Settings

This article covers the different tabs of the Cloud Insights > Settings section.

Some screens within Cloud Insights combine the data of multiple cloud providers, allowing you to filter by cloud provider, while others separate the cloud provider data into tabs. Cloud Insights > Views, for example, is combined while Cloud Insights > Inventory is tabbed. Of the Settings screens, FPS Monitoring and Integration Logs are combined while Tags Management is tabbed. AWS Integration Policies is currently only available for AWS. Where customers have set up Cloud Insights for both AWS and Azure, ThousandEyes distinguishes between the cloud environments as different tabs in the screens that are tabbed. Where customers have set up Cloud Insights for only one cloud environment, ThousandEyes does not separate these screens into tabs.

FPS Monitoring

Both Cloud Insights and Traffic Insights use FPS monitoring, where the functionality is similar, but for which the metrics are subtly different. Cloud Insights measures flow log records per second, as measured for the purposes of cloud traffic in the likes of AWS and Azure, while Traffic Insights measures flow records per second using NetFlow v9 and IPFIX standards. See Network Flow Record Requirements for more information about NetFlow v9 and IPFIX standards within Traffic Insights.

FPS Monitoring lets you monitor flow log records per second (FPS) and adjust FPS limits and unit consumption. The visual timeline graph reports the 95th percentile of FPS (see Peak Vs. 95th Percentile for more information), highlighting any spikes and consumption overages. The table underneath the timeline provides details that align with points on the timeline graph. The top of the page shows three tiles: the number of days you have been above your FPS limit, the recommended limit based on your recent usage, and your current FPS limit.

FPS Monitoring Screen

Flow Log Records Per Second (FPS)

FPS is a rate ThousandEyes calculates based on the number of flow log records being created in the configured storage service. In the case of AWS, for example, FPS is calculated using the files created and processed in the S3 bucket for the AWS account configured to integrate with ThousandEyes Cloud Insights. The flow log records are read in at the rate your cloud service provider is creating them.

The process for how ThousandEyes uses flow log records in AWS is as follows:

  1. AWS sends the VPC flow log record to the S3 bucket.

  2. S3 bucket service sends a notification to SNS topic.

  3. ThousandEyes receives a notification from SNS.

  4. The ThousandEyes AWS integration pulls in the flow log record from the S3 bucket and processes the entries on the flow log file.

Cloud Insights FPS Limit

Overages

Setting your FPS limit and managing overages works the same way in Cloud Insights as for Traffic Insights. See FPS Limit in the Traffic Insights article for more information. The key difference is in how you lower your FPS rate as opposed to increasing your FPS limit.

To decrease your FPS rate in Cloud Insights, you can decrease the number of specific resource groups and regions you want ThousandEyes to analyze flow logs for (currently only avaialble for AWS environments). Use the AWS Integration Policies tab to select the VPCs to pull flow logs from. For more information, see AWS Integration Policies.

Tags Management

The Tags Management tab lists your cloud provider tags. Select up to 5 tags to use as filters in Cloud Insights > Views.

List of tags in Tags Management tab
Using the tag "Environment" as a filter in Cloud Insights > Views

Integration Logs

The Integration Logs tab tracks the status of retrieving data via your cloud provider integration. Warnings and errors are logged every minute until the issue is no longer occurring.

Integration Logs tab showing error messages

To troubleshoot a logged event, click on the > at the end of the row. This opens up the Log Details side panel where you can find more details about the error.

Integration Log error details

Click the Show More link to drill further into the details of the logged event.

Integration Policies

The Integration Policies section allows you to configure which resources Cloud Insights monitors from your cloud providers, such as AWS and Azure. By defining specific resource types and subscription rules, you gain granular control over the data collected, helping to optimize monitoring and avoid unnecessary permissions warnings.

AWS Integration Policies

The AWS tab under Integration Policies allows you to choose the AWS resource groups and regions you want Cloud Insights to collect inventory and flow logs for. Enabling a resource group determines which network assets are imported from AWS. By default, all network elements are imported.

To enable or restrict a resource group or region, click the Edit button in the upper right-hand corner and select the checkbox next to the resource or region name. Unchecked items are skipped.

Cloud Insights AWS Integration Policies tab

Click Save Changes to save your changes.

Azure Integration Policies

The Azure tab under Integration Policies allows you to define which Azure resource types and subscriptions Cloud Insights monitors. This provides flexibility to collect inventory only for the resources and subscriptions relevant to your monitoring needs.

Unlike AWS, the Azure API automatically provides a list of active regions, so you do not need to specify regions for monitoring. A single Azure integration can also correspond to multiple Azure subscriptions.

The Azure Integration Policies page is divided into the following sections: Enabled Resource Types, Subscription Rules, and the Subscription List.

