Views

Cloud Insights offers a detailed view of how your cloud native assets are connected together logically, your historical inventory, and, for AWS environments, a comprehensive end-to-end traffic flow. Events occurring within your cloud infrastructure, such as configuration changes and operational scaling events, are represented in Cloud Insights Inventory and Views screens within tables and timelines. These visualizations are available in the Cloud Insights section of the ThousandEyes platform and as the Cloud layer in Network & App Synthetics > Views.

Some screens within Cloud Insights combine the data of multiple cloud providers, allowing you to filter by cloud provider, while others separate the cloud provider data into tabs. Cloud Insights > Views, for example, is combined while Cloud Insights > Inventory is tabbed. Of the Settings screens, FPS Monitoring and Integration Logs are combined while Tags Management is tabbed. Integration Policies is currently only available for AWS. Where customers have set up Cloud Insights for both AWS and Azure, ThousandEyes distinguishes between the cloud environments as different tabs in the screens that are tabbed. Where customers have set up Cloud Insights for only one cloud environment, ThousandEyes does not separate these screens into tabs.

Inventory Screen

Navigate to Cloud Insights > Inventory to view the cloud assets and services discovered through your integration with your cloud provider. The inventory screen displays the last 30 days of ingested data and it is refreshed every 5 minutes.

With the Cloud Insights inventory screen, you can see all your cloud networking, content delivery, and compute assets grouped by asset type, including for example load balancer, network gateway, and internet gateway, across all your cloud accounts and subscriptions, in one dashboard. You can see all your assets in the context of their respective public or private subnets, availability zones (AZ), virtual cloud instances (VPC or VNET), regions, and accounts or subscriptions.

Cloud Insights inventory screen

Click on a region or subnet to see its details. Filtering assets by service and by tags is also supported.

For more information about Amazon Virtual Private Cloud (VPC), see What is Amazon VPC?. For more information about Microsoft Azure Virtual Network (VNET), see What is Azure Virtual Network?

Views Screen for Flow Log Analysis

Cloud Insights timeline view and filter options

For AWS environments, navigate to Cloud Insights > Views to see your flow log activity. Cloud Insights metrics can be used to visualize change events and traffic flow over time by ingesting network flow logs. You can also access a more granular “stacked view” by resource depending on the metric you choose (see Flow Log Metrics for more information).

In addition to the timeline, Cloud Insights provides a traffic table in the area below the timeline. Filtering and grouping are also available.

Cloud Insights flow log data table

Flow Log Metrics

Cloud Insights offers you two types of timeline view to enhance your flow log traffic analysis. For an overview of all flow log traffic, select any metric under Total View. For a segmented view of particular assets, select any metric under Stacked View.

Total View and Stacked View metrics

The following flow log metrics are available under Cloud Insights Views:

Metric

View

Description

Total Throughput

Total

Sum of virtual network accepted actions for traffic going to or coming from outside your cloud environment. Limited to traffic going through the test ingress point at the cloud edge.

Rejected Throughput

Total

Sum of rejected total throughput.

Throughput Inbound

Stacked

Total traffic from the remote endpoint to the local endpoint of the connection.

Throughput Outbound

Stacked

Total traffic from the local endpoint to the remote endpoint of the connection.

Rejected Throughput Inbound

Stacked

Total rejected throughput from the remote endpoint to the local endpoint of the connection.

Rejected Throughput Outbound

Stacked

Total rejected throughput from the local endpoint to the remote endpoint of the connection.

Connections per second

Stacked

Sum of new TCP (Transmission Control Protocol) connections.

Rejected Connections per second

Stacked

Connections that were dropped due to policy enforcement.

Flows per second

Stacked

The rate at which network flows (sequences of packets with the same 5-tuple: source IP, destination IP, source port, destination port, protocol) are observed in the cloud environment, measured in flow log records per second.

Skipped Data (for AWS only)

Stacked

Flows that were dropped by AWS due to performance issues, unlike “rejected” that were dropped due to policy enforcement.

For Outside Cloud Throughput, see Cloud Layer.

