Settings
This article covers the different tabs of the Cloud Insights > Settings section.
FPS Monitoring
FPS Monitoring lets you monitor flow log records per second (FPS) and adjust FPS limits and unit consumption. The visual timeline graph reports the 95th percentile of FPS (see Peak Vs. 95th Percentile for more information), highlighting any spikes and consumption overages. The table underneath the timeline provides details that align with points on the timeline graph. The top of the page shows three tiles: the number of days you have been above your FPS limit, the recommended limit based on your recent usage, and your current FPS limit.

Flow Log Records Per Second (FPS)
FPS is a rate ThousandEyes calculates based on the number of flow log records being created in the configured storage service. In the case of AWS, for example, FPS is calculated using the files created and processed in the S3 bucket for the AWS account configured to integrate with ThousandEyes Cloud Insights. The flow log records are read in at the rate your cloud service provider is creating them.
The process for how ThousandEyes uses flow log records in AWS is as follows:
AWS sends the VPC flow log record to the S3 bucket.
S3 bucket service sends a notification to SNS topic.
ThousandEyes receives a notification from SNS.
The ThousandEyes AWS integration pulls in the flow log record from the S3 bucket and processes the entries on the flow log file.
Cloud Insights FPS Limit
Overages
Setting your FPS limit and managing overages works the same way in Cloud Insights as for Traffic Insights. See FPS Limit in the Traffic Insights article for more information. The key difference is in how you lower your FPS rate as opposed to increasing your FPS limit.
To decrease your FPS rate in Cloud Insights, you can decrease the number of specific resource groups and regions you want ThousandEyes to analyze flow logs for (currently only avaialble for AWS environments). Use the AWS Integration Policies tab to select the VPCs to pull flow logs from. For more information, see AWS Integration Policies.
Tags Management
The Tags Management tab lists your cloud provider tags. Select up to 5 tags to use as filters in Cloud Insights > Views.


Integration Logs
The Integration Logs tab tracks the status of retrieving data via your cloud provider integration. Warnings and errors are logged every minute until the issue is no longer occurring.

To troubleshoot a logged event, click on the > at the end of the row. This opens up the Log Details side panel where you can find more details about the error.

Click the Show More link to drill further into the details of the logged event.
Integration Policies
The Integration Policies section allows you to configure which resources Cloud Insights monitors from your cloud providers, such as AWS and Azure. By defining specific resource types and subscription rules, you gain granular control over the data collected, helping to optimize monitoring and avoid unnecessary permissions warnings.
AWS Integration Policies
The AWS tab under Integration Policies allows you to choose the AWS resource groups and regions you want Cloud Insights to collect inventory and flow logs for. Enabling a resource group determines which network assets are imported from AWS. By default, all network elements are imported.
To enable or restrict a resource group or region, click the Edit button in the upper right-hand corner and select the checkbox next to the resource or region name. Unchecked items are skipped.

Click Save Changes to save your changes.
Azure Integration Policies
The Azure tab under Integration Policies allows you to define which Azure resource types and subscriptions Cloud Insights monitors. This provides flexibility to collect inventory only for the resources and subscriptions relevant to your monitoring needs.
Unlike AWS, the Azure API automatically provides a list of active regions, so you do not need to specify regions for monitoring. A single Azure integration can also correspond to multiple Azure subscriptions.
The Azure Integration Policies page is divided into the following sections: Enabled Resource Types, Subscription Rules, and the Subscription List.

