Skip to content

pktvisor

Open Source Observability Agent Star

Image 1 of Grafana Dash

What is pktvisor?

pktvisor (pronounced "packet visor") is an observability agent for summarizing high volume, information dense data streams down to lightweight, immediately actionable observability data directly at the edge. Its goal is to extract the signal from the noise; to separate the needles from the haystacks as close to the source as possible.

It is a resource efficient, side-car style agent built from the ground up to be modular and dynamically controlled in real time via API. Input and processor modules may be dynamically loaded at runtime. Metric output can be visualized both on-node via command line UI (for a localized, hyper real-time view) as well as centrally collected into industry standard observability stacks like Prometheus and Grafana.

The input stream system is designed to tap into data streams, and currently focuses on packet capture but will soon support additional taps such as sFlow / Netflow , dnstap, envoy taps, and eBPF.

The stream processor system includes full application level analysis, and efficiently summarizes to one minute buckets of:

  • Counters
  • Histograms and Quantiles
  • Timers and Rates
  • Heavy Hitters/Frequent Items/Top N
  • Set Cardinality
  • GeoIP

Born at NS1 Labs, pktvisor has its origins in observability of critical internet infrastructure in support of DDoS protection, traffic engineering, and ongoing operations.

These screenshots display both the command line and centralized views of the Network and DNS stream processors, and the types of summary information provided:

Image of CLI UI Image 2 of Grafana Dash