculated
by the system using a simulation of the chosen class traffic. The expected queuing loss is displayed as a
percentage of the total packets measured by the system.
Loss estimation is enabled, and its characteristics defined, in the service objective applied to the session.
Configuration changes are indicated by a vertical line at the point where the change was made. The graph
to the left of the line is shaded to indicate that it refers to an old configuration.
NOTE: The displayed maximum, minimum and mean values are calculated over the entire selected
reporting period. Each value includes data measured before any configuration changes during this
period.
CORVIL BANDWIDTH – DELAY
The Corvil Bandwidth graph for delay plots the bandwidth required to meet the configured delay target for
the chosen class. The delay target is configured in the service objective that is applied to the class. For
example, if the configured delay target is 150 ms, then the graph displays the bandwidth required to
ensure that no packet in the class traffic is delayed by more than 150 ms.
© 2023 Pico Quantitative Trading LLC. All rights reserved 755 .
The Corvil Bandwidth values are displayed as a series of values during the reporting period.
The graph legend indicates the colors used to display each:
Max
The maximum of the Corvil Bandwidth values calculated during the chosen reporting period.
x%
The xth percentile of Corvil Bandwidth values during the chosen reporting period. This percentile is
configurable as part of the sizing policy in the service objective being applied to the class. If none has been
configured, the system defaults to the 99.9th percentile.
Mean
The mean of the Corvil Bandwidth values during the chosen reporting period.
Min
The minimum of the Corvil Bandwidth values during the chosen reporting period.
The threshold configured in the service objective for triggering event detection based on the Corvil
Bandwidth delay value is indicated on the graph, as is the capacity of the link.
Configuration changes are indicated by a vertical line at the point where the change was made. The graph
to the left of the line is shaded to indicate that it refers to an old configuration.
© 2023 Pico Quantitative Trading LLC. All rights reserved 756 .
NOTE: The displayed maximum, minimum and mean values are calculated over the entire selected
reporting period. Each value includes data measured before any configuration changes during this
period.
NOTE: Select a density graph to display a scatter plot of the chosen results.
CORVIL BANDWIDTH – QUEUE LENGTH
The Corvil Bandwidth graph for queue length plots the bandwidth required to avoid packet loss due to
queue buffer overflow. The queue length is defined as an attribute of the class in the configuration. For
example, if the queue length configured for the class is 64 packets, then the graph displays the bandwidth
required to prevent the queue for the class traffic building up past 64 packets.
The graph displays a series of Corvil Bandwidth values during the chosen reporting period. The graph
legend indicates the colors used to display each:
Max
The maximum of the Corvil Bandwidth values calculated during the chosen reporting period.
x%
The xth percentile of Corvil Bandwidth values during the chosen reporting period. This percentile is
configurable as part of the sizing policy in the service objective being applied to the class. If none has been
configured, the system defaults to the 99.9th percentile.
© 2023 Pico Quantitative Trading LLC. All rights reserved 757 .
Mean
The mean of the Corvil Bandwidth values during the chosen reporting period.
Min
The minimum of the Corvil Bandwidth values for during the chosen reporting period.
The threshold configured in the service objective for triggering event detection based on the Corvil
Bandwidth delay value is indicated on the graph, as is the capacity of the link.
Configuration changes are indicated by a vertical line at the point where the change was made. The graph
to the left of the line is shaded to indicate that it refers to an old configuration.
NOTE: The displayed maximum, minimum and mean values are calculated over the entire selected
reporting period. Each value includes data measured before any configuration changes during this
period.
NOTE: Select a density graph to display a scatter plot of the chosen results.
VIEWING PRIORITY CLASS RESULTS
If you have configured a multiclass policy-map and assigned priority to one of the classes, such as the
voice class, you can view results for the priority class.
Corvil Bandwidth - Priority
The Corvil Bandwidth - Priority graph plots the bandwidth required to avoid policer packet drops for the
configured priority class traffic.
If the configured priority burst-size in bytes is smaller than a packet size, then the Corvil Bandwidth for that
packet is not well defined, because changing the priority bandwidth cannot, on its own, prevent policer
drop. Should this happen, the Corvil Bandwidth value will jump to a very large value. In such cases, you
can examine the packet size distribution on the Traffic Insight screen to help choose an appropriate
priority burst-size.
© 2023 Pico Quantitative Trading LLC. All rights reserved 758 .
The graph is displayed as a series of kbps values during the reporting period. For each five-minute period,
the maximum, configured percentile, mean and minimum values are plotted:
Max
The maximum of the Corvil Bandwidth values calculated during the chosen reporting period.
xth percentile
The xth percentile of Corvil Bandwidth values during the chosen reporting period. This percentile is
configurable as part of the sizing policy in the service objective being applied to the class. If none has been
configured, the system defaults to the 99.9th percentile.
Mean
The mean of the Corvil Bandwidth values during the chosen reporting period.
Min
The minimum of the Corvil Bandwidth values during the chosen reporting period.
The threshold configured in the service objective for triggering event detection based on the Corvil
Bandwidth value is indicated on the graph, as is the capacity of the link.
Use the Service Objectives menu in System Administration mode to set the quality targets and
thresholds that are used to calculate and display the plotted data. For more information, refer to the
section Configuring Service Compliance Monitoring Features in the Corvil Configuration Guide.
Configuration changes are indicated by a vertical line at the point where the change was made. The graph
to the left of the line is shaded to indicate that it refers to an old configuration.
© 2023 Pico Quantitative Trading LLC. All rights reserved 759 .
