Insights

The Insights feature of the Kentik V4 portal is covered in the topics below:

• About Insights
• Insights Families
• Insights Pane
• Insights Page
• Insight Details Page
• Insights Settings Page

Note: For descriptions of current insights see Insights Reference.

A high-level overview of insights is given in the following topics:

• Insights Overview
• Accessing Insights

Insights are automatic real-time notices that tell you about interesting or anomalous traffic behaviors. An insight can be any fact that is relevant to the traffic on the page and potentially of interest to the network operator. It could be a vital alarm, such as a broken link or a bad interface card, or it could be something that seems out of the ordinary, such as unusual traffic across a backbone or a security violation.

Insights are intended to be not only interesting but also, in many cases, actionable. Building on the baselining capability of our alerting system, a potentially noteworthy current situation can be correlated with a wealth of historical data and trends.

Non-synthetics insights may be accessed in a couple different ways within the Kentik portal:

• Insights page: The Insights List on the page at Core » Insights is a filterable table showing all recent insights. Click on a row in the table to open the Insight Details Page for a specific insight. You can also access the Insights Settings Page from this page.
• Insights pane: The Insights Pane pops up from the Related Insights button at the right of the SubNav on the Network Explorer page and its associated Core Aggregate Pages and Core Details Pages. On each of these pages the pane lists non-synthetic insights related to the traffic presented on that particular page. On the aggregate page for devices, for example, these insights relate to all devices in your network, while on a detail view for an individual device the insights relate to that device.
• Synthetics insights: Insights in the Synthetics family are based on Kentik's analysis of results from Synthetics tests. These insights are not presented on the portal's Insights page or in the Insights pane. Instead they appear on the Insights tab of Test Details pages (see About Test Details Tabs).

Note: In addition to the Insights list, the Insights Page enables access to the Insights Settings Page.

Insights are categorized into "families." A given insight's family is indicated in both the Insights Pane (at the top left of the individual insight card) and the Insights List on the Insights Page, as well as by name on each Insight Details Page.

Current insights families include:

• Capacity Planning: Interfaces that are, based on current utilization trends, approaching the limits of their capacity.
• Edge: Changes to traffic volume through the edge of your infrastructure, by amount or by ranking, primarily evaluated based on ASNs and sites.
• Geolocation: Changes in top-X rankings (in traffic volume) as evaluated for geo-related dimensions such as cities, regions, countries, etc.
• Hybrid Cloud: Changes in top-X rankings (in traffic volume) as evaluated for cloud-related dimensions such as cloud service, cloud region, subnet, etc.
• Network Health: Notification of possible problems on your network such as unexpectedly low or high traffic bitrates or flows per second.
• Protect: Notification of possible threats to network availability and security
• Service Provider: Changes related to top-X rankings in traffic volume to, from, or in your service provider infrastructure.
• Synthetics: Analysis of synthetic test metrics such as latency and hop counts to determine how they are related.
• Traffic: Changes in top-X rankings (in traffic volume) as evaluated for traffic-related dimensions such as applications, ASNs, protocols, etc.

The popup Insights pane is structured as a vertical series of individual cards, one for each insight. The following UI elements are initially visible in each card:

• Family: The icon at the top left of the card indicates the family (category) of the insight (see Insights Families).
• Description: A brief summary of the specific situation leading to the generation of this insight.
• Time: An indicator stating how long ago the insight was originally posted.

The following additional UI elements become visible when you click within an individual insight card:

• Chart: A chart showing traffic related to the insight. This inline chart enables you to get a quick feel for the situation without leaving the current page. Currently supported chart types include:
  - Stacked area and line charts when comparing time series data.
  - Horizontal bar graph when comparing two or more total values (such as total traffic this week vs. total traffic last week).
• View Details: This link takes you to an Insight Details Page where you can see additional details about the insight.
• View in Data Explorer: This link takes you to Data Explorer, where the controls will be set to show the traffic that generated the insight.

