Queryables Overview

1: Metric Queryables
2: Table Queryables

Overview

Queryables are S2AP entities that can be used with the S2 Query Language (S2QL). Queryables are generated from various sources the S2AP platform ingests and integrates through multiple pipelines in the platform. For supported integrations, see the Selector Public documentation.

Queryables can be rendered in various ways for the best visualization purpose. For more details and options for the various renderings see the Data Rendering Section in the S2QL user guide.

The Selector platform comes pre-populated with several queryables that can be used to build insightful and actionable dashboards.

Queryables follow established naming conventions:

_health: This prefix presents metrics on the health of a resource
_health_by_kpi: This prefix presents metrics on the health of a resource by KPI
_status prefix: This prefix presents metrics on the status of a resource
_rate prefix: This prefix presents metrics on the rate a resource is changing
_utilization: This prefix presents metrics on the utilization of a resource
_events: This prefix presents event tables
_topology : This prefix presents topology tables
_inventory: This prefix presents inventory tables

Listing Queryables in Your Deployment

You can list the queryables available for your S2AP deployment by doing the following:

Go to the query builder on the S2AP UI.

Query Builder S2Ap UI

Click on the query builder edit button.

Query Builder S2Ap UI

Click on Export list to get a full CSV list of available queryables for the deployment.

Query Builder S2Ap UI

Key Queryables

There are certain Key Queryables that generate tables or metrics. These key queryables are available in the Selector system for querying a device, an interface, overall site health, the inventory, and logs.

These key queryables have been organized into two tables for Metric and Table results to make it easier to find specific queries and outputs.

Note: The queryables described in these tables are not an exhaustive list of all queryables that the platform supports out of the box. Depending on the deployment integrations and configurations, there can be additional ones. Generate the full queryables list from your deployment for all supported types.

Queryables Details

1 - Metric Queryables

Selector Queryable Metrics

These are queryables that return metrics.

