From 73497a6e3f4701d44b1a858e9783e38329179114 Mon Sep 17 00:00:00 2001 From: Dimitri Nicolopoulos Date: Thu, 6 Jun 2024 10:14:42 -0700 Subject: [PATCH] [EV-4885] Address formatting and typos --- .../visibility/elastic/flow/aggregation.mdx | 20 +++++++++---------- .../visibility/elastic/flow/datatypes.mdx | 8 ++++---- .../visibility/elastic/flow/aggregation.mdx | 20 +++++++++---------- .../visibility/elastic/flow/datatypes.mdx | 8 ++++---- .../visibility/elastic/flow/aggregation.mdx | 20 +++++++++---------- .../visibility/elastic/flow/datatypes.mdx | 8 ++++---- .../visibility/elastic/flow/aggregation.mdx | 20 +++++++++---------- .../visibility/elastic/flow/datatypes.mdx | 8 ++++---- 8 files changed, 56 insertions(+), 56 deletions(-) diff --git a/calico-cloud/visibility/elastic/flow/aggregation.mdx b/calico-cloud/visibility/elastic/flow/aggregation.mdx index 9fe87dd8e..2110a20e3 100644 --- a/calico-cloud/visibility/elastic/flow/aggregation.mdx +++ b/calico-cloud/visibility/elastic/flow/aggregation.mdx @@ -24,17 +24,17 @@ depends on your deployment; we recommend reviewing aggregation levels to underst ### Aggregation types and levels -For allowed flows, the default aggregation level is 2, `AnyConnectionFromSamePodPrefix` and for denied flows the default aggregation level is 1, +For allowed flows, the default aggregation level is 2, `AnyConnectionFromSamePodController` and for denied flows the default aggregation level is 1, `AnyConnectionFromSameSourcePod`. The following table summarizes the aggregation levels by flow log traffic: -| **Level** | **Name** | **Description** | -|-----------|-------------------------------------|-------------------------------------------------------------------| -| 0 | | No aggregation | -| 1 | AnyConnectionFromSameSourcePod | Identity fields below source pod level are masked out. It means that flows, to the same destination, from processes or controllers in the same source pod, are aggregated together. | -| 2 | AnyConnectionFromSamePodPrefix | In addition to the above, source pod names are aggregated based on their shared prefixes. This means that flows, to the same destination, from pods within the same pod controller (Deployment/ReplicaSet) are aggregated together. | -| 3 | AnyConnectionBetweenSamePodPrefixes | This level of aggregation builds on the previous two levels and also groups destination pod names based on their shared prefixes. | +| **Level** | **Name** | **Description** | +|-----------|----------------------------------------|-------------------------------------------------------------------| +| 0 | | No aggregation | +| 1 | AnyConnectionFromSameSourcePod | Identity fields below source pod level are masked out. It means that flows, to the same destination, from processes or controllers in the same source pod, are aggregated together. | +| 2 | AnyConnectionFromSamePodController | In addition to the above, source pod names are aggregated based on their shared prefixes. This means that flows, to the same destination, from pods within the same pod controller (Deployment/ReplicaSet) are aggregated together. | +| 3 | AnyConnectionBetweenSamePodControllers | This level of aggregation builds on the previous two levels and also groups destination pod names based on their shared prefixes. | ### Understanding aggregation level differences @@ -50,9 +50,9 @@ and `nginx-2` are created by the ReplicaSet `nginx`. The controller's name is co is on the same protocol, and destined towards the same IP, and destination port. The three flow logs without aggregation originating from `client-a` and `client-b` are combined into a single flow log. This aggregation level is called `AnyConnectionFromSameSourcePodPrefix`. -Finally, with `AnyConnectionBetweenSamePodPrefixes` we combine source and destination pods that are part of the same pod controller. With level 3, the flow logs +Finally, with `AnyConnectionBetweenSamePodControllers` we combine source and destination pods that are part of the same pod controller. With level 3, the flow logs are aggregated by the destination port and protocol, as long as they originate from pods with the same pod-prefix and destined for pods of the same -pod-prefix. All logs previously distinct, are aggregated into a single flow log (see the last row). +pod-prefix. Previously distinct logs are aggregated into a single flow log (see the last row). | | | **Src Traffic** | | | **Dst Traffic** | | | **Packet