Note: Along with insights, the Insights pane will also include cards for alarms from the DDoS Defense and Alerting modules in the Protect section of the portal.

Insights are managed on the Insights page in the Core section of the portal, which is covered in the following topics:

• Insights Page UI
• Insights List
• Insights List Filters

The Insights page provides a centralized list of your organization's insights, which you can filter according to factors such as type and impact. The page includes the following UI elements:

• Configure Insights: A button that takes you to the Insights Settings Page.
• Show/Hide Filters (filter icon): A button that toggles the Filters pane between expanded and collapsed.
• Group By: Choose a property (e.g. severity) from the drop-down menu to group the insights in the table by the value of that property. The table supports grouping by insight name, severity, key, and status.
• Filter field: Enter text to narrow the insights shown in the Insights list to those whose name or family contains that text. The field will also display any filters applied with the Filters pane.
• Filters pane: Set filters to narrow the insights listed in the insights table (see Insights List Filters).
• Insights List: A list of your organization's insights (see Insights List).

The Insights table provides information about the insights in your organization, filtered by the Insights List Filters. Each row in the table represents an individual insight. Click a row to open the Insight Details Page for an individual insight.

The table includes the following columns:

• Impact: The severity value (Critical, Severe, Major, Warning, Minor, or Notice) applied to the insight when it was created by Kentik or your organization.
• Insight: The name assigned to the insight by Kentik. Insights are listed by in the Insights Reference.
• Family: The family to which the insight belongs (see Insights Families).
• Key: A unique combination of values for a given set of dimensions (see About Keys). An insight is generated when the dimensions in that insight's key definition match specified values (absolute or relative to a baseline).
• Value: The dimension value that caused an insight to be generated.
• Time: The date-time at which the insight was generated.

The filters in this pane determine which insights are listed in the Insights List:

• Impact: Use the checkboxes to include or exclude insights whose severity is Critical, Severe, Major, Warning, Minor, or Notice.
• Time Range: Use the radio buttons to include only insights that occurred during a given duration back from the present.
• Family: Use the drop-down to choose one or more families that the included insights must be in (see Insights Families).
• Insight Name: Click in the field to open a drop-down list of insights (repeat to choose multiple insights). The list will show only insights whose name matches an insight in the field.

The details pages for individual insights are covered in the following topics:

• Accessing Details Pages
• Details Main Display
• Details Sidebar

The details page for an individual insight is reached via a link from one of the following locations:

• An individual card in the Insights Pane on the Network Explorer page or one of its associated Aggregate and Details pages (see Accessing Insights). First expand the card by clicking it, then click the View Details link.
• An individual row of the Insights List on the Insights page. Click a row to go to the details page for that insight.

Note: Details pages are not currently implemented for the Capacity Analytics family of insights.

The main display area of each details page is divided into a set of panes, detailed below, that are intended to provide actionable details about the individual insight.

Note: The types information presented on details pages varies somewhat depending on the family of the insight (see Insights Families).

The top-most pane of the page contains the following information (regardless of the family):

• Insight name: The name of this insight.
• Description: A brief summary of the specific situation leading to the generation of this insight.

Depending on the insight, this pane shows the following elements arrayed across the width of the main page:

• Instance: The individual entity that the insight is about. For the insight Outbound Site Traffic, for example, the instance would be an individual site, whereas for the insight No Flow From Device the instance would be an individual device.
• Dimensions: Statistical or other informational values (depending on the insight) that illustrate the situation that generated the insight:
  - Statistics: Typically related to traffic volume, may include the average bitrate of traffic over a given time range, the percent change in traffic compared to an earlier time range, the total traffic over a given time range, the baseline of traffic over a previous time range, etc.
  - Other information: Varies by insight. for example, an insight such as Device firmware version check (Security family), will show information about the device whose firmware is being checked, such as the device name, OS, system description, and, if applicable, the deprecated and discontinued dates of the OS.

Note: The presence of this pane depends on the family of the insight.

The data pane shows traffic data related to the condition that caused the insight. Depending on the insight, this may be presented as a time series chart, a table, or both.

