OverviewQuick StartUser InterfaceFAQLogicMonitor LogicModulesSupportSQL QueriesSyncing With MerakiMeraki EstateAdministratorsAP SSIDsAppliance VLANsChange HistoryClient HistoryClientsConfig TemplatesDevice HistoryDevicesFloor PlansNetworksNetwork EventsOrganizationsPortsSensor DataVPN PeersWAN UsageWireless FailuresAdminMac VendorsOrganizations
Meraki DataMagic - Network Events
A Network may contain events, such as client connections, client disconnections, etc. The number of such events may be VERY high and so for performance reasons we recommend that you use this features as follows:
- Select a different entity type (e.g. Network) in the menu
- Select just the Network of interest in the Estate Tree
- Finally selecting "Network Events" in the menu
- Select just the time range you are interested in.
For smaller estates, you may choose to select Network Events from multiple networks, but this is not recommended unless you are also selecting a narrow time range.
Network Events User Interface
The top part of the Network Events page shows a small timeline and a graph relating to the table below.
To have the graph display a zoomed area, drag to select an area of the timeline:
Hover over the graph to see actual values:
Use the various settings and configuration options to display the data as required including:
- Event types
- View mode
- Labels
- Top N
Additionally you can create your chart into a widget or download it as a image to add to a presentation.
The lower part of the page is a table of information which can be searched, filtered, sorted, viewed, and downloaded. Filter by Organization, Network Group, Network etc. using the left hand pane.
Click the Columns button to select which are shown in the table.
About Network Event data collection
Network Event collection is a huge task and can be very time consuming, particularly for larger Organizations and Networks.
DataMagic retrieves ALL network events as part of the round robin, and stores them in the NetworkEvents table. Events are collected after a late arrival window and are written to the NetworkEvents table in batches of one hour. For this reason, the NetworkEvents table will have "missing" data for the last few hours. When it observes them, DataMagic automatically adds new Network Event Types (the types of events that can occur on a network).
When adding a Network for the first time, for example when adding a new Organization, it can take several hours or even days to catch up with Network Event collection.
Table definitions
Meraki DataMagic retain the raw events in partitioned tables. However, this represents huge amounts of data, inefficient for graphing. To address this, Meraki DataMagic makes that data available in partitioned aggregation tables. Additionally, there is a NetworkEventTypes table, which stores dimensional information. All these tables are documented below:
| Name | Type | Description |
|---|---|---|
| Id | uuid | Unique identifier for the entity record |
| Type | text | Unique identifier string for the type of network event |
| Category | text | Category classification for grouping related event types |
| Description | text | Human-readable description explaining what this event type represents |
| Created | timestamp with time zone | Timestamp when the record was initially created in the system |
| LastModified | timestamp with time zone | Timestamp when the record was last modified or updated |
| Name | Type | Description |
|---|---|---|
| Id | uuid | Unique identifier for the entity record |
| NetworkId | uuid | Foreign key reference to the Network where this event occurred |
| ClientId | character varying(16) | Unique identifier for the client device that triggered this event |
| DeviceSerial | character varying(16) | Serial number of the device where the event occurred |
| EventDataAid | bigint | Association ID (AID) value for wireless association events |
| EventDataChannel | text | Wireless channel number or network interface for the event |
| EventDataClientIp | character varying(40) | IP address of the client involved in the event |
| EventDataRadio | integer | Radio interface number for wireless events |
| EventDataRssi | integer | Received Signal Strength Indicator in dBm for wireless events |
| EventDataVap | integer | Virtual Access Point (VAP) identifier for wireless events |
| OccurredAt | timestamp with time zone | Timestamp when the network event occurred |
| SsidName | character varying(32) | Service Set Identifier (SSID) name for wireless network events |
| SsidNumber | integer | SSID number identifier for wireless network events |
| Type | character varying(64) | Type of network event (association, disassociation, auth_fail, etc.) |
| Created | timestamp with time zone | Timestamp when the record was initially created in the system |
| LastModified | timestamp with time zone | Timestamp when the record was last modified or updated |
| MacVendorId | uuid | Foreign key reference to the MAC vendor information for the client device |
| NetworkClientId | uuid | Foreign key reference to the NetworkClient record associated with this event |
| ClientDescription | text | Human-readable description of the client device |
| EventDataArpResponse | double precision | ARP response time in seconds for network connectivity events |
| EventDataArpSource | character varying(40) | Source MAC address for ARP-related network events |