Metric Queryables

Metric Queryable	Queryable Category	Description	Key usage	Typical Render Views
availability	Device Reachability	Tracks the availability when devices are pinged using ICMP	Verify device reachability: operators use this to monitor device ICMP reachability	Honeycomb, line-plot
bgp_device_health	BGP Status	Aggregate metric that indicates the health status of devices participating in BGP routing	BGP Monitoring: Used to monitor the status of BGP devices to identify and troubleshoot issues	Honeycomb, line-plot
bgp_flap_rate	BGP Status	Aggregate metric that indicates the BGP flap rate in a time period	BGP Monitoring: Used to monitor the BGP link/interface flap rate to identify and troubleshoot BGP issues.	Honeycomb, line-plot
bgp_peer_downtime	BGP Status	Aggregate metric that tracks the BGP peer down time to monitor the health status of BGP	BGP Monitoring: Used to monitor the status of BGP devices to identify and troubleshoot issues	Honeycomb, line-plot
bgp_peer_state	BGP Status	Metric that indicates the health status of a BGP peer	BGP Monitoring: Used to monitor the status of BGP devices to identify and troubleshoot issues.	Honeycomb, line-plot
bgp_peer_status_by_kpi	BGP Status	Aggregate metric that indicates the overall health status of BGP by KPI	BGP Monitoring: Used to monitor the status of BGP devices by KPI to identify and troubleshoot issues.	Honeycomb, line-plot
circuit_health	Circuit Health	Tracks the health of Layer 2 circuits	Circuit Monitoring: Monitors circuit health	Honeycomb, line-plot
cpu_usage	Device Health	Tracks the CPU usage of devices.	Detailed Device Health monitoring: Allows operators to monitor device CPU usage to prevent device health degradation.	Honeycomb, line-plot
device_availability	Device Reachability	Tracks the availability when devices are pinged using ICMP	Verify device reachability: operators use this to monitor device ICMP reachability	Honeycomb, line-plot
device_harddown_health	Device Health	Indicates if a device is “hard down” i.e. completely unreachable. This is a critical device liveness, health check via SNMP , ICMP. indicator,	Overall device Health monitoring: Operators monitor devices, and when a device is confirmed to be unreachable via SNMP and ICMP, a high severity alert is typically triggered	Honeycomb, line -plot
device_health	Device Health	Aggregate health metric showing overall health status of devices. It aggregates various health signals (such as SNMP, ICMP, CPU, memory etc.) to provide a single health status (e.g., Green/Healthy, Red/Unhealthy)	Overall device Health monitoring: primary metric to monitor overall operational state of the device network fleet	Honeycomb, line-plot
device_health_by_kpi	Device Health	Aggregate metric that shows device health status based on specific Key Performance Indicators (KPIs) such as CPU, port, memory, power etc. The value of this metric is derived based on the health of the individual KPIs, and 0 indicates healthy (green), 1 indicates unhealthy (red)	Device Health monitoring: Allows operators to identify the specific KPI (CPU, Health, Memory, Interface, Disk, BGP etc.) causing a device health degradation.	Honeycomb, line -plot
device_health_rollup	Device Health			Honeycomb, line-plot
device_inventory_presence	Device Inventory	Count of number of devices present grouping devices together by model, product	Device Inventory Monitoring: Operators use it to monitor device inventory such as count of devices	Honeycomb, line-plot
device_ping_availability	Device Reachability	Tracks availability status of devices based on Pingmesh (ICMP ping) results. It tracks the reachability of devices from various probes. Values include: - -1: Unreachable - 0: No Loss (Healthy) - 1: Total Loss	Verify Network reachability: Operators monitor devices, and when a device is confirmed to be unreachable ICMP, a high severity alert is typically triggered	Honeycomb, line-plot
device_ping_health	Device Reachability	Derived metric that is derived from ping availability metrics and feeds into device health and KPI	Verify device reachability: operators use this to monitor device ICMP reachability health	Honeycomb, line-plot
device_power_status	Device Health	Metric that tracks the status of device power	Device Health Monitoring	Honeycomb, line-plot
device_reset_health	Device Health	Metric that tracks if a device got reset ie device crash or device rebooted	Device Health Monitoring: Allows operators to monitor if a device got reset (crash or restart)	Honeycomb, line-plot
device_snmp_availability	Device Reachability	Tracks the availability of devices for SNMP	Verify device reachability: operators use this to monitor device SNMP reachability	Honeycomb, line-plot