counts** | | |--------------------------|-----------|----------|---------|----------|----------|---------|----------|------------|-------------| @@ -87,7 +87,7 @@ kubectl get felixconfiguration -o yaml Before [changing the default aggregation level](../../../reference/resources/felixconfig.mdx#aggregationkind), note the following: - Although any change in aggregation level affects flow log volume, lowering the aggregation number (especially to `0` for no aggregation) will cause significant impacts to log storage. If you allow more flow logs, ensure that you provision more log storage. -- Verify that the parameters that you want to see in your aggregation level, are not already [filtered](filtering.mdx). +- Verify that the parameters that you want to see in your aggregation level are not already [filtered](filtering.mdx). ### Troubleshoot logs with aggregation levels diff --git a/calico-cloud/visibility/elastic/flow/datatypes.mdx b/calico-cloud/visibility/elastic/flow/datatypes.mdx index b5a616e6c..178958751 100644 --- a/calico-cloud/visibility/elastic/flow/datatypes.mdx +++ b/calico-cloud/visibility/elastic/flow/datatypes.mdx @@ -102,9 +102,9 @@ Where, the tier that apply to the endpoint. * `-2` means "unknown". The rule index was not recorded. -### Flow log example, with **no aggregation** +### Flow log example, with `no aggregation` -A flow log with aggregation level 0, **`no aggregation`**, might look like: +A flow log with aggregation level 0, `no aggregation`, might look like: ``` { @@ -158,9 +158,9 @@ A flow log with aggregation level 0, **`no aggregation`**, might look like: } ``` -The log shows an incoming connection reported by the "Destination" node, allowed by a policy on port 80. The **`start_time`** and **`end_time`** +The log shows an incoming connection reported by the destination node, allowed by a policy on port 80. The **`start_time`** and **`end_time`** describe the aggregation period (5 min.) During this interval, one flow (**`"num_flow": 1`**) was recorded. At higher aggregation levels, flows from endpoints performing the same operation and originating from the same Deployment/ReplicaSet are grouped into a single log. In this example, the -common source endpoints are prefixed with **`access-6b687c8dcb-`**. Parameters like **`source_ip`** may be dropped and set to **`null`** depending on +common source endpoints that are prefixed with **`access-6b687c8dcb-`**. Parameters like **`source_ip`** may be dropped and set to **`null`**, depending on the aggregation level. As aggregation levels increase, more flows will be grouped together based on your data. For more details on aggregation levels, see [configure flow log aggregation](./aggregation.mdx). \ No newline at end of file diff --git a/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/aggregation.mdx b/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/aggregation.mdx index 69af1f1fb..f20070758 100644 --- a/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/aggregation.mdx +++ b/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/aggregation.mdx @@ -24,17 +24,17 @@ depends on your deployment; we recommend reviewing aggregation levels to underst ### Aggregation types and levels -For allowed flows, the default aggregation level is 2, `AnyConnectionFromSamePodPrefix` and for denied flows the default aggregation level is 1, +For allowed flows, the default aggregation level is 2, `AnyConnectionFromSamePodController` and for denied flows the default aggregation level is 1, `AnyConnectionFromSameSourcePod`. The following table summarizes the aggregation levels by flow log traffic: -| **Level** | **Name** | **Description** | -|-----------|-------------------------------------|-------------------------------------------------------------------| -| 0 | | No aggregation | -| 1 | AnyConnectionFromSameSourcePod | Identity fields below source pod level are masked out. It means that flows, to the same destination, from processes or controllers in the same source pod, are aggregated together. | -| 2 | AnyConnectionFromSamePodPrefix | In addition to the above, source pod names are aggregated based on their shared prefixes. This means that flows, to the same destination, from pods within the same pod controller (Deployment/ReplicaSet) are aggregated together. | -| 3 | AnyConnectionBetweenSamePodPrefixes | This level of aggregation builds on the previous two levels and also groups destination pod names based on their shared prefixes. | +| **Level** | **Name** | **Description** | +|-----------|----------------------------------------|-------------------------------------------------------------------| +| 0 | | No aggregation | +| 1 | AnyConnectionFromSameSourcePod | Identity fields below source pod level are masked out. It means that flows, to the same destination, from processes or controllers in the same source pod, are aggregated together. | +| 2 | AnyConnectionFromSamePodController | In addition to the above, source pod names are aggregated based on their shared prefixes. This means that flows, to the same destination, from pods within the same pod controller (Deployment/ReplicaSet) are aggregated together. | +| 3 | AnyConnectionBetweenSamePodControllers | This level of aggregation builds on the previous two levels and also groups destination pod names based on their shared prefixes. | ### Understanding aggregation level differences @@ -50,9 +50,9 @@ and `nginx-2` are created by the ReplicaSet `nginx`. The controller's name is co is on the same protocol, and destined towards the same IP, and destination port. The three flow logs without aggregation originating from `client-a` and `client-b` are combined into a single flow log. This aggregation level is called `AnyConnectionFromSameSourcePodPrefix`. -Finally, with `AnyConnectionBetweenSamePodPrefixes` we combine source and destination pods that are part of the same pod controller. With level 3, the flow logs +Finally, with `AnyConnectionBetweenSamePodControllers` we combine source and destination pods that are part of the same pod controller. With level 3, the flow logs are aggregated by the destination port and protocol, as long as they originate from pods with the same pod-prefix and destined for pods of the same -pod-prefix. All logs previously distinct, are aggregated into a single flow log (see the last row). +pod-prefix. Previously distinct logs are aggregated into a single flow log (see the last row). | | | **Src Traffic** | | | **Dst Traffic** | | | **Packet counts** | | |--------------------------|-----------|----------|---------|----------|----------|---------|----------|------------|-------------| @@ -87,7 +87,7 @@ kubectl get felixconfiguration -o yaml Before [changing the default aggregation level](../../../reference/resources/felixconfig.mdx#aggregationkind), note the following: - Although any change in aggregation level affects flow log volume, lowering the aggregation number (especially to `0` for no aggregation) will cause significant impacts to log storage. If you allow more flow logs, ensure that you provision more log storage. -- Verify that the parameters that you want to see in your aggregation level, are not already [filtered](filtering.mdx). +- Verify that the parameters that you want to see in your aggregation level are not already [filtered](filtering.mdx). ### Troubleshoot logs with aggregation levels diff --git a/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/datatypes.mdx b/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/datatypes.mdx index b5a616e6c..178958751 100644 --- a/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/datatypes.mdx +++ b/calico-cloud_versioned_docs/version-19-1/visibility/elastic/flow/datatypes.mdx @@ -102,9 +102,9 @@ Where, the tier that apply to the endpoint. * `-2` means "unknown". The rule index was not recorded. -### Flow log example, with **no aggregation** +### Flow log example, with `no aggregation` -A flow log with aggregation level 0, **`no aggregation`**, might look like: +A flow log with aggregation level 0, `no aggregation`, might look like: ``` { @@ -158,9 +158,9 @@ A flow log with aggregation level 0, **`no aggregation`**, might look like: } ``` -The log shows an incoming connection reported by the "Destination" node, allowed by a policy on port 80. The **`start_time`** and **`end_time`** +The log shows an incoming connection reported by the destination node, allowed by a policy on port 80. The **`start_time`** and **`end_time`** describe the aggregation period (5 min.) During this interval, one flow (**`"num_flow": 1`**) was recorded. At higher aggregation levels, flows from endpoints performing the same operation and originating from the same Deployment/ReplicaSet are grouped into a single log. In this example, the -common source endpoints are prefixed with **`access-6b687c8dcb-`**. Parameters like **`source_ip`** may be dropped and set to **`null`** depending on +common source endpoints that are prefixed with **`access-6b687c8dcb-`**. Parameters like **`source_ip`** may