Powered by Zoomin Software. For more details please contactZoomin

Flowmon User Guide

Table of Contents

Investigation

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 5, 2026
  • 4 minute read
    • Flowmon Products
    • Flowmon
    • Documentation

Investigation allows you to track and manage traffic in a new way. It provides a structured way to document findings, actions taken, and next steps in the investigation process.

You can create a new investigation by clicking Start investigation in analysis or from the Flowmon Dashboards (FMD) module on the Investigations tab.

Unsaved investigations

The created investigation is not saved by default - it is considered temporary. Temporary investigations are automatically deleted 24 hours after the last edit. You can display temporary investigations in the FMD by clicking Show unsaved only in the top-right corner. You can also manually delete any temporary investigations here.

Saved investigations

You can save an investigation with a name and description, and choose whether the investigation should be shared with the current tenant (admin users can see all investigations whether they are shared or not). The system then autosaves the saved investigation on every change that occurs.

The investigation consists of:

  • Name - Name of the investigation.
  • Description - Description of the investigation.
  • Share - You can share the investigation with the current tenant.
  • Steps - A step is one part of the investigation. Each step can have a different filter or statistics.
  • Variables - A variables represents a configurable filter value.

Actions on investigations

There are several possible actions for an investigation:

  • New investigation - Create a new investigation.
  • Load - Loads an existing investigation (from the selection dialog).
  • Manage investigations - Redirects to the FMD Investigations tab.
  • Save - Save the investigation with a name and description. You can also specify whether the investigation is private or shared with all users in a given tenant.
  • Export to JSON - Export the investigation in JSON format.
  • Delete - Permanently delete the investigation.
  • Edit - The Edit option is only available for saved investigations. You can edit the name and description. You can also specify whether the investigation is private or shared with all users in a given tenant.
  • Save as - The Save as option is only available for saved investigations. You can save the investigation as a new one with a different name and description. You can also specify whether the new investigation is private or shared with all users in a given tenant.
Investigation - Investigation actions
Investigation - Investigation actions

You can show or hide the Investigation description, Step description, and/or Variables in the View menu.

Investigation - View options
Investigation - View options

Steps

A step is named Untitled step until it is processed with some filter (the name changes to the filter value when it is processed by a filter). You can also rename a step manually through the step menu.

You can create a step using the + button directly or through the menu. You can also create a step by clicking Process as child step in Analysis, where it will be instantly processed with the value written in the filter. You can also create a step through the action menu in the analysis table, by right-clicking a result row in the analysis table and selecting either Top 10 statistics by or First flows and clicking any sub-option.

If the step is already processed, you can export the result of the step in CSV/PDF format.

You can delete a step. If the step has child steps, they will also be deleted.

Investigation - Step actions in step menu
Investigation - Step actions in step menu

You can also Process all steps inside the Step menu in the Investigation panel header. There is also a Help option.

Investigation - Step actions in investigation panel header
Investigation - Step actions in investigation panel header

Steps states

A step can have one of these possible colors, which represent the state:

  • Blue - The currently selected step.
  • Red - Step processing failed. It has no result.
  • Orange - Step processing finished, but the result is inconsistent/outdated (for example, the filter in the parent or data sources were changed). An inconsistent state means that results stored in the step do not match the filter or other parameters of the step. One or more steps can become inconsistent because of changes in the investigation. You can continue and update them later or Process all of them to align with the latest changes.
  • Grey - All other states.

A step can also be in a scheduled or processing state, which is shown by the icon in the step.

Variables

You can create a variable in the Variables section inside the Investigation panel. You can show or hide this section in the View tab in the Investigation panel. A variable can consist of any letter, number, '-', or '_'.

There are two types of variables:

  • Value - You must provide a name, value, and optionally a description

  • Reference - You must provide a step name, row number, column name, and optionally a description. This variable will then store the value that is at the declared position.

The variable type cannot be changed once the variable is saved. You must create a new variable with a different type and remove the old one.

You can use the variable in a filter as the ${provided name}. The variable must always start with $.

TitleResults for “How to create a CRG?”Also Available inAlert