device_temperature_f_health	Device Health	Metric that tracks the device temperature in farenheit	Device Health Monitoring	Honeycomb, line-plot
disk_device_health	Device Health	Tracks the disk health of devices.	Detailed Device Health monitoring: Allows operators to monitor disk health to prevent device health degradation.	Honeycomb, line-plot
ec2_instance_health	EC2 instance health	Metric that tracks EC2 instance health	EC2 Monitoring: Operators monitor the health of their EC2 instances running in AWS public cloud.	Honeycomb, line-plot
ec2_instance_health_by_kpi	EC2 instance health	Metric that tracks EC2 instance health by KPI	EC2 Monitoring: Operators monitor the health of their EC2 instances running in AWS public cloud.	Honeycomb, line-plot
if_admin_oper_status	Interface Health	Aggregate metric that shows agregate of the admin status and operational status of a port (up/down).	Interface Health monitoring: Used to monitor the operational status of network interfaces by various KPIs	Honeycomb, line-plot
if_flap	Interface Health	Shows the count of Interface flaps	Interface Health monitoring: Used to monitor interface flaps	Honeycomb, line-plot
if_host_status	Interface Health	Shows the status of the host that the interface belongs to?	Interface Health monitoring: Used to monitor interface flaps	Honeycomb, line-plot
if_in_errors	Interface Health	Shows the count of interface inbound errors	Interface Health monitoring: Used to monitor interface errors	Honeycomb, line-plot
if_in_utilization	Interface Health	Shows interface inbound traffic utilization/throughput	Interface Health monitoring: Used to monitor interface utilization	Honeycomb, line-plot
if_out_errors	Interface Health	Shows the count of interface outbound errors	Interface Health monitoring: Used to monitor interface errors	Honeycomb, line-plot
if_out_utilization	Interface Health	Shows interface outbound traffic utilization/throughput	Interface Health monitoring: Used to monitor interface utilization	Honeycomb, line-plot
if_status	Interface Health	Metric that indicates the status of an interface - good (interface up) , bad (interface down/some issue). Values: 0 (Good), 1 (Bad).	Interface Health monitoring: Used to monitor the operational status of network interfaces	Honeycomb, line-plot
if_status_by_kpi	Interface Health	Interface health status based on specific Key Performance Indicators (KPIs). Shows health of kpis for an interface	Interface Health monitoring: Used to monitor the operational status of network interfaces by various KPIs	Honeycomb, line-plot
ipsla_device_health	IPSLA	Metric that monitors of IP SLA device health analysing traffic metrics like jitter, latency, packet loss etc.	IP SLA monitoring: Operators monitor IP SLA traffic metrics like latency, jitter, packet loss to track the state of their devices, and network.	Honeycomb, line-plot
jitter	Device Reachability	Tracks the jitter when devices are pinged	Verify device reachability: operators use this to monitor device reachability health. When there is high jitter, the device connectivity has issues.	Honeycomb, line-plot
l3vpn_vrf_device_status	L3vpn device status	Metric that tracks the L3VPN device status	L3VPN monitoring: Operators monitor the L3VPN VRF status of devices	Honeycomb, line-plot
l3vpn_vrf_status		Metric that trcks the L3VPN status	L3VPN monitoring: Operators monitor the L3VPN VRF status of devices	Honeycomb, line-plot
latency	Device Reachability	Tracks the latency when devices are pinged	Verify device reachability: operators use this to monitor device reachability health. When there is high latency the device connectivity has issues.	Honeycomb, line-plot
link_monitor_device_health_by_kpi	Link Health	Metric that tracks the state of a link based on KPIs to understand the health of the device.	Link Monitoring: Operators monitor the state of links by KPIs to detect issues in their device health proactively	Honeycomb, line-plot
link_monitor_state	Link Health	Metric that tracks the state of a link	Link Monitoring: Operators monitor the state of links to detect issues in their network, data centers proactively	Honeycomb, line-plot
lldp_session_status_by_kpi	LLDP	Metric that tracks the status of LLDP sessions by KPIs	LLDP Monitoring: Operators monitor LLDP session status by KPIs undestand the state of their network and devices	Honeycomb, line-plot
log_counts	Logs	Metric that counts the total volume of raw logs	Log Monitoring	Honeycomb, line-plot
memory_usage	Device Health	Tracks the memory usage of devices.	Detailed Device Health monitoring: Allows operators to monitor device memory usage to prevent device health degradation.	Honeycomb, line-plot
ospf_device_health	OSPF status	Aggregate metric that indicates the health status of devices participating in OSPF	OSPF Monitoring: Used to monitor the status of OSPF devices to identify and troubleshoot issues.	Honeycomb, line-plot
ospf_if_status	OSPF status	Aggregate metric that indicates the health status of interfaces of devices participating in OSPF	OSPF Monitoring: Used to monitor the status of OSPF device interfaces to identify and troubleshoot issues.	Honeycomb, line-plot
ospf_nbr_state	OSPF status	Metric that indicates the health status of an OSPF neighbor	OSPF Monitoring: Used to monitor the status of OSPF devices to identify and troubleshoot issues.	Honeycomb, line-plot
ospf_status_by_kpi	OSPF status	Aggregate metric that indicates the health status of devices participating in OSPF by KPI	OSPF Monitoring: Used to monitor the status of OSPF devices by KPI to identify and troubleshoot issues.	Honeycomb, line-plot
packet_loss_pct	Device Reachability	Tracks the packet loss when devices are pinged	Verify device reachability: operators use this to monitor device reachability health. When there is 100% packet loss, the device is unreachable	Honeycomb, line-plot
port_device_health	Port Health	Metric that monitors the health of a port to catch device health issues proactively	Device Port Monitoring: Operators monitor port health of devices to catch issus proactively	Honeycomb, line-plot
power_supply_state	Power Supply state	Metric that monitors the state of the power supply	Power Supply Monitoring: Operators monitor the health of power supplies to get proactive notification on issues so that they can prevent broader outages (server, devices, networks etc. )	Honeycomb, line-plot
rollup_if_utilization	Interface Health	Rollup metric that shows interface utilization	Interface Health monitoring: Used to monitor interface utilization , used in capacity reports	Honeycomb, line-plot
sd_wan_device_health	Sdwan Health	Metric that tracks the health of Sdwan devices	Sdwan monitoring: Operators can monitor the health of Sdwan devices	Honeycomb, line-plot
site_bgp_status	Site BGP Status	Aggregate metric that indicates the BGP status of a site, based on the aggregate of all BGP devices in that site	BGP Monitoring: BGP Monitoring at site level to identify and troubleshoot issues.	Honeycomb, line-plot
site_harddown_health	Site Health	Aggregate metric that indicates if a site is “hard down” i.e. all devices in the site are completely unreachable. This is a critical device liveness, health check via SNMP , ICMP	Overall Site Health monitoring: Operators monitor health of the overall site, based on the aggregate of health of all devices in that site. When an entire site is unreachable (because all devices are unreachable via SNMP and ICMP), a high severity alert is typically triggered.	Honeycomb, line-plot
site_health	Site Health	Aggregate health metric showing overall health status of site. It aggregates various health signals to provide a single status for site health (e.g., Green/Healthy, Red/Unhealthy)	Overall Site Health monitoring: Operators monitor health of the overall site, based on the aggregate of health of all devices in that site When an entire site is unreachable (because all devices are unreachable via SNMP and ICMP), a high severity alert is typically triggered.	Honeycomb, line-plot
site_health_by_kpi	Site Health	Aggregate health metric showing overall health status of site KPIs. It aggregates various KPI signals to provide a single status for site KPI health (e.g., Green/Healthy, Red/Unhealthy) Shows health of KPIs for a site	Overall Site Health monitoring: Operators monitor health of the overall site KPIs, based on the aggregate of health of all KPIs for that site.	Honeycomb, line-plot
sys_uptime	System Health	Metric that tracks system uptime - time since the device has been up.	Device monitoring	Honeycomb, line-plot
tunnel_status_by_device	Tunnel Status	Metric that tracks IPSec tunnel up/down status for a device. Tunnel up is red, Tunnel down is green	Tunnel Status:	Honeycomb, line-plot
wilc_ap_failed_count	Wireless Monitoring	Metric that tracks the failed Access Point (AP) count	Wireless Monitoring: Operators use this to monitor their wireles devices (AP, Wireless lan controller) . Single pane, unified view across wireless and wired with Selector	Honeycomb, line-plot
wlc_ap_connect_count	Wireless Monitoring	Metric that tracks the cconnected Access Point (AP) count	Wireless Monitoring: Operators use this to monitor their wireles devices (AP, Wireless lan controller) . Single pane, unified view across wireless and wired with Selector	Honeycomb, line-plot
wlc_max_clients_count	Wireless Monitoring	Metric that tracks the count of max clients connected to an Access Point (AP)	Wireless Monitoring: Operators use this to monitor their wireles devices (AP, Wireless lan controller) . Single pane, unified view across wireless and wired with Selector	Honeycomb, line-plot

2 - Table Queryables

Selector Queryables Table

These are queryables that return tables.

Table Queryables

Table Queryable	Queryable Category	Description	Key usage	Typical Render Views
audit_logs	Audit logs	Table of Audit logs	Auditing and compliance Monitoring: Trackers users, and their key actions on S2AP and timestamps.	Table
configs_diff	Config change monitoring	Tracks if a device config has changed from a previous snapshot. Ex. Ip address changed of a device	Configuration change monitoring: Operators can monitor configuration changes to be able to pin point causes of issues.	Honeycomb, line-plot
correlation_events	Correlated Insights	Table that stores correlated events metadata, the records in this table are correlated and anchored by specific labels to improve event grouping.	Correlated Insights: Used to monitor correlated events to get a comprehensive view of root cause of issues	Table
correlations_summary	Correlated Insights	Table that stores the summary of correlated events used in the correlations graph and dashboards		Table
device_event_patterns	Device Events	Table that stores structured log event patterns from networking devices. Event patterns are categorized as .. to facilitate trend analysis and automated correlation.	Log Pattern Analysis: Used for analysing network event patterns from logs	Table
device_events_ml	Device Events	Table that stores structured log event stream from networking devices that have been processed and modeled using Machine Learning. Unlike raw logs, these events are categorized (e.g., Interface Flap, BGP Peer Down) to facilitate trend analysis and automated correlation.	Log Pattern Analysis: Used for analysing network event patterns from logs	Table
device_events_pattern_groups	Device Events	Table that stores structured log event patterns and groups from networking devices. Event pattern groups are categorized to facilitate trend analysis and automated correlation.	Log Pattern Analysis: Used for analysing network event patterns from logs	Table
device_logs	Device Logs	Table that stores the raw logs ingested from the network devices. This contains the original log messages, timestamps, and severity levels without the ML modeling layer.	Raw logs analysis and troubleshooting	Honeycomb, line-plot
devicediscovery	Device Discovery	Table that contains the raw device discovery inventory		Table
interface_database_inventory	Interface Inventory	Metastore Inventory table containing detailed information about network interfaces. It provides metadata such as interface names, descriptions, speeds, types, and connected remote devices.	Contextualize interface metrics with interface config metadata	Table
ipsec_logs				Table
ipsec_reason_events_ml	IPSec state	Table that stores IPsec events information		Table
isp_inventory	ISP Inventory Table	Table that stores key isp information for devices	ISP inventory:	Table
layer2_topology	Layer 2 Topology	Table containing Layer 2 topology data.	Layer 2 Topology Inventory	Table, Topology map
lldp_table	LLDP	Table that holds LLDP inventory (Link Layer Discovery Protocol)	LLDP Monitoring: Operators use LLDP to discover device topologies, and build a topology map	Table
s2_device_inventory	Device Inventory	Metastore inventory table containing detailed metadata about all network devices. It serves as the source of truth for device attributes like Vendor, Model, Operating System, Site, Location, and Roles.	Contextualize metrics and logs with device metadata	Table
s2_if_metatags	Interface Metadata	Interface metadata?		Table
s2_query_trace	Query Metadata	This table stores query details such as S2QL or Natural Language queries, usage metrics, user who executed the query and the time to return a response.	Query monitoring: Operators use this to track details around the queries being executed by users, their usage and the performance of those queries	Table
s2_snow_incidents	Service Now Incidents	Table that stores the SNOW incidents data	SNOW Incident monitoring	Table
s2_snow_incidents_analysis	Service Now Incidents	Table that has Service Now Incidents data for incident analysis dashboards	SNOW Incident monitoring	Table
s2_snow_inventory	Service Now Incidents	Table that stores the SNOW incidents data	SNOW Incident monitoring	Table
snmptrap_default_event	SNMP Traps	Landing table for initial ingestion of SNMP traps	SNMP Trap monitoring	Table
synthetics_topology	Synthetics	Table that has the synthetics probe inventory.		Table
sys_logs	Device Logs	Table that stores the raw system log stream ingested from the network devices. This stream contains the original log messages, timestamps, and severity levels without the ML modeling layer.	Raw logs analysis and troubleshooting	Honeycomb, line-plot
topology_bgp	Topology State	Table that stores BGP topology data	Topology State: Operators use this to get BGP Topology information	Table, Topology Map
topology_isis	Topology State	Table that stores ISIS topology data	Topology State: Operators use this to get ISIS Topology information.	Table, Topology Map
topology_l3vpn	Topology State	Table that stores L3VPN topology data	Topology State: Operators use this to get L3VPN Topology information.	Table, Topology Map
topology_ldp	Topology State	Table that stores LDP topology data	Topology State: Operators use this to get LDP Topology information.	Table, Topology Map
topology_ospf	Topology State	Table that stores OSPF topology data	Topology State: Operators use this to get OSPF Topology information.	Table, Topology Map