The pervasive use of computer networks to increase productivity and to facilitate communication makes network traffic monitoring, network analysis, and network security important concerns. The traffic load and the number of data flows traversing networks and data centers are rapidly increasing, which results in a rapidly increasing number of data flows, services, and performance counters to be monitored by network management architectures. For some packet data flows, it may be sufficient to monitor performance metrics per flow, such as bytes transmitted or received, at a time granularity of one second. This is a common configuration for typical network management architectures such as Simple Network Management Protocol (SNMP) architectures. However, for other packet data flows, it can be important to monitor performance metrics per flow at a finer time granularity, such as 1 millisecond or 10 milliseconds, as there are phenomena that can significantly impact quality of service of a flow that can be visible at these finer time granularities, but that are not visible at a one second time granularity. Typical SNMP stacks may not be designed for, and may not scale well to, this level of fine-grain monitoring across a large number of network devices that may be deployed worldwide. In addition, typical network management systems may not provide a user interface that allows for flexible, efficient analysis of large quantities of network monitoring data.
It is against this background that a need arose to develop the apparatus, system and method for enhanced monitoring and searching of devices distributed over a network described herein.