NOTE: The displayed maximum, minimum and mean values are calculated over the entire selected
reporting period. Each value includes data measured before any configuration changes during this
period.
Expected Priority Drops
The expected priority drops graph plots the expected level of packet drops due to the action of a
configured policer. The result is calculated by the system using a simulation based on the chosen class
traffic.
Priority drop estimation is enabled, and its characteristics defined, in the service objective applied to the
session.
© 2023 Pico Quantitative Trading LLC. All rights reserved 760 .
Viewing Latency Graphs
The Event Inspection Data Selector includes the following latency, jitter and loss graphs:
l End-to-End Latency
l End-to-End Jitter
l End-to-End Loss
Density graphs (where provided) display a scatter plot of the chosen results.
END-TO-END LATENCY
The End-to-End Latency graph plots the per-packet delay measured by the system for the chosen class
traffic. The end-to-end latency is displayed as a series of millisecond values during the reporting period.
The end-to-end latency calculation is made for every packet in the chosen class measured by the system.
The maximum, configured percentile, mean and minimum values are plotted. The graph legend indicates
the colors used to display each:
Max
Displays the maximum of the end-to-end latency values (in milliseconds) calculated during the chosen
reporting period.
x%
Displays the xth percentile of end-to-end latency values during the chosen reporting period. This
percentile is configurable as part of the sizing policy in the service objective being applied to the class. If
none has been configured, the system defaults to the 99.9th percentile.
© 2023 Pico Quantitative Trading LLC. All rights reserved 761 .
Mean
Displays the mean of the end-to-end latency values during the chosen reporting period.
Min
Displays the minimum of the end-to-end latency values during the chosen reporting period.
Max Directional Offset
Displays a diagnostic value indicating the reliability of time synchronization when measuring latency
between two different CNEs. A steady MDO indicates reliable time synchronization, whereas significant
jitter in the MDO value can be a sign of poor synchronization. When measurement is first established
between two CNEs, the MDO may take some time to stabilize - this is normal. The MDO value is always
drawn at or below the estimated minimum latency on the chart, so in cases where the MDO is the only
value drawn, it is the same as the minimum latency.
Configuration changes are indicated by a vertical line at the point where the change was made. The graph
to the left of the line is shaded to indicate that it refers to an old configuration.
NOTE: The displayed maximum, minimum and mean values are calculated over the entire selected
reporting period. Each value includes data measured before any configuration changes during this
period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 762 .
By default, Corvil displays latency values as positive. However in certain situations, latency values can
have negative values, for example when measuring relative latency between market data feeds. When
measuring relative latency from feed A to feed B, if the A message arrives first then a positive latency is
displayed indicating how long afterwards the B message arrived. If the B message arrives earlier then a
negative value is displayed.
Negative values are only shown on sessions that have PNQM relative latency mode configured. The
relative latency graph shows the positive and negative values separately. The upper half of the graph
shows the positive latency values, including their minimum, average and maximum values. The lower half
shows the negative values, and displays the least negative, average negative and most negative values.
NOTE: Negative latency support, when measuring latency between two CNEs, currently requires that
both CNEs are synchronized to PTP or PPS time sources using the clock-sync command.
If clock-sync is not enabled, negative latency values are truncated to zero. You can verify this by using
the show session command with pnqm which will show a warning ‘missing clock sync
prevented relative latency measurement’. Also, the syslog will report a missed
measurement related to rel-latency-sync.
The Overall average value shown to the right of the relative latency graph is the average of all the
individual packet or message latency values across the displayed period. This can be positive or negative.
NOTE: Currently the overall average latency value across all packets and messages is only available
on relative latency sessions.
END-TO-END JITTER
The End-to-End Jitter graph plots the difference between the latency (maximum, percentile, or mean) and
the minimum latency, for the selected class during the time interval displayed. On a five-minute plot it
represents the difference between the 5-minute latency (whether the maximum, percentile, or mean
value) and the 5-minute minimum. The one-way latency variation target is configured in the service
objective that is applied to the class.
© 2023 Pico Quantitative Trading LLC. All rights reserved 763 .
The graph legend indicates the colors used to display each:
Max
Displays the maximum of the end-to-end jitter values (in milliseconds) measured during the chosen
reporting period.
x%
Displays the xth percentile of end-to-end jitter values during the chosen reporting period.
This percentile is configurable as part of the packet protection target in the service objective being applied
to the class. If none has been configured, the system defaults to the 99.9th percentile.
Mean
Displays the mean of the end-to-end jitter values during the chosen reporting period.
Min
Displays the minimum of the measured end-to-end jitter values during the chosen reporting period.
One-way Max Latency Variation
Indicates the configured one-way maximum latency variation target.
END-TO-END LOSS
The End-to-End Loss graph plots the packet loss measured by the system for the traffic. The end-to-end
loss is displayed as a percentage of the total packets measured by the system.
© 2023 Pico Quantitative Trading LLC. All rights reserved 764 .
Loss measurement is enabled, and its characteristics defined, in the service objective applied to the
session.
NOTE: In Event Inspection there is a distinction made between detected and measured loss.
An End-to-End Loss graph is plotted for the primary session direction (for example the request
direction).
An End to End Detected Loss graph is plotted for the reverse session direction (for example, the
response direction). This graph displays periods during which loss occurred without quantifying the
loss.
In sessions defined between two Corvil appliances, the Event Inspection capture file is recorded at the
local Corvil appliance and packets are not processed by the other Corvil appliance, so there is no
record in the capture file against which to record the loss. Therefore it is not possible to accurately
record loss for these sessions.
Configuration changes are indicated by a vertical line at the point where the change was made. The graph
to the left of the line is shaded to indicate that it refers to an old configuration.
NOTE: The displayed maximum, minimum and mean values are calculated over the entire selected
reporting period. Each value includes data measured before any configuration changes during this
period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 765 .
Viewing Message Statistics
The Event Inspection Data Selector includes the following message-based graphs for application
sessions only:
l Message Sequence Gap (if configured)
l Message Sequence Count (if configured)
l Message Rate
l Message Count
l Top Message Types
l Message Bit-rate Microburst Detection
l Message Rate Microburst Detection
NOTE: If the detection of message sequence gaps is disabled for a session, then no Message
Sequence graphs are available. For example, the default service objective has message gap detection
disabled. If the session of interest has the default service objective applied, then the message
sequence graphs will not be displayed until message gap detection is explicitly enabled by an
administrator.
MESSAGE SEQUENCE GAP GRAPH
The Message Sequence Gap graph displays the percentage of message sequence gaps for all
applications with sequence decoding during the chosen reporting period.
The maximum, minimum and mean values are listed beside the plot.
© 2023 Pico Quantitative Trading LLC. All rights reserved 766 .
MESSAGE SEQUENCE COUNT GRAPH
The Message Sequence Count graph displays the count of accumulated message sequence numbers for
all applications with sequence decoding during the chosen reporting period.
The maximum, minimum and mean values are listed beside the plot.
MESSAGE RATE
The Message Rate graph displays the average number of messages per second recorded during the
chosen reporting period.
The maximum, minimum and mean values are listed beside the plot.
The rate calculation is based on rates calculated independently in each clock-aligned one-second period.
If the area you select on the graph covers a long time period and each bar covers more than one second,
the bar shows the maximum of all one-second rates inside that bar.
If the area you select on the graph covers a very short time period and the bar covers less than one
second, the rate for the full second time period is calculated.
© 2023 Pico Quantitative Trading LLC. All rights reserved 767 .
MESSAGE COUNT
The Message Count graph displays the number of messages recorded during the chosen reporting
period.
The maximum, minimum and mean values are listed beside the plot.
TOP MESSAGE TYPES
Top Message Types displays a chart identifying the top message types seen during the selected reporting
period.
The chart identifies the analytics plug-in and associated message type, the number of messages and the
byte count recorded for each type.
MESSAGE BIT RATE MICROBURST
When you view the details for an application session or class, the Message Bit Rate and Message Rate
Microburst plots are displayed.
© 2023 Pico Quantitative Trading LLC. All rights reserved 768 .
The legend below the graph identifies the color of each plotted line. The graph is based on the following
sources of data:
• the measured peak message bit rate based on one-second measurement
• the measured peak message bit rate based on the timescale resolution configured in the network
service objective for measuring microbursts (for example, 50 ms)
• for sub-sessions (classes) only, the graph includes the measured peak message bit rate based on the
timescale configured in the network service objective queuing targets for delay (for example, 500 ms)
The threshold configured in the network service objective for triggering event detection on microbursts
(for example, 1000 kbps on a 1024 kbps link) is indicated on the graph, as is the capacity of the link.
So three of the plotted quantities are determined by the service objective being applied to the session of
interest. If you have configured specific values in each case, then these configured values form the basis
for the plots you now see. Otherwise the default network service objective values are used.
MESSAGE RATE MICROBURST
The legend below the graph identifies the color of each plotted line. The graph is based on the following
sources of data:
• the measured peak message bit rate based on one-second measurement
• the measured peak message bit rate based on the timescale resolution configured in the network
service objective for measuring microbursts (for example, 50 ms)
© 2023 Pico Quantitative Trading LLC. All rights reserved 769 .
• for sub-sessions (classes) only, the graph includes the measured peak message bit rate based on the
timescale configured in the network service objective queuing targets for delay (for example, 500 ms)
The threshold configured in the network service objective for triggering event detection on microbursts
(for example, 1000 kbps on a 1024 kbps link) is indicated on the graph, as is the capacity of the link.
So three of the plotted quantities are determined by the service objective being applied to the session of
interest. If you have configured specific values in each case, then these configured values form the basis
for the plots you now see. Otherwise the default network service objective values are used.
Configuration changes are indicated by a vertical line at the point where the change was made. The graph
to the left of the line is shaded to indicate that it refers to an old configuration.
If the class traffic is perfectly smooth (that is, it is transmitting at a constant bit rate) then all three
measurements listed above will be the same. The more bursty the traffic, the more variation there will be
between these measurements. This can help you understand why an application that looks like it has very
low bandwidth requirements on average may actually be causing drops in the network when it transmits
very sharp short spikes.
© 2023 Pico Quantitative Trading LLC. All rights reserved 770 .
Viewing TCP Results
The Event Inspection Data Selector includes the following TCP graphs:
l Goodput Rate
l Goodput byte count
l Left, Right, and Connection Setup Roundtrip Time (including density graphs)
l Left and Right Application Response Time (including density graphs)
l TCP Packet Count
l TCP Zero Window Size Packet Count
l Out of Sequence Packets
l Out of Sequence Packets: Retransmitted
l Out of Sequence Packets: Reordered
l Fin packet count
l Syn packet count
l RST packet count
Density graphs (where provided) display a scatter plot of the chosen results.
TCP STATISTICS OVERVIEW
The TCP statistics displayed provide layer 4 quality measurements.
© 2023 Pico Quantitative Trading LLC. All rights reserved 771 .
Goodput
The amount of data successfully delivered, minus any data that was lost or re-transmitted.
Roundtrip time (RTT)
The following roundtrip time measurements made:
l Remote/Right RTT - measures the round trip time from the CNE out to the remote
site/primary session destination.
l Local/Left RTT - measures the round trip time from the CNE to the data center or local
site/primary session source.
l Connection Setup RTT - measures the sum of the left/local (SYN-ACK - ACK) and right/re-
mote (SYN - SYN-ACK) roundtrip times (in milliseconds) when a given connection is set up via
three-way handshake.
TCP RTTs are measured as the time taken for a sequence number in a transmitted TCP packet to be
directly acknowledged by an ACK in the opposite direction. The RTT measurement is not made if either
the original sequence number is indirectly acknowledged with a cumulative ACK, or out-of-order
sequence numbers were observed on the TCP stream between the transmission of the original sequence
number and the receipt of the ACK.
The RTT measurement mode may be configured (UI or CLI) using the following options:
l connection-setup: the only sequence-numbers used to measure the RTT are the initial ones
exchanged at connection setup in the SYN packets.
l continuous-filtered: RTT measurements are attempted for all data exchanged over a TCP
connection, but a simple heuristic is applied to exclude those acknowledgments that may have
been delayed in the receiver by TCP's delayed-acknowledgment mechanism.
l continuous-unfiltered: no delayed-acknowledgment heuristic filter is applied, and RTT
measurements are attempted for all data.
NOTE: Not every opportunity for measuring RTTs may be taken by the system; it will not attempt to
measure the RTT of a new sequence number on a TCP connection if all RTT-measurement resources
are already busy.
Left and Right TCP RTTs are tracked separately:
© 2023 Pico Quantitative Trading LLC. All rights reserved 772 .
Left RTTs are measured as the time from when the appliance sees the sequence number from a remote
host until it sees the corresponding acknowledgment from its local peer.
Right RTTs are measured as the time from when the appliance sees the sequence number from a local
host until it is directly acknowledged by its remote peer.
NOTE: This classification into local- and remote-RTT does not depend on which host initiated the
connection (that is, which host is the client and which is the server).
Application Response Time (ART)
The amount of time required for the server to process a client request and send a response as measured
by the CNE. This includes the network overhead of the request and is defined as the time between when
the CNE sees the client send a PSH packet and the time when the CNE sees the server send data in a
response.
Out of sequence
The number of bytes of data received out of sequence due to re-ordering or re-transmissions.
Concurrent Connections
The number of concurrent, successful TCP connections over the selected time interval.
Corvil TCP measurements (for example Goodput, Roundtrip Time, Application Response Time) are
enabled or disabled by an administrator in the settings applied to the session of interest via the service
objective. Disabled measurements are displayed as 'Not Configured.'
GOODPUT RATE
When you view the TCP statistics for an interface, session or a class, the Goodput rate plot is displayed.
This graph displays the total number of payload bytes successfully delivered, minus any data that was lost
or re-transmitted, during the selected reporting period. This goodput data is displayed along with the
throughput, which includes TCP headers and re-transmissions.
© 2023 Pico Quantitative Trading LLC. All rights reserved 773 .
The minimum and maximum values are listed above the plot.
The rate calculation is based on rates calculated independently in each clock-aligned one-second period.
If the area you select on the graph covers a long time period and each bar covers more than one second,
the bar shows the maximum of all one-second rates inside that bar.
If the area you select on the graph covers a very short time period and the bar covers less than one
second, the rate for the full second time period is calculated. In the example below, the graph covers a
sub-second period which straddles two one-second intervals.
GOODPUT BYTE COUNT
When you view the Event Inspection drilldown TCP statistics for an interface, session or a class, the
Goodput byte count plot is displayed. The Goodput byte count graph displays the total number of payload
bytes successfully delivered, minus any data that was lost or re-transmitted, during the selected reporting
period. This goodput data is displayed along with the throughput, which includes TCP headers and re-
transmissions.
© 2023 Pico Quantitative Trading LLC. All rights reserved 774 .
The minimum and maximum values are listed above the plot.
LEFT RTT
Left Roundtrip Time
For primary sessions, displays the measured round trip time in milliseconds from the appliance to hosts at
the defined session source subnet-groups.
For secondary (reverse) sessions, displays the measured round trip time in milliseconds from the
appliance to hosts at the defined session destination subnet-groups.
© 2023 Pico Quantitative Trading LLC. All rights reserved 775 .
The maximum, minimum and mean values are listed beside the plot. If the configured threshold is
significantly larger than the graphed values, and cannot be reasonably plotted on the same graph, the
threshold value is displayed under the graph.
RIGHT RTT
Right Roundtrip Time
For primary sessions, displays the measured round trip time in milliseconds from the appliance out to
hosts at the defined session destination subnet-groups.
For secondary (reverse) sessions, displays the measured round trip time in milliseconds from the
appliance out to hosts at the defined session source subnet-groups.
The maximum, minimum and mean values are listed beside the plot. If the configured threshold is
significantly larger than the graphed values, and cannot be reasonably plotted on the same graph, the
threshold value is displayed under the graph.
CONNECTION SETUP RTT
This graph displays the sum of the left/local (SYN-ACK - ACK) and right/remote (SYN - SYN-ACK)
roundtrip times (in milliseconds) when a given connection is set up.
© 2023 Pico Quantitative Trading LLC. All rights reserved 776 .
The maximum, minimum and mean values are listed beside the plot. If the configured threshold is
significantly larger than the graphed values, and cannot be reasonably plotted on the same graph, the
threshold value is displayed under the graph.
LOCAL ART
Local Application Response Time
For primary sessions, displays the amount of time in milliseconds required for a server at the session
source subnet-group to process a client request and send a response. For secondary (reverse) sessions,
displays the amount of time in milliseconds required for a server at the session destination subnet-group
to process a client request and send a response.
The measurements include the network delay between the appliance and the server. Results are plotted
as a distribution of elapsed time for every PSH packet sent by the client and the corresponding server
send data response.
The graph also displays the xth percentile of ART values during the chosen reporting period. This
percentile is configurable as part of the service objective being applied to the class. If none has been
configured, the system defaults to the 95th percentile.
© 2023 Pico Quantitative Trading LLC. All rights reserved 777 .
The maximum, minimum and mean values are listed beside the plot.
REMOTE ART
Remote Application Response Time
For primary sessions, displays the amount of time in milliseconds required for a server at the session
destination subnet-group to process a client request and send a response. For secondary (reverse)
sessions, displays the amount of time in milliseconds required for a server at the session source subnet-
group to process a client request and send a response.
The measurements include the network delay between the appliance and the server. Results are plotted
as a distribution of elapsed time for every PSH packet sent by the client and the corresponding server
send data response.
The graph also displays the xth percentile of ART values during the chosen reporting period. This
percentile is configurable as part of the service objective being applied to the class. If none has been
configured, the system defaults to the 95th percentile.
The maximum, minimum and mean values are listed beside the plot.
OUT OF SEQUENCE PACKETS
The Out of Sequence Packets graph displays data received out of sequence due to re-ordering or re-
transmissions during the selected reporting period as a percentage of goodput.
© 2023 Pico Quantitative Trading LLC. All rights reserved 778 .
The maximum, minimum and mean values are listed beside the plot.
OUT-OF-SEQUENCE PACKET COUNT
The Out-of-Sequence Packet Count graph displays the number of out of sequence or retransmitted
packets detected during the chosen reporting period.
The maximum, minimum and mean values are listed beside the plot
TCP PACKET COUNT
The TCP Packet Count graph displays the number of packets seen on a given class during the chosen
reporting period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 779 .
The maximum, minimum and mean values are listed beside the plot.
TCP ZERO WINDOW PACKET COUNT GRAPH
The TCP Zero Window Packet Count graph indicates application congestion by displaying the number of
TCP packets with an advertised window size of zero measured for the session during the selected
reporting period.
The maximum, minimum and mean values are listed beside the plot.
OUT OF SEQUENCE PACKETS: RETRANSMITTED
The Out of Sequence Packets graph displays data received out of sequence due re-transmissions during
the selected reporting period as a percentage of goodput.
© 2023 Pico Quantitative Trading LLC. All rights reserved 780 .
The minimum and maximum values are listed above the plot.
NOTE: To display this graph, you must enable the measure-messages setting include-non-
message-packets for your session. You can do this when configuring the session on the UI or by
using the CLI command measure-messages include-non-message-packets.
OUT-OF-SEQUENCE PACKETS: REORDERED
The Out-of-Sequence Packets: Reordered graph displays the number of out of order packets detected
during the chosen reporting period.
The minimum and maximum values are listed above the plot.
NOTE: To display this graph, you must enable the measure-messages setting include-non-
message-packets for your session. You can do this when configuring the session on the UI or by
using the CLI command measure-messages include-non-message-packets.
© 2023 Pico Quantitative Trading LLC. All rights reserved 781 .
SYN PACKET COUNT
The Syn Packet Count graph displays the number of SYN packets detected during the chosen reporting
period.
The minimum and maximum values are listed above the plot.
FIN PACKET COUNT
The Fin Packet Count graph displays the number of FIN packets detected during the chosen reporting
period.
The minimum and maximum values are listed above the plot.
RST PACKET COUNT
The Rst Packet Count graph displays the number of RST packets detected during the chosen reporting
period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 782 .
The minimum and maximum values are listed above the plot.
© 2023 Pico Quantitative Trading LLC. All rights reserved 783 .
Viewing Top N Traffic Leader Results
The charts identifying Top N traffic leaders for the event are as follows:
l Top applications
l Top talkers
l Top listeners
l Top conversations
You can use these charts to identify the applications comprising the largest share of network traffic and
the hosts transmitting and receiving the most traffic as you zoom in on a particular quality event.
TOP APPLICATIONS
You can view pie charts illustrating the top applications over the selected timescale. The pie chart shows
the relative portions of bandwidth used by the most active applications on the network at the time.
Top Applications
Identifies the name of each of the top discovered applications during the selected timescale. If the system
has not had enough time to match a given set of traffic with a known application, it is listed as
'Undetermined.' If traffic does not belong to an application known to the system, it is added to the listed
category 'Unknown.'
Bytes
Displays the total number of bytes for the application during the selected timescale.
Packets
Displays the total number of packets for the application during the selected timescale.
© 2023 Pico Quantitative Trading LLC. All rights reserved 784 .
The colors match each colored segment of the chart to a listed application.
TOP TALKERS
You can view pie charts illustrating the top talkers during the selected timescale.
The pie chart shows the relative portions of bandwidth used by the most active data transmitters on the
network at the time.
Address
Identifies the IP address for the hosts sending the most traffic during the selected timescale
Bytes
Displays the total number of bytes transmitted by each host during the selected timescale.
Packets
Displays the total number of packets transmitted by each host during the selected timescale.
The colors match each colored segment of the chart to a listed talker.
TOP LISTENERS
You can view pie charts illustrating the top listeners during the selected reporting period.
© 2023 Pico Quantitative Trading LLC. All rights reserved 785 .
The pie chart shows the relative portions of bandwidth used by the most active listeners on the network.
Address
Identifies the IP address for the hosts receiving the most traffic during the selected timescale.
Bytes
Displays the total number of bytes received by the host during the selected timescale.
Packets
Displays the total number of packets received by the host during the selected timescale.
The colors match each colored segment of the chart to a listed listener.
TOP CONVERSATIONS
You can view pie charts illustrating the top conversations during the selected timescale.
The pie chart shows the relative portions of bandwidth used by the most active conversations on the
network.
© 2023 Pico Quantitative Trading LLC. All rights reserved 786 .
Top Conversations
Identifies the source and destination address/port for the busiest traffic flows during the selected
timescale.
Application
Identifies the application (if known) that comprises the conversation between the listed hosts.
Bytes
Displays the total number of bytes for the conversation during the selected timescale.
Packets
Displays the total number of packets for the conversation during the selected timescale.
The colors match each colored segment of the chart to a listed conversation.
© 2023 Pico Quantitative Trading LLC. All rights reserved 787 .
Viewing Traffic Patterns
The following traffic statistic graphs are available for in the Data Selector:
l Packet Bit rate Microburst Detection
l Packet Rate Microburst Detection
l Average Bit Rate
l Byte-counts
l Packet Rate
l Packet-counts
l Active flows
l Packet size distributions
You can use these graphs to identify the traffic patterns for the chosen zoom level. For example, if the
values displayed in these graphs vary significantly, the traffic is probably bursty. Smoother traffic will tend
to have fewer variations of these statistics over time.
WHAT IS MICROBURST?
Microburst is a Corvil technology that provides a measurement of the instantaneous rate of traffic and
detects bursty applications that can cause congestion. Corvil provides granular microburst monitoring at
both the network and application layers. Microburst monitoring can detect saturated servers and network
links, and ensure that systems are provisioned to keep up with peak market data rates.
PACKET BIT RATE MICROBURST
The Packet Bit Rate Microburst graph displays measured peak bit rates at a configurable millisecond-level
resolution.
© 2023 Pico Quantitative Trading LLC. All rights reserved 788 .
The legend below the graph identifies the color of each plotted line. The graph is based on the following
sources of data:
l the measured peak bit rate based on one-second measurement
l the measured peak bit rate based on the timescale resolution configured in the service object-
ive for measuring microbursts (for example, 50 ms)
PACKET RATE MICROBURST
The Packet Rate Microburst graph displays measured peak packet rates at a configurable millisecond-
level resolution.
The legend below the graph identifies the color of each plotted line. The graph is based on the following
sources of data:
l the measured peak packet rate based on one-second measurement
l the measured peak packet rate based on the timescale resolution configured in the service
objective for measuring microbursts (for example, 50 ms)
The threshold configured in the service objective for triggering event detection on microbursts (for
example, 1000 kbps on a 1024 kbps link) is indicated on the graph, as is the capacity of the link.
© 2023 Pico Quantitative Trading LLC. All rights reserved 789 .
So two of the plotted quantities are determined by the service objective being applied to the session of
interest. If specific values have been configured by an administrator in each case, then these configured
values form the basis for the plots you now see. Otherwise the default service objective values are used.
NOTE: Under certain conditions it is possible to see higher peak values measured for larger
millisecond resolutions than for smaller ones. For example, let's say you have configured a queuing
delay target of 500ms and a microburst peak measurement resolution of 400ms. If traffic arrives in
separate groups of packets, separated by any more than 400ms, the 400ms peak estimate does not
account for two of these groups of packets, whereas the 500ms does. So, the 500ms peak
measurement turns out to be greater than the 400ms peak.
This effect is more common if you have shape detection turned off. Let's say we have packets spaced
by 450ms. Then the 500ms 'raw' peak will see two packets in 500ms, and the 400ms 'raw' peak will
see one packet in 400ms. Hence, the 500ms raw peak will exceed the 400ms one. The effect is rarer
when you have shape detection enabled, because you need to have groups of more than one packet,
but, as described above, it is still possible.
If the traffic is perfectly smooth (that is, it is transmitting at a constant bit rate) then the bit rate
measurements listed above will be the same. The more bursty the traffic, the more variation there will be
between these measurements. This can help you understand why an application that looks like it has very
low bandwidth requirements on average may actually be causing drops in the network when it transmits
very sharp short spikes.
AVERAGE BIT RATE AND BYTE-COUNTS GRAPHS
The Average Bit Rate graph plots the average number of bits measured for the traffic during the selected
reporting period.
The rate calculation is based on rates calculated independently in each clock-aligned one-second period.
If the area you select on the graph covers a long time period and each bar covers more than one second,
the bar shows the maximum of all one-second rates inside that bar.
If the area you select on the graph covers a very short time period and the bar covers less than one
second, the rate for the full second time period is calculated. In the example below, a fraction of a one
second interval is selected, hence, a continuous bar is displayed.
© 2023 Pico Quantitative Trading LLC. All rights reserved 790 .
As you zoom in on shorter and shorter timescales, it can make more sense to view the Byte-counts graph.
The Byte-counts graph plots the number of bytes measured for the traffic during the selected time interval.
The minimum and maximum values are listed above the plot.
AVERAGE PACKET RATE AND PACKET-COUNTS
GRAPHS
The Average Packet Rate graph plots the average number of packets measured for the traffic during the
selected reporting period.
The rate calculation is based on rates calculated independently in each clock-aligned one-second period.
If the area you select on the graph covers a long time period and each bar covers more than one second,
the bar shows the maximum of all one-second rates inside that bar.
If the area you select on the graph covers a very short time period and the bar covers less than one
second, the rate for the full second time period is calculated. In the example below, a fraction of a one
second interval is selected, hence, a continuous bar is displayed.
© 2023 Pico Quantitative Trading LLC. All rights reserved 791 .
As you zoom in on shorter and shorter timescales, it can make more sense to view the Packet-counts
graph.
The Packet-counts graph plots the number of packets measured for the traffic during the selected time
interval.
The minimum and maximum values are listed above the plot.
ACTIVE FLOWS GRAPH
The Active Flows graph plots the number of active flows during the selected time interval.
© 2023 Pico Quantitative Trading LLC. All rights reserved 792 .
There may be other flows open, but at the selected timescale, you see only the number of flows that are
actively transmitting data.
The minimum and maximum values are listed above the plot.
VIEWING PACKET SIZE DISTRIBUTIONS
You can view pie charts illustrating the packet size distribution in terms of both packets and bytes for the
network traffic over the selected timescale.
Packet Size
Displays the ranges of packet sizes.
Packets
Displays the total number of packets of each size transmitted by each host during the selected timescale.
Bytes
Displays the total number of bytes transmitted during the selected timescale of each packet size.
© 2023 Pico Quantitative Trading LLC. All rights reserved 793 .
Corvil Measurement Warnings
Measurement Warning Overview 795
Checking Measurement Warning Settings 796
© 2023 Pico Quantitative Trading LLC. All rights reserved 794 .
Measurement Warning Overview
Measurements reported by Corvil may be degraded due to various factors affecting specific sessions (for
example, misconfiguration or decoding issues) or the system as a whole (for example, clock
synchronization or connectivity issues). Measurement warnings are displayed in the UI if issues are
detected by the system and if the relevant warning is enabled using the system-setting CLI command.
© 2023 Pico Quantitative Trading LLC. All rights reserved 795 .
Checking Measurement Warning Settings
You can check which UI measurement warnings are currently enabled or disabled using the show
system-settings | include warning CLI command. To enable or disable warnings for a given
measurement issue, use
[no] system-setting measurement-warning <warning-type>
Measurement
UI
Warning Type
Measurement Description
(CLI
Warning
Configuration)
Indicates that clock-synchronization availability (for example,
GPS or PPS, if configured) is less than 100% (system-wide
clock sync issue). Also reported via an associated system alert (if enabled). clock-sync-
unavailable availability
Measurement warning enabled by default.
Indicates that a decoded message field providing a value to a
could not obtain configurable statistic contains an invalid value (session issue).
non-negative Invalid values in this context are either negative numbers or, for
numeric value example, ASCII strings which could not be converted to csm-invalid-
from message field numbers. value
for configurable
statistic
Measurement warning enabled by default.
Indicates that a configurable statistic calculation resulted in an
overflow (channel issue). For example, a measure-total
configurable statistic (measuring a signed 64-bit number) that
configurable stats exceeds the maximum value that can be stored in a 64-bit csm-overflow
map overflow number.
Measurement warning enabled by default.
Indicates that the system has detected packets dropped during
disk capture (system-wide issue). Packets dropped during disk
capture also reported via the CLI status command and an
disk capture drops associated system alert (if enabled). capture drop
Measurement warning enabled by default.
© 2023 Pico Quantitative Trading LLC. All rights reserved 796 .
Measurement
UI
Warning Type
Measurement Description
(CLI
Warning
Configuration)
Indicates that a message decode failure has been detected
message decode (session issue). decode-failure
failure
Measurement warning disabled by default.
Indicates a situation where TCP reassembly issues may be
leading to gaps in results (session issue).
Apart from packet loss or reordering in the network, monitored
message TCP packets may be lost before reaching the CNE (for example, due
decode-tcp-
payload missing to switch port mirroring/spanning drops or other CNE reassembly
during reassembly connectivity issues). The system eventually discards the TCP
payload that was buffered while waiting for the retransmissions to
arrive. This situation can result in missing information in the UI
Event Inspection screens (for example, missing packets when
switching between the message and packet table views).
Measurement warning enabled by default.
Indicates that a duplicate packet has been detected (session
issue).
A number of CNE features may be seriously impacted if the CNE
receives and processes duplicate traffic. Traffic duplication is
usually caused by SPAN port configuration issues and is also a
likely reason for seeing a very large proportion of PNQM hash
collisions being reported (see below).
duplicate packets duplicate-pkt
By default, the system is configured to detect and ignore
duplicate packets (using full ethernet-frame matching) arriving
on a given port, with the packet duplication history limited to 1ms
and 64 packets.
Measurement warning enabled by default.
© 2023 Pico Quantitative Trading LLC. All rights reserved 797 .
Measurement
UI
Warning Type
Measurement Description
(CLI
Warning
Configuration)
Indicates unstable flow tags in session discovery (session issue).
When defining flow-tags for session discovery, Corvil
recommends using message fields that are expected to remain
flow-tags-
flow tags unstable the same for a given traffic flow, where possible. If, without any unstable
configuration changes occurring, the calculated flow-tag
changes, the system reports this measurement warning.
Measurement warning enabled by default.
Indicates that less than 100% of packets or messages have been
processed during PNQM latency measurement (session issue).
A PNQM availability warning may be displayed immediately after
a session has been defined or reconfigured. PNQM hash pnqm-
PNQM unavailable collisions (see below) are a common reason for reduced availability
availability.
Measurement warning enabled by default.
Indicates that the system has detected a PNQM signature drop
or port drop.
Each packet or decoded application message processed by
PNQM as part of latency measurement is uniquely identified
using a 64-bit hash. This information, along with a timestamp and
other data, forms a unique 16-byte signature used to describe
each packet or message.
PNQM signature pnqm-drop
or port drop
Knowledge of whether signature drops are occurring is important
for:
l Deciding to reduce the sampling rate of PNQM ses-
sions for latency measurement
l Reconciling the number of packets reported lost by
PNQM and, say, network equipment
Measurement warning enabled by default.
© 2023 Pico Quantitative Trading LLC. All rights reserved 798 .
Measurement
UI
Warning Type
Measurement Description
(CLI
Warning
Configuration)
Indicates that the system has detected PNQM hash collisions
(session issue).
Ideally, PNQM signatures are defined in such a way that they
uniquely identify each packet or message processed by PNQM
during latency measurement. However, due to PNQM signature
PNQM hash pnqm-hash-
mis-configuration or duplicate packets or messages seen by a collision
collision
CNE, signature generation may not uniquely identify packets or
messages. In this case more than one packet or message can
end up sharing the same signature, resulting in hash collisions
and impaired latency measurement.
Measurement warning disabled by default.
Indicates that reported latency values may be incomplete due to
an incident such as a PNQM signature drop, port drop,
temporary link connection failure, CNE restart, and so on. In
many instances a PNQM missed measurement warning is
PNQM missed accompanied by another warning such as a port drop and
pnqm-missed-
measurement measurement
associated system alerts.
Measurement warning enabled by default.
Indicates that a CNE physical port is reporting dropped packets.
Dropped packets per-physical port also reported via the CLI
status command.
port drops port-drop
System-wide issue.
Measurement warning enabled by default.
© 2023 Pico Quantitative Trading LLC. All rights reserved 799 .
You might also like
- Appresponse Xpert Administrator Guide.9.0.3.712 00195 02 - Rev 2No ratings yetAppresponse Xpert Administrator Guide.9.0.3.712 00195 02 - Rev 2216 pages
- DevInfo 7.0 User Guide for Data VisualizationNo ratings yetDevInfo 7.0 User Guide for Data Visualization38 pages
- IIS263 - SAP Analytics Cloud With Focused Insights For SAP Solution ManagerNo ratings yetIIS263 - SAP Analytics Cloud With Focused Insights For SAP Solution Manager16 pages
- NetBackup IT Analytics Inventory Reports v11.4No ratings yetNetBackup IT Analytics Inventory Reports v11.424 pages
- Cognos Analytics - Getting Started With DashboardingNo ratings yetCognos Analytics - Getting Started With Dashboarding60 pages
- Operations Dashboard 7.2: ST-OST 200 SP06No ratings yetOperations Dashboard 7.2: ST-OST 200 SP0646 pages
- Business Analytics Overview and TechniquesNo ratings yetBusiness Analytics Overview and Techniques37 pages
- Boosting Business Visibility with SalesforceNo ratings yetBoosting Business Visibility with Salesforce46 pages
- CCW331 Business Analytics Lecture Notes 2No ratings yetCCW331 Business Analytics Lecture Notes 2185 pages
- IBM Cognos Analytics - Getting Started With ExplorationNo ratings yetIBM Cognos Analytics - Getting Started With Exploration40 pages
- WP Picturing Performance Dashboards and Scorecards 1No ratings yetWP Picturing Performance Dashboards and Scorecards 119 pages
- Strategic Dashboard 7.2: ST - OST 200 SP06No ratings yetStrategic Dashboard 7.2: ST - OST 200 SP0624 pages
- Senturus IBM Cognos Analytics Overview New Features Jumpstart Half DayNo ratings yetSenturus IBM Cognos Analytics Overview New Features Jumpstart Half Day92 pages
- Getting Started Creating Dashboards: Sap Businessobjects Xi 3.1 Service Pack 3No ratings yetGetting Started Creating Dashboards: Sap Businessobjects Xi 3.1 Service Pack 366 pages
- Chapter 21 Presenting Information Lyst1742878357363No ratings yetChapter 21 Presenting Information Lyst174287835736312 pages
- Chapter-10-Introduction To Dashboards and AlertsNo ratings yetChapter-10-Introduction To Dashboards and Alerts64 pages
- Individual and Collaborative User Experience: 6.1 Dashboard OverviewNo ratings yetIndividual and Collaborative User Experience: 6.1 Dashboard Overview16 pages
- Java Programs for Database and GUI Applications100% (1)Java Programs for Database and GUI Applications68 pages
- Firmware Upgrade Instruction For STM32 Base Products - DRAGINONo ratings yetFirmware Upgrade Instruction For STM32 Base Products - DRAGINO17 pages
- Pasado Simple-Simple Past: + Principal Verb + ComplementNo ratings yetPasado Simple-Simple Past: + Principal Verb + Complement4 pages
- Strategies for Managing Special Needs StudentsNo ratings yetStrategies for Managing Special Needs Students2 pages
- QuickStartGuide InterestCoordinator InteriorNo ratings yetQuickStartGuide InterestCoordinator Interior10 pages
- Android Development Journey Journal 2022No ratings yetAndroid Development Journey Journal 202235 pages
- Partisipasi Komunikasi Pembangunan BendunganNo ratings yetPartisipasi Komunikasi Pembangunan Bendungan12 pages
- Inspiring Stories of Young Disabled Achievers33% (6)Inspiring Stories of Young Disabled Achievers16 pages
