While analyzing flow telemetry, adding filters and/or facets to the sankey diagram results in an error that no data could be found.
Error found while analyzing flow telemetry.
This error occurs when the underlying NRQL query generated by the filters and/or facets applied to the sankey diagram do not contain the telemetry needed to render the chart.
When rendering the sankey chart, an underlying NRQL query is dynamically created that has specific dependencies based on the user's selections. At a minimum, there is a requirement that the flow records found will contain the following fields:
provider = 'kentik-flow-device'
in_pkts, depending on if you've selected the Byte traffic or Packet traffic toggle for the chart
The user's selection of facets will also be required. For example, in the screenshot above, the fields
CustomBytes2 do not exist on the flow records for the conversation using the source and destination IP addresses in the filter.
To solve this problem, first investigate the underlying NRQL query for your sankey chart by selecting the View query action in the upper right icon of the chart and identify any fields that return null or empty values from your query. The next step would be to update the flow template on your flow exporter to ensure that all of the necessary fields are being sent into the ktranslate agent as expected.