Enabled Resource Types and Subscription Rules Sections on the Azure Integration Policies page

Azure Enabled Resource Types

This section allows you to select the specific types of Azure resources that Cloud Insights should monitor. By default, all supported resource types are enabled. Deselecting a resource type prevents Cloud Insights from collecting inventory for that type, which can help avoid generating unnecessary permissions warnings if your Cloud Insights integration does not have permissions for certain resource types.

The available resource types include:

  • Networking (Mandatory): Includes NICs, Public IPs, VNets, NAT gateways, resource groups, routing tables, VNet peering, VNet gateways, and VNet gateway connections. This category is mandatory for monitoring.

  • VM, VMSS, Kubernetes: Includes Virtual Machines, Virtual Machine Scale Sets, and Kubernetes resources.

  • Bastion, Private Endpoint: Includes Azure Bastion and Private Endpoints.

  • Load Balancers, Application Gateways: Includes Load Balancers and Application Gateways.

  • Security: Includes Security groups (NSG and ASG) and firewalls.

  • Azure Front Door (AFD): Includes Standard Azure Front Door, classic Azure Front Door, Azure Storage, and WAF policies.

  • ExpressRoute: Includes ExpressRoute circuits.

  • Virtual WAN: Includes Virtual WAN and Virtual Hub.

  • Traffic Manager: Includes Azure Traffic Manager.

To enable or disable a resource type, select or clear the checkbox next to its name in the Enabled Resource Types list.

Azure Subscription Rules

This section allows you to control which Azure subscriptions Cloud Insights monitors. You can define a set of rules to include or exclude subscriptions based on their names or IDs. These rules are processed sequentially, and the first matching rule applies.

The Subscription Rules section supports the following functionalities:

  • Create Rule: Add a new rule to include or exclude subscriptions.

  • Rule Order: Rules are applied from top to bottom. You can reorder rules to change their precedence.

  • Pattern Matching: Use Java regular expressions (regex) in the pattern field to match subscription names or IDs. For more information on the supported syntax, see the Java Pattern class documentation. For example, production-.* matches all subscriptions starting with "production-".

  • Include/Exclude Action: Each rule specifies whether to Include (allow) or Exclude (block) subscriptions that match its pattern.

  • Set Default for Remaining Subscriptions: This setting defines the action for any subscriptions that do not match any of the defined rules. You must explicitly set this to either Include (allow all remaining) or Exclude (block all remaining). This ensures that all subscriptions are accounted for.

Common Azure Subscription Rule Scenarios

Here are examples of how to configure subscription rules for common use cases:

  1. Allow all subscriptions (default behavior):

    • Set the default action to Include. No specific rules are needed.

  2. Allow specific subscriptions (e.g., s1, id2, s3):

    • Add rules to Include each specific subscription by name or ID.

    • Set the default action to Exclude.

    • Example:

      • Include s1

      • Include id2

      • Include s3

      • Set Default for Remaining Subscriptions: Exclude

  3. Allow all subscriptions except those with a specific prefix (e.g., development-):

    • Add a rule to Exclude the pattern development-.*.

    • Set the default action to Include.

    • Example:

      • Exclude development-.*

      • Set Default for Remaining Subscriptions: Include

  4. Block all subscriptions except specific ones (e.g., production-.*, qa-.*, and userX):

    • Add rules to Include the patterns production-.*, qa-.*, and userX.*.

    • Set the default action to Exclude.

    • Example:

      • Include production-.*

      • Include qa-.*

      • Include userX.*

      • Set Default for Remaining Subscriptions: Exclude

Azure Subscription List

Below the configuration sections, the subscription list displays all Azure subscriptions discovered by Cloud Insights for your integrated tenants. This table provides a real-time overview of each subscription's status, helping you verify the impact of your subscription rules and monitor the health of each integration.

Subscription List Section on the Azure Integration Policies Page

You can use the Search bar to find specific subscriptions by name or ID. You can also filter the list using the Inclusion Status and Integration Status drop-down menus to narrow down the results.

The subscription list includes the following columns:

  • Subscription Name: The display name of the Azure subscription.

  • Subscription ID: The unique identifier for the Azure subscription.

  • Inclusion Status: Indicates whether the subscription is being monitored (Included) or ignored (Excluded) based on the Subscription Rules you have configured.

  • Integration Name: The name of the Cloud Insights integration that discovered the subscription.

  • Integration Status: The current operational status of the integration for this subscription (for example, Active).

  • Integration Status Reason: Provides additional details about the integration status, such as confirmation of successful creation or error messages.

  • Monitored Assets: The total number of monitored assets within the subscription.

How Azure Integration Status is Updated

Cloud Insights logs messages related to subscription status:

  • When a new subscription is added, the log reports whether it is blocked by the subscription selection rules.

  • Every 24 hours, a log message reports the list of all active and blocked subscriptions.

Last updated