Insights & Alerting

The Insights feature of the Kentik V4 portal is covered in the topics below:

 

 
 top

About Insights

The basics of Kentik Insights are explained in the following topics:

 

 
 top  |  section

Insights Overview

Insights are automatic real-time notices that tell you about interesting or anomalous traffic behaviors. An insight can be any fact that is relevant to the traffic on the page and potentially of interest to the network operator. It could be a vital alarm, such as a broken link or a bad interface card, or it could be something that seems out of the ordinary, such as unusual traffic across a backbone or a security violation.

Insights are intended to be not only interesting but also, in many cases, actionable. Building on the baselining capability of our alerting system, a potentially noteworthy current situation can be correlated with a wealth of historical data and trends.

 

 
 top  |  section

Insight Types

Kentik insights fall into the following categories:

  • Kentik insights: Either of the following (see About Kentik Insights):
    - Insights based on patterns surfaced by our k/Advise insights engine (see Kentik Insights Families);
    - Alarms generated by Kentik presets in our alerting system.
  • Custom insights: Insights based on policies configured within your organization, including alerting based on custom-defined conditions (see Custom Insights).

 

 
 top  |  section

Accessing Insights

The popup Insights pane drops down from the Insights button at the right of the SubNav on the Network Explorer page and its associated Aggregate and Detail pages (Operate Aggregate Views and Operate Detail Views). On each of these pages the pane provides a set of insights related to the traffic presented on that particular page. On the aggregate view for devices, for example, these insights relate to all devices in your network, while on a detail view for an individual device the insights relate to that device.

Note: The Insights & Alerting Page (Operate » Insights & Alerting) provides a filterable list of recent insights across your organization and also enables access to configuration of insight content and behavior.

 

 
 top

Insights Pane

The popup Insights pane is structured as a vertical series of individual cards, one for each insight. The following UI elements are initially visible in each card:

  • Family: The icon at the top left of the card indicates the family (category) of the insight (see Kentik Insights Families).
  • Description: A brief summary of the specific situation leading to the generation of this insight.
  • Time: An indicator stating how long ago the insight was originally posted.
  • Flag: When you hover over an individual card a flag icon appears at the upper right of that card. Click the icon to flag the insight so it shows in the Insights Table if you use the Flagged filter.

The following additional UI elements become visible when you click within an individual insight card:

  • Chart: A chart showing traffic related to the insight. This inline chart enables you to get a quick feel for the situation without leaving the current page. Currently supported chart types include:
    - Stacked area and line charts when comparing time series data.
    - Horizontal bar graph when comparing two or more total values (such as total traffic this week vs. total traffic last week).
  • View Details: This link takes you to an Insight Details Page where you can see additional details about the insight.
  • View in Data Explorer: This link takes you to Data Explorer, where the controls will be set to show the traffic that generated the insight.

 

 
 top

Insights & Alerting Page

Insights are managed on the Insights & Alerting page in the Operate section of the portal, which is covered in the following topics:

 

 
 top  |  section

Insights & Alerting UI

The Insights & Alerting page provides a centralized list of your organization’s insights, both Kentik and Custom, which you can filter according to factors such as type and severity. The page includes the following UI elements:

  • Configure Kentik Insights: A button that takes you to the Insights Settings Page.
  • Configure Custom Insights: A button that opens the Alerting Policies page in a new browser tab. The main display area shows a list of your organization’s policies (see Alert Policies Page), while the sidebar at left enables you to navigate to pages focused on various aspects of alerting and mitigation (see Alerting Pages).
  • Group By: Choose a property (e.g. severity) from the drop-down menu to group the insights in the table by the value of that property. The table supports grouping by insight name, severity, key, and status.
  • Filters pane: Set filters to narrow the insights listed in the insights table (see Insights Table Filters).
  • Insights Table: A list of your organization’s insights (see Insights Table).

 

Alerting Pages

The following pages are used in v4 to configure and manage alerting and mitigation (links below are to the v3 KB):