be dropped and set to **`null`**, depending on the aggregation level. As aggregation levels increase, more flows will be grouped together based on your data. For more details on aggregation levels, see [configure flow log aggregation](./aggregation.mdx). \ No newline at end of file diff --git a/calico-enterprise/visibility/elastic/flow/aggregation.mdx b/calico-enterprise/visibility/elastic/flow/aggregation.mdx index 9fe87dd8e..2110a20e3 100644 --- a/calico-enterprise/visibility/elastic/flow/aggregation.mdx +++ b/calico-enterprise/visibility/elastic/flow/aggregation.mdx @@ -24,17 +24,17 @@ depends on your deployment; we recommend reviewing aggregation levels to underst ### Aggregation types and levels -For allowed flows, the default aggregation level is 2, `AnyConnectionFromSamePodPrefix` and for denied flows the default aggregation level is 1, +For allowed flows, the default aggregation level is 2, `AnyConnectionFromSamePodController` and for denied flows the default aggregation level is 1, `AnyConnectionFromSameSourcePod`. The following table summarizes the aggregation levels by flow log traffic: -| **Level** | **Name** | **Description** | -|-----------|-------------------------------------|-------------------------------------------------------------------| -| 0 | | No aggregation | -| 1 | AnyConnectionFromSameSourcePod | Identity fields below source pod level are masked out. It means that flows, to the same destination, from processes or controllers in the same source pod, are aggregated together. | -| 2 | AnyConnectionFromSamePodPrefix | In addition to the above, source pod names are aggregated based on their shared prefixes. This means that flows, to the same destination, from pods within the same pod controller (Deployment/ReplicaSet) are aggregated together. | -| 3 | AnyConnectionBetweenSamePodPrefixes | This level of aggregation builds on the previous two levels and also groups destination pod names based on their shared prefixes. | +| **Level** | **Name** | **Description** | +|-----------|----------------------------------------|-------------------------------------------------------------------| +| 0 | | No aggregation | +| 1 | AnyConnectionFromSameSourcePod | Identity fields below source pod level are masked out. It means that flows, to the same destination, from processes or controllers in the same source pod, are aggregated together. | +| 2 | AnyConnectionFromSamePodController | In addition to the above, source pod names are aggregated based on their shared prefixes. This means that flows, to the same destination, from pods within the same pod controller (Deployment/ReplicaSet) are aggregated together. | +| 3 | AnyConnectionBetweenSamePodControllers | This level of aggregation builds on the previous two levels and also groups destination pod names based on their shared prefixes. | ### Understanding aggregation level differences @@ -50,9 +50,9 @@ and `nginx-2` are created by the ReplicaSet `nginx`. The controller's name is co is on the same protocol, and destined towards the same IP, and destination port. The three flow logs without aggregation originating from `client-a` and `client-b` are combined into a single flow log. This aggregation level is called `AnyConnectionFromSameSourcePodPrefix`. -Finally, with `AnyConnectionBetweenSamePodPrefixes` we combine source and destination pods that are part of the same pod controller. With level 3, the flow logs +Finally, with `AnyConnectionBetweenSamePodControllers` we combine source and destination pods that are part of the same pod controller. With level 3, the flow logs are aggregated by the destination port and protocol, as long as they originate from pods with the same pod-prefix and destined for pods of the same -pod-prefix. All logs previously distinct, are aggregated into a single flow log (see the last row). +pod-prefix. Previously distinct logs are aggregated into a single flow log (see the last row). | | | **Src Traffic** | | | **Dst Traffic** | | | **Packet counts** | | |--------------------------|-----------|----------|---------|----------|----------|---------|----------|------------|-------------| @@ -87,7 +87,7 @@ kubectl get felixconfiguration -o yaml Before [changing the default aggregation level](../../../reference/resources/felixconfig.mdx#aggregationkind), note the following: - Although any change in aggregation level affects flow log volume, lowering the aggregation number (especially to `0` for no aggregation) will cause significant