| EventDataAttr | character varying(256) | Additional attributes associated with the event |
| EventDataAuthenticationNegotiationDurationSeconds | double precision | Authentication negotiation duration in seconds for wireless events |
| EventDataBand | character varying(10) | Wireless frequency band (2.4GHz, 5GHz, 6GHz) for radio events |
| EventDataClientMac | character varying(20) | MAC address of the client device involved in the event |
| EventDataDhcpIp | character varying(40) | IP address assigned via DHCP for network assignment events |
| EventDataDhcpLeaseCompleted | double precision | DHCP lease completion time in seconds |
| EventDataDhcpResponse | double precision | DHCP server response time in seconds |
| EventDataDhcpServer | character varying(40) | IP address of the DHCP server handling the request |
| EventDataDhcpServerMac | character varying(20) | MAC address of the DHCP server |
| EventDataDuration | double precision | Duration of the event or connection in seconds |
| EventDataFullConn | double precision | Full connection establishment time in seconds |
| EventDataGroup | character varying(256) | Group or policy name associated with the event |
| EventDataHttpResponse | double precision | HTTP response time in seconds for web connectivity events |
| EventDataIdentity | character varying(128) | Identity or username associated with the authentication event |
| EventDataInstigator | integer | Instigator code indicating what triggered the event |
| EventDataIpResponse | double precision | IP layer response time in seconds |
| EventDataIpSource | character varying(40) | Source IP address for network traffic events |
| EventDataIs8021x | boolean | Indicates whether 802.1x authentication was used |
| EventDataLastAuthAgo | double precision | Time elapsed since last authentication in seconds |
| EventDataLastKnownClientIp | character varying(40) | Last known IP address of the client |
| EventDataReason | character varying(40) | Reason code or description for disconnection or failure events |
| EventDataRoundTripTime | character varying(20) | Round trip time for network latency measurements |
| EventDataAlarmId | integer | Alarm identifier for security or monitoring events |
| EventDataBssid | character varying(20) | Basic Service Set Identifier (BSSID) for wireless network events |
| EventDataDevice | character varying(20) | Device identifier where the event originated |
| EventDataDosCount | integer | Denial of Service attack count for security events |
| EventDataDst | text | Destination address or endpoint for network traffic events |
| EventDataInterArrival | integer | Inter-arrival time between packets in milliseconds |
| EventDataPacket | character varying(40) | Packet identifier or sequence number for network traffic analysis |
| EventDataState | character varying(20) | State information for connection or authentication events |
| Name | Type | Description |
|---|---|---|
| Id | uuid | Unique identifier for the entity record |
| NetworkId | uuid | Foreign key reference to the Network where these aggregated events occurred |
| OccurredAtHour | timestamp with time zone | Hour timestamp for which events are aggregated (beginning of hour) |
| Type | character varying(64) | Type of network events being aggregated |
| Count | integer | Total count of individual network events aggregated in this record |
| Created | timestamp with time zone | Timestamp when the record was initially created in the system |
| LastModified | timestamp with time zone | Timestamp when the record was last modified or updated |
| EventDataArpResponseCount | integer | Number of events with ARP response time measurements |
| EventDataArpResponseSum | double precision | Sum of all ARP response times in seconds for this aggregation period |
| EventDataAuthenticationNegotiationDurationSecondsCount | integer | Number of events with authentication negotiation duration measurements |
| EventDataAuthenticationNegotiationDurationSecondsSum | double precision | Sum of all authentication negotiation durations in seconds |
| EventDataDhcpLeaseCompletedCount | integer | Number of events with DHCP lease completion time measurements |
| EventDataDhcpLeaseCompletedSum | double precision | Sum of all DHCP lease completion times in seconds |
| EventDataDhcpResponseCount | integer | Number of events with DHCP response time measurements |
| EventDataDhcpResponseSum | double precision | Sum of all DHCP response times in seconds |
| EventDataDosCountCount | integer | Number of events with denial of service count data |
| EventDataDosCountSum | integer | Sum of all denial of service attack counts |
| EventDataDurationCount | integer | Number of events with duration measurements |
| EventDataDurationSum | double precision | Sum of all event durations in seconds |
| EventDataFullConnCount | integer | Number of events with full connection time measurements |
| EventDataFullConnSum | double precision | Sum of all full connection establishment times in seconds |
| EventDataHttpResponseCount | integer | Number of events with HTTP response time measurements |
| EventDataHttpResponseSum | double precision | Sum of all HTTP response times in seconds |
| EventDataIpResponseCount | integer | Number of events with IP response time measurements |
| EventDataIpResponseSum | double precision | Sum of all IP layer response times in seconds |
| MacVendorPriority | integer | Priority level of the MAC vendor for aggregation ordering |