  • Policies: A list of alert policies (see About Alerts and Policies), from which policies can be added, duplicated, and edited. This page (see Alert Policies Page) enables access to the Alert Policy Dialogs, which contain the UI for specifying the details of an alert policy.
  • Library: A list of preset alerts provided by Kentik to cover common situations about which customers might want to be notified; see Alert Library. Presets can be duplicated and then edited to produce alerts that are tailored to the specifics of your situation.
  • Silent Mode: A list of “patterns” that each represent a set of conditions (dimension/value pairs) that, when matched, will prevent the triggering of alerts on the matching traffic; see About Silent Mode.
  • Notification Channels: A list of channels (see Channels Page UI) that each represent a notification mode (e.g. email) and notification targets (e.g. a set of email addresses); see About Notification Channels.
  • Mitigation Platforms: A page listing the available platforms on which to run a mitigation (see Mitigation Platforms). Platforms can be built in, like Remotely Triggered Black-Hole routing (RTBH), or third party systems like Cloudflare Magic Transit, Radware DefensePro, or A10 Thunder TPS.
  • Mitigation Methods: A page listing the available methods (mitigation configurations) to be run on a mitigation platform; see Mitigation Methods.
  • Manual Mitigation: A dialog enabling you to apply a mitigation manually in real time without having a corresponding alert that is in alarm state; see Manual Mitigation.

 

 
 top  |  section

Insights Table Filters

The filters in this pane determine which insights are listed in the Insights Table:

  • Show Historical:
    - If on, the list will include alarms that have been resolved (status = Cleared).
    - If off (default), the list will show only unresolved alarms and non-alarm insights that are the most recent instance of an insight with the same name.
  • Filters: If the Flag switch is on, the list shows only insights that have been flagged (see Flag in Insights Pane).
  • Type: These radio buttons determine the types of insights in the list: Kentik Insights, Custom Insights, or both.
  • Custom Insight Status: These settings enable you to narrow the list to only Custom Insights whose current status matches the checked checkboxes:
    - Alarm: Show all alarms.
    - Ack Required: Show alarms whose policy requires that they be acknowledged before being cleared.
    - Cleared (shown only when Show Historical switch is on): Show alarms that have been cleared.
  • Severity: Use the checkboxes to include or exclude insights whose severity is Critical, Severe, Major, Warning, Minor, or Notice.
  • Insight Name: Click in the field to open a drop-down list of insights (repeat to choose multiple insights). The list will show only insights whose name matches an insight in the field.
  • Dimensions: Click in the field to open the Filter by Policy Dimensions dialog, which is identical to the Group by Dimensions dialog in Data Explorer (see Dimension Dialog UI). The list will show insights whose key (see Insights Table) contains the dimensions specified with the dialog.
  • Dimension Values: Click in the field to open the Edit Dimension Value Filters dialog, which allows you to define one or more conditions that are each made up of a dimension and a corresponding value. The Insights table will be filtered show insights matching that condition.

 

 
 top  |  section

Insights Table

The Insights table provides information about the Kentik and Custom insights that exist in your organization, filtered by the Insights Table Filters. Each row in the table represents an individual insight. Click a row to open an inline Insight Details Card for an individual insight.

The table includes the following columns:

  • Severity: The severity value (Critical, Severe, Major, Warning, Minor, or Notice) applied to the insight when it was created by Kentik or your organization.
  • Status: The status of the insight (e.g. Alarm, Ack Required, or Cleared).
  • Insight Name: The name assigned to the insight when it was created by Kentik or by your organization.
  • Key: A unique combination of values for a given set of dimensions (see About Keys). An insight is generated when the dimensions in that insight’s key definition match specified values (absolute or relative to a baseline).
  • Value: The dimension value that caused an insight to be generated.
  • Time: The date-time at which the insight was generated.

 

 
 top  |  section

Insight Details Card

The Insight Details card, which opens in line when you click on a row in the Insights Table, provides additional details about a given insight. The card includes the following UI elements:

  • Insight title: The name of the insight.
  • Summary: A brief statement, in sentence form, of what caused the insight. Depending on the dimension involved in the insight, the summary may include a link to that dimension’s Network Explorer page.
  • View Details: A button that takes you to an Insight Details Page where you can see additional details about the insight.
  • Chart or Table: Traffic data showing what caused the insight. Depending on the insight, this may be presented as either a time series chart or a table.
  • Key: A unique combination of values for a given set of dimensions (see About Keys). An insight is generated when the dimensions in that insight’s key definition match specified values (absolute or relative to a baseline).
  • Company Enabled: Allows an individual user to control visibility of an insight for all users in the organization.
  • Display in my Insight Feed: Determines whether the insight will appear in the Insights Pane on Network Explorer pages.
  • Configure Policy (Custom insights only): A link that opens the Alerting Policies page in a new tab (see Alert Policies Page), with the Edit Alert Policy dialog open to enable editing of the policy that generated this insight.
  • See more: A link with the same function as the View Details button.

 

 
 top

Insight Details Page

The details pages for individual insights are covered in the following topics:

 

 
 top  |  section

Accessing Details Pages

The details page for an individual insight is reached via a link from one of the following locations:

Note: Details pages are not currently implemented for the Capacity Analytics family of insights.