Azure Enabled Resource Types
This section allows you to select the specific types of Azure resources that Cloud Insights should monitor. By default, all supported resource types are enabled. Deselecting a resource type prevents Cloud Insights from collecting inventory for that type, which can help avoid generating unnecessary permissions warnings if your Cloud Insights integration does not have permissions for certain resource types.
The available resource types include:
Networking (Mandatory): Includes NICs, Public IPs, VNets, NAT gateways, resource groups, routing tables, VNet peering, VNet gateways, and VNet gateway connections. This category is mandatory for monitoring.
VM, VMSS, Kubernetes: Includes Virtual Machines, Virtual Machine Scale Sets, and Kubernetes resources.
Bastion, Private Endpoint: Includes Azure Bastion and Private Endpoints.
Load Balancers, Application Gateways: Includes Load Balancers and Application Gateways.
Security: Includes Security groups (NSG and ASG) and firewalls.
Azure Front Door (AFD): Includes Standard Azure Front Door, classic Azure Front Door, Azure Storage, and WAF policies.
ExpressRoute: Includes ExpressRoute circuits.
Virtual WAN: Includes Virtual WAN and Virtual Hub.
Traffic Manager: Includes Azure Traffic Manager.
To enable or disable a resource type, select or clear the checkbox next to its name in the Enabled Resource Types list.
Azure Subscription Rules
This section allows you to control which Azure subscriptions Cloud Insights monitors. You can define a set of rules to include or exclude subscriptions based on their names or IDs. These rules are processed sequentially, and the first matching rule applies.
The Subscription Rules section supports the following functionalities:
Create Rule: Add a new rule to include or exclude subscriptions.
Rule Order: Rules are applied from top to bottom. You can reorder rules to change their precedence.
Pattern Matching: Use Java regular expressions (regex) in the pattern field to match subscription names or IDs. For more information on the supported syntax, see the Java Pattern class documentation. For example,
production-.*
matches all subscriptions starting with "production-".Include/Exclude Action: Each rule specifies whether to
Include
(allow) orExclude
(block) subscriptions that match its pattern.Set Default for Remaining Subscriptions: This setting defines the action for any subscriptions that do not match any of the defined rules. You must explicitly set this to either
Include
(allow all remaining) orExclude
(block all remaining). This ensures that all subscriptions are accounted for.
Common Azure Subscription Rule Scenarios
Here are examples of how to configure subscription rules for common use cases:
Allow all subscriptions (default behavior):
Set the default action to Include. No specific rules are needed.
Allow specific subscriptions (e.g.,
s1
,id2
,s3
):Add rules to
Include
each specific subscription by name or ID.Set the default action to Exclude.
Example:
Include s1
Include id2
Include s3
Set Default for Remaining Subscriptions: Exclude
Allow all subscriptions except those with a specific prefix (e.g.,
development-
):Add a rule to
Exclude
the patterndevelopment-.*
.Set the default action to Include.
Example:
Exclude development-.*
Set Default for Remaining Subscriptions: Include
Block all subscriptions except specific ones (e.g.,
production-.*
,qa-.*
, anduserX
):Add rules to
Include
the patternsproduction-.*
,qa-.*
, anduserX.*
.Set the default action to Exclude.
Example:
Include production-.*
Include qa-.*
Include userX.*
Set Default for Remaining Subscriptions: Exclude
Azure Subscription List
Below the configuration sections, the subscription list displays all Azure subscriptions discovered by Cloud Insights for your integrated tenants. This table provides a real-time overview of each subscription's status, helping you verify the impact of your subscription rules and monitor the health of each integration.

You can use the Search bar to find specific subscriptions by name or ID. You can also filter the list using the Inclusion Status and Integration Status drop-down menus to narrow down the results.
The subscription list includes the following columns:
Subscription Name: The display name of the Azure subscription.
Subscription ID: The unique identifier for the Azure subscription.
Inclusion Status: Indicates whether the subscription is being monitored (
Included
) or ignored (Excluded
) based on the Subscription Rules you have configured.Integration Name: The name of the Cloud Insights integration that discovered the subscription.
Integration Status: The current operational status of the integration for this subscription (for example,
Active
).Integration Status Reason: Provides additional details about the integration status, such as confirmation of successful creation or error messages.
Monitored Assets: The total number of monitored assets within the subscription.
How Azure Integration Status is Updated
Cloud Insights logs messages related to subscription status:
When a new subscription is added, the log reports whether it is blocked by the subscription selection rules.
Every 24 hours, a log message reports the list of all active and blocked subscriptions.
Last updated