impacts to log storage. If you allow more flow logs, ensure that you provision more log storage. -- Verify that the parameters that you want to see in your aggregation level, are not already [filtered](filtering.mdx). +- Verify that the parameters that you want to see in your aggregation level are not already [filtered](filtering.mdx). ### Troubleshoot logs with aggregation levels diff --git a/calico-enterprise/visibility/elastic/flow/datatypes.mdx b/calico-enterprise/visibility/elastic/flow/datatypes.mdx index e41bf51a0..fa2f2aa43 100644 --- a/calico-enterprise/visibility/elastic/flow/datatypes.mdx +++ b/calico-enterprise/visibility/elastic/flow/datatypes.mdx @@ -102,9 +102,9 @@ Where, the tier that apply to the endpoint. * `-2` means "unknown". The rule index was not recorded. -### Flow log example, with **no aggregation** +### Flow log example, with `no aggregation` -A flow log with aggregation level 0, **`no aggregation`**, might look like: +A flow log with aggregation level 0, `no aggregation`, might look like: ``` { @@ -158,9 +158,9 @@ A flow log with aggregation level 0, **`no aggregation`**, might look like: } ``` -The log shows an incoming connection reported by the "Destination" node, allowed by a policy on port 80. The **`start_time`** and **`end_time`** +The log shows an incoming connection reported by the destination node, allowed by a policy on port 80. The **`start_time`** and **`end_time`** describe the aggregation period (5 min.) During this interval, one flow (**`"num_flow": 1`**) was recorded. At higher aggregation levels, flows from endpoints performing the same operation and originating from the same Deployment/ReplicaSet are grouped into a single log. In this example, the -common source endpoints are prefixed with **`access-6b687c8dcb-`**. Parameters like **`source_ip`** may be dropped and set to **`null`** depending on +common source endpoints that are prefixed with **`access-6b687c8dcb-`**. Parameters like **`source_ip`** may be dropped and set to **`null`**, depending on the aggregation level. As aggregation levels increase, more flows will be grouped together based on your data. For more details on aggregation levels, see [configure flow log aggregation](./aggregation.mdx). \ No newline at end of file diff --git a/calico-enterprise_versioned_docs/version-3.19-2/visibility/elastic/flow/aggregation.mdx b/calico-enterprise_versioned_docs/version-3.19-2/visibility/elastic/flow/aggregation.mdx index 9fe87dd8e..2110a20e3 100644 --- a/calico-enterprise_versioned_docs/version-3.19-2/visibility/elastic/flow/aggregation.mdx +++ b/calico-enterprise_versioned_docs/version-3.19-2/visibility/elastic/flow/aggregation.mdx @@ -24,17 +24,17 @@ depends on your deployment; we recommend reviewing aggregation levels to underst ### Aggregation types and levels -For allowed flows, the default aggregation level is 2, `AnyConnectionFromSamePodPrefix` and for denied flows the default aggregation level is 1, +For allowed flows, the default aggregation level is 2, `AnyConnectionFromSamePodController` and for denied flows the default aggregation level is 1, `AnyConnectionFromSameSourcePod`. The following table summarizes the aggregation levels by flow log traffic: -| **Level** | **Name** | **Description** | -|-----------|-------------------------------------|-------------------------------------------------------------------| -| 0 | | No aggregation | -| 1 | AnyConnectionFromSameSourcePod | Identity fields below source pod level are masked out. It means that flows, to the same destination, from processes or controllers in the same source pod, are aggregated together. | -| 2 | AnyConnectionFromSamePodPrefix | In addition to the above, source pod names are aggregated based on their shared prefixes. This means that flows, to the same destination, from pods within the same pod controller (Deployment/ReplicaSet) are aggregated together. | -| 3 | AnyConnectionBetweenSamePodPrefixes | This level of aggregation builds on the previous two levels and also groups destination pod names based on their shared prefixes. | +| **Level** | **Name** | **Description** | +|-----------|----------------------------------------|-------------------------------------------------------------------| +| 0 | | No aggregation | +| 1 | AnyConnectionFromSameSourcePod | Identity fields below source pod level are masked out. It means that flows, to the same destination, from processes or controllers in the same source pod, are aggregated