 

 
 top  |  section

Details Main Display

The main display area of each details page is divided into a set of panes, detailed below, that are intended to provide actionable details about the individual insight.

Note: The types information presented on details pages varies somewhat depending on the family of the insight (see Kentik Insights Families).

 

Title Pane

The top-most pane of the page contains the following information (regardless of the family):

  • Insight name: The name of this insight.
  • Description: A brief summary of the specific situation leading to the generation of this insight.

 

Statistics Pane

This pane shows the following elements:

  • Instance: The individual entity that the insight is about. For the insight Outbound Site Traffic, for example, the instance would be an individual site, whereas for the Kentik insight No Flow From Device the instance would be an individual device.
  • Statistics: Statistics that illustrate the situation that generated the insight. The statistics, typically related to traffic volume, may include the average bitrate of traffic over a given time range, the percent change in traffic compared to an earlier time range, the total traffic over a given time range, the baseline of traffic over a previous time range, etc.

Note: This pane is always present for Custom Insights. For Kentik Insights its presence depends on the family of the insight.

 

Data Pane

The data pane shows traffic data related to the condition that caused the insight. Depending on the insight, this may be presented as a time series chart, a table, or both.

  • Table: A top-X list of items (e.g. cities for the Inbound City Comparison insight) showing information such as current rank, change in rank, percent change in value, current value, and previous value.
  • Chart: A time series chart illustrating the traffic for a set of items over a time range corresponding to the evaluation frequency of this insight.
  • Conditions (Custom Insights only): The conditions that were met for the alert policy threshold, as well as the value that triggered the alarm.

 

 
 top  |  section

Details Sidebar

The right-side sidebar provides additional details about the insight. The fields vary depending on the type of the insight (see Insight Types):

  • Custom Insight: The fields are determined automatically based on the configuration of the insight.
  • Kentik Insight: The sidebar fields are as listed below.

The following fields are present in the right sidebar on a Details page for a Kentik Insight, and may also be present for a Custom Insight:

  • Severity: A severity level, either Critical, Severe, Major, Warning, Minor, or Notice. For Kentik insights severity is assigned by Kentik; for custom insights it is defined in the alert policy.
  • Starting Time: The start of the period evaluated for the insight.
  • Ending Time: The end of the period evaluated for the insight.
  • Alarm ID (Custom insight only): The Kentik-assigned ID for this alarm.
  • Policy (Custom insight only): The name of the alert policy by which the alarm was triggered (see Alert Policies).
  • Family: The family to which the insight belongs (see Kentik Insights Families). The name is a link that takes you to the main Insights and Alerting page with the Insights Table filtered to show only insights from the same family.
  • How Often: A summary of the frequency with which this insight has recently occurred. The Show All Occurrences link takes you to the main Insights and Alerting page with the Insights Table filtered to show all recent occurrences of the insight.
  • Take Action: Additional steps that you can take related to the insight:
    - Open in Data Explorer: A button that takes you to Data Explorer, where the controls will be set to show the traffic that generated the insight.
    - Open in Dashboard (Custom Insights only): Takes you to the corresponding dashboard (shown only when a corresponding dashboard exists).
    - Star Insight: Enables you to mark this occurrence of the insight for long-term retention, so it will appear in the Insights Table when the Show Historical switch is on (see Insights Table Filters). If the insight is already starred the button will be Unstar Insight instead.
  • Explore More Insights: A list of insight family names that serve as links that take you to the main Insights and Alerting page with the Insights Table filtered to show only insights from the same family.

 

 
 top

Insights Settings Page

The Insights Settings page, which is reached from the Configure Kentik Insights button on the Insights & Alerting page (see Insights & Alerting UI), is used to configure the display of Kentik insights. The page includes the following UI elements:

  • Family: Choose an Insights family (e.g. Capacity Analytics) from the drop-down menu. The Insights list will show only insights from that family (choose All to show all insights).
  • Filter: Enter text in the field to filter the Insights list to show only rows containing the entered text in one of the following columns: Insight Family, Insight Name.
  • Insights List: A table of your organization’s insights (see Insights List).

 

Insights List

The Insights list shows all of your organization’s Kentik insights, and enables you to set properties of individual insights. The list includes the following columns:

  • Insight Family: The family to which the insight belongs (see Kentik Insights Families).
  • Insight Name: The name assigned to the insight when it was created by Kentik or by your organization.
  • Company Enabled: A checkbox enabling you to control visibility of an insight for all users in your organization.
  • Display in my Insight Feed: Determines whether the insight will appear in the Insights Pane on Network Explorer pages.

In this article: