“Can’t Reach the App” Troubleshooting Guide

Dashboards: kibana-8.14.x-flow-codex.ndjson

All filtering is done with the builtin dropdown controls. Selecting an item adds a blue filter pill that persists as you move between dashboards.

0 Set the Scene

Analytics → Dashboard in Kibana.
Time‑picker → set to the period when users reported the failure (e.g. “Last 30 minutes”).

The workflow follows the menu bar visible at the top of each dashboard:

1 Top‑N → Top Applications (Do any flows exist?)

Menu path: Top‑N ▸ ElastiFlow (flow): Top Applications

Step

What to do

Why

Open Top Applications.

—

In the control “Exporter, Locality, Application – input list” start typing the application name or port, tick it, then Apply.

Adds a blue filter pill that scopes every subsequent dashboard.

Inspect the stacked‑area charts Throughput / Applications (bits/s)

Flat line = no flows exported → jump to § 4 (network path). Traffic visible? continue to § 2.

2 Flow Records → Flow Records (src/dst) (Did flow volume dive?)

Menu path: Flow Records ▸ ElastiFlow (flow): Flow Records (src/dst)

Look at

Why it matters

Flow Records/s (src/dst) line chart

A sudden drop or spike pins the exact time flows stopped or started.

Flow Record Count (src/dst) metric

Quick numerical cross‑check that should match the chart.

If flows fall to zero here, the exporter never saw the sessions – a network or firewall device is blocking. Proceed to § 4.

3 Flows → Flows (src/dst) (Are replies returning? Are sessions established?)

Menu path: Flows ▸ ElastiFlow (flow): Flows (src/dst)

Step

What to do

Diagnostic meaning

Open Flows (src/dst).

—

Optional: In “Destination IP input list” choose the server IP, then Apply. Otherwise, the already applied app name filter will suffice. Clone the tab here. Now, set Source IP to the server IP.

Narrows the Sankey to the affected host(s).

Examine the Sankey “Flows (src/dst)”.

If you see traffic going to and from the server in both directions (src→dst & dst→src) ⇒ replies arrive ⇒ handshake OK ⇒ likely application tier. **One‑way only** ⇒ replies missing ⇒ **network return‑path** problem.

Use the embedded “Session Established” dropdown → select No → Apply.

Filters to half‑open TCP attempts. • A surge when the incident began ⇒ SYNs sent but SYN‑ACKs not returned ⇒ **network issue**. • No surge ⇒ handshake completes; see § 4 A for deeper app clues.

Leave the Session Established filter set to No or Yes as you pivot to other dashboards—the blue cell persists.

4 Locate the Culprit

4 A If clues point to the Application

Menu Traffic Details ▸ ElastiFlow (flow): Traffic Details (attributes)
(Optional) narrow further with VLAN / DSCP / TCP Flags / TCP Options – input list.
Inspect TCP Flags – donut:
- RST / RST,ACK spike → listener closed, app crashed, or overloaded.
- Normal flags but throughput collapsed → app still running but stalled (DB wait, thread pool saturation, etc.). Hand off to the application owner with the timestamp and the affected client list (see tables at the foot of the Top Applications dashboard).

4 B If clues point to the Network

Stay on Flows (src/dst) and scroll: Sources / Destinations donuts show where traffic last appeared.
Use Geo IP ▸ Geo Location (src/dst) for cross‑WAN issues—the map pins the last visible ASN/country.
Check Exporters ▸ Flow Exporters (traffic) to confirm an exporter isn’t throttling flows. Escalate to NetOps with the exporter name, last‑seen interface, and the exact minute flows ceased.

5 90‑Second Drill (Cheat‑Sheet)

Dashboard

Action

Answers

Top Applications

Filter via Exporter / Locality / Application list

“Are any flows reaching the exporter?”

Flow Records (src/dst)

Watch Flow Records/s

“Did overall flow volume drop?”

Flows (src/dst)

• Sankey edges • **Session Established = No / Yes**

“Are replies missing?” “Handshake or post‑handshake failure?”

Traffic Details (attributes) or Geo Location / Exporters

Drill‑down

Pinpoints app crash vs. network segment

Previous“Why Is the App Slow?” Troubleshooting Guide NextElastiFlow Flow Enrichment How To

Was this helpful?

Good morning

hashtag

hashtag“Can’t Reach the App” Troubleshooting Guide

hashtag0 Set the Scene

hashtag1 Top‑N → Top Applications (Do any flows exist?)

hashtag2 Flow Records → Flow Records (src/dst) (Did flow volume dive?)

hashtag3 Flows → Flows (src/dst) (Are replies returning? Are sessions established?)

hashtag4 Locate the Culprit

hashtag4 A If clues point to the Application

hashtag4 B If clues point to the Network

hashtag5 90‑Second Drill (Cheat‑Sheet)