• Table: A top-X list of items (e.g. cities for the Inbound City Comparison insight) showing information such as current rank, change in rank, percent change in value, current value, and previous value.
• Chart: A time series chart illustrating the traffic for a set of items over a time range corresponding to the evaluation frequency of this insight.

The right-side sidebar provides additional details about the insight. The presence of the following fields varies depending on the family of the insight:

• Impact: A severity level, either Critical, Severe, Major, Warning, Minor, or Notice.
• Starting Time: The start of the period evaluated for the insight.
• Ending Time: The end of the period evaluated for the insight.
• Family: The family to which the insight belongs (see Insights Families). The name is a link that takes you to the main Insights and Alerting page with the Insights List filtered to show only insights from the same family.
• Frequency: A summary of the frequency with which this insight has recently occurred. The Show All Occurrences link takes you to the main Insights and Alerting page with the Insights List filtered to show all recent occurrences of the insight.
• Dimensions: Depending on the insight, additional information about the dimensions that are shown in the Dimensions Pane, including how often the same dimension value appeared in your organization's other insights in the last seven days.
• Take Action: Additional steps that you can take related to the insight (actions depend on family):
  - View in Data Explorer: A button that takes you to Data Explorer, where the controls will be set to show the traffic that generated the insight.
  - Open in Dashboard: Takes you to the corresponding dashboard (shown only when a corresponding dashboard exists).
• Notifications: Subscribe or unsubscribe to notifications about this insight:
  - Subscribe: A button that enables you to receive digest emails for the selected insight.
  - Customize: Opens the Insight Notification Settings dialog.
• Explore More Insights: A list of insight family names that serve as links that take you to the main Insights page with the Insights List filtered to show only insights from the same family.

To access this dialog, click Customize under Notifications in the Details Sidebar. The Insight Notification Settings dialog includes the following UI elements:

• Close button: Click the X in the upper right corner to close the dialog.
• Subscription status: Choose whether or not to receive notifications for this insight:
  - Not subscribed: Receive no notifications.
  - Subscribed: Receive notifications.
• Subscription options: Checkboxes that appear when Subscribed is selected. Check all that apply:
  - Include activity for this insight in a daily digest.
  - Include activity for this insight’s family in a daily digest.
  Note: Unchecking both options will set the Subscription Status setting to "Not subscribed."
• Cancel button: Exit the dialog. settings will be as they were before the dialog was opened.
• Save: Click to save your subscription settings.

The Insights Settings page is used to configure the display of insights. The page, which is reached from the Configure Insights button on the Insights page (see Insights Page UI), is covered in the following topics:

• Insight Settings UI
• Insights Settings List
• Manage Insights Settings

The page includes the following UI elements:

• Family: Choose an Insights family (e.g. Capacity Analytics) from the drop-down menu. The Insights list will show only insights from that family (choose All to show all insights).
• Filter: Enter text in the field to filter the Insights list to show only rows containing the entered text in one of the following columns: Insight Family, Insight Name.
• Insight Settings List: A table of your organization's insights (see Insights Settings List).

The Insights Settings list shows all of your organization's insights and enables you to set properties of individual insights. The list includes the following columns:

• Insight Family: The family to which the insight belongs (see Insights Families).
• Insight Name: The name assigned to the insight when it was created by Kentik or by your organization.
• Company Enabled: A checkbox enabling you to control visibility of an insight for all users in your organization.
• Display in my Insight Feed: Determines whether the insight will appear in the Insights Pane on Network Explorer pages.

To configure the settings for a given insight :

1. Click Insights in the Core section of the main navbar menu.
2. On the Insights page, click the Configure Insights button at the upper right of the main display area.
3. On the Insights Settings page, look in the Insights Settings List for the insight that you'd like to configure.
4. In the insight's row:
   - Use the Company Enabled checkbox to enable/disable the insight for your organization.
   - Use the Display in my Insight Feed checkbox to determine whether the insight will appear in your personal insight feed.