Blog

Announcing Gravwell Version 3.2

Jul 31, 2019 9:26:42 AM / by John Floren

We are happy to announce the immediate availability of Gravwell version 3.2.0!

This minor release of Gravwell contains a few new renderers and a bunch of performance improvements. Over the next few days we will be showcasing each of the new features. Check out our changelog for the full technical details.

One of the most exciting new features in Gravwell 3.2.0 is the point-to-point renderer. The point-to-point renderer (called point2point) allows you to display vectors, directional lines with a source and a destination.  The point2point renderer can be applied to almost any data source that has a source and destination location.  Many of our customers have requested the point2point renderer for displaying network data but a few in the ICS space asked for it to display physical systems of lines, pipes, and even roads.

Examining Point2Point

To demonstrate the point to point renderer we will apply it to some PCAP data to see the origin and destination of packets on the network.  The geoip module is used to provide location information to the packets using the MaxMind geoip database.  Here is a very basic query which draws flows of network packets:

tag=pcap packet ipv4.SrcIP ipv4.DstIP | geoip SrcIP.Location as sloc DstIP.Location as dloc | point2point -srcloc sloc -dstloc dloc

map1

By default point2point draws a static set of lines overlaid on a 2D map, but we can turn on animations to make the source/destination relationship more obvious:

anim

2D maps are great to display information quickly, but if you want to impress your boss the interactive 3D globe looks great in SOCs.  Click the "Globe" button to toggle to the 3D globe:

globe1

By default the thickness of the vectors corresponds to the number of entries seen for that source/destination pair, but with the `-mag` flag you can easily specify a different magnitude:

tag=pcap packet ipv4.SrcIP ipv4.DstIP ipv4.Length | geoip SrcIP.Location as sloc DstIP.Location as dloc | sum Length by sloc,dloc | point2point -srcloc sloc -dstloc dloc -mag sum

mag

And if you find the default colors a bit boring, you can change the theme on your user preferences page:

green

red

A more exhaustive description of point2point's options can be found on its documentation page.

Try Gravwell

To give Gravwell at try checkout out our free community edition:

Get Community Edition

If you would like to see how Gravwell can provide unparalleled access to all your data with a predictable total cost of ownership, schedule a demo:

Schedule a Demo

 

Topics: Software Updates, DevOps Analytics

John Floren

Written by John Floren

John's been writing Go since before it was cool and developing distributed systems for almost as long.