together. | +| 2 | AnyConnectionFromSamePodController | In addition to the above, source pod names are aggregated based on their shared prefixes. This means that flows, to the same destination, from pods within the same pod controller (Deployment/ReplicaSet) are aggregated together. | +| 3 | AnyConnectionBetweenSamePodControllers | This level of aggregation builds on the previous two levels and also groups destination pod names based on their shared prefixes. | ### Understanding aggregation level differences @@ -50,9 +50,9 @@ and `nginx-2` are created by the ReplicaSet `nginx`. The controller's name is co is on the same protocol, and destined towards the same IP, and destination port. The three flow logs without aggregation originating from `client-a` and `client-b` are combined into a single flow log. This aggregation level is called `AnyConnectionFromSameSourcePodPrefix`. -Finally, with `AnyConnectionBetweenSamePodPrefixes` we combine source and destination pods that are part of the same pod controller. With level 3, the flow logs +Finally, with `AnyConnectionBetweenSamePodControllers` we combine source and destination pods that are part of the same pod controller. With level 3, the flow logs are aggregated by the destination port and protocol, as long as they originate from pods with the same pod-prefix and destined for pods of the same -pod-prefix. All logs previously distinct, are aggregated into a single flow log (see the last row). +pod-prefix. Previously distinct logs are aggregated into a single flow log (see the last row). | | | **Src Traffic** | | | **Dst Traffic** | | | **Packet counts** | | |--------------------------|-----------|----------|---------|----------|----------|---------|----------|------------|-------------| @@ -87,7 +87,7 @@ kubectl get felixconfiguration -o yaml Before [changing the default aggregation level](../../../reference/resources/felixconfig.mdx#aggregationkind), note the following: - Although any change in aggregation level affects flow log volume, lowering the aggregation number (especially to `0` for no aggregation) will cause significant impacts to log storage. If you allow more flow logs, ensure that you provision more log storage. -- Verify that the parameters that you want to see in your aggregation level, are not already [filtered](filtering.mdx). +- Verify that the parameters that you want to see in your aggregation level are not already [filtered](filtering.mdx). ### Troubleshoot logs with aggregation levels diff --git a/calico-enterprise_versioned_docs/version-3.19-2/visibility/elastic/flow/datatypes.mdx b/calico-enterprise_versioned_docs/version-3.19-2/visibility/elastic/flow/datatypes.mdx index e41bf51a0..fa2f2aa43 100644 --- a/calico-enterprise_versioned_docs/version-3.19-2/visibility/elastic/flow/datatypes.mdx +++ b/calico-enterprise_versioned_docs/version-3.19-2/visibility/elastic/flow/datatypes.mdx @@ -102,9 +102,9 @@ Where, the tier that apply to the endpoint. * `-2` means "unknown". The rule index was not recorded. -### Flow log example, with **no aggregation** +### Flow log example, with `no aggregation` -A flow log with aggregation level 0, **`no aggregation`**, might look like: +A flow log with aggregation level 0, `no aggregation`, might look like: ``` { @@ -158,9 +158,9 @@ A flow log with aggregation level 0, **`no aggregation`**, might look like: } ``` -The log shows an incoming connection reported by the "Destination" node, allowed by a policy on port 80. The **`start_time`** and **`end_time`** +The log shows an incoming connection reported by the destination node, allowed by a policy on port 80. The **`start_time`** and **`end_time`** describe the aggregation period (5 min.) During this interval, one flow (**`"num_flow": 1`**) was recorded. At higher aggregation levels, flows from endpoints performing the same operation and originating from the same Deployment/ReplicaSet are grouped into a single log. In this example, the -common source endpoints are prefixed with **`access-6b687c8dcb-`**. Parameters like **`source_ip`** may be dropped and set to **`null`** depending on +common source endpoints that are prefixed with **`access-6b687c8dcb-`**. Parameters like **`source_ip`** may be dropped and set to **`null`**, depending on the aggregation level. As aggregation levels increase, more flows will be grouped together based on your data. For more details on aggregation levels, see [configure flow log aggregation](./aggregation.mdx). \ No newline at end of file