Stacked View

Stacked view timeline

The stacked view enables you to gain granular insights into cloud traffic patterns to better optimize performance and troubleshoot issues.

Use cases include:

  1. Identifying resource-specific traffic bottlenecks: Pinpoint which cloud resources (e.g., instances, load balancers) contribute disproportionately to Total Throughput, indicating potential bottlenecks or overutilized assets.

  2. Optimizing cloud resource utilization and costs: Analyze traffic distribution across resources to identify underutilized or overutilized assets, reducing cloud costs and improving efficiency.

  3. Detecting anomalous traffic patterns: Identify unexpected throughput spikes or drops for specific resources, indicating potential security issues (e.g., DDoS attacks) or misconfigurations.

  4. Capacity planning for multi-cloud environments: Forecast resource needs across your cloud environment by analyzing historical throughput trends per resource. Grouping by resource type (e.g., all Transit Gateways) or filtering by region (e.g., us-east-1) supports multi-cloud strategies.

Once you select a metric under Stacked View, the top five assets by throughput are displayed, plus the total. You can add or remove up to ten assets using the checkboxes in the table below the timeline, or remove assets using the checkboxes along the comparison legend below the timeline.

Hover over a time slice for information about the segmented traffic at that point in time.

Segmented traffic data on hover

You can further refine your view and table data by using filtering and grouping, described below.

Filtering and Grouping

Traffic views can be filtered by several dimensions, such as by cloud account/subscription, region, availability zone, VPC/VNET, and application, enabling flexible and contextual views of performance. Filter options are available for each local and remote resource. Local resources are where the flow logs are captured. Remote resources are where the flow logs are destined.

Filtering selections are available both above the timeline and below. Click on the ellipsis (...) for additional options.

Cloud Insights grouping and filter options below the timeline

Table Tab

The Table tab displays a list of resources that meet the filter and grouping criteria specified just below the timeline. With the Table tab view you can:

  • Use the grouping and filter criteria to determine what is displayed.

  • Click on column headers to change the sort order.

  • Hover over a row to display more details about the row item.

  • Click the ellipsis (...) at the end of the row to filter based on the selected row item.

Cloud Insights Table tab

Events Tab

Cloud Insights tracks configuration change and operational scaling events and state changes across any element of the virtual infrastructure that serves your application. In addition to problematic infrastructure elements, a common cause for application downtime is changes made by an automated process or a live human. Monitoring change events not only allows you to determine what changed at what time, but also to correlate that change with application availability and other metrics.

To view change event metrics, select the Events tab beneath the chart.

Selecting change and operational events

A view of change events is also available in the Cloud layer of Network & App Synthetics > Views. Configuration changes and operational changes are colored on the topology view. Note that not all changes negatively impact applications and services.

Event Count in the Cloud layer of Network & App Synthetics > Views

Viewing Configuration Changes

You can view a diff of the change, before and after the change event occurred. To view a diff, select a row containing a configuration change from the Events table located below the timeline.

Configuration change diff

You can also use the Inventory screen to show the diff. Click on any row located under the Asset Name header.

Configuration change diff from the Inventory view

Use the Events tab to track configuration changes and operational events due to adding or removing instances.

Map Tab

The Map tab groups cloud environment resources by region and displays them using a map visualization. Use the + and - buttons in the upper right to zoom in and zoom out, respectively. Hover over any item to display more details about the resource.

Cloud Insights Map tab

Network & App Synthetics Cloud Views

Cloud Insights are integrated with the Network & App Synthetics views both as a swimlane below the timeline showing configuration change and operational events, and as a traffic topology map.

Configuration Change and Operational Events are visible in the swimlane below the timeline

Cloud Layer

The Cloud layer shows your cloud environment behind the Load Balancer that is serving your application. For AWS environments, this can also be the Global Accelerator. This view pulls in your cloud native inventory for the specific service, providing a logical service map of how your application is being served. You can use the traffic timeline to visualize how your application is distributed within your cloud provider networks.

The Cloud layer is available within Network & App Synthetics > Views. To navigate to the Cloud layer, click on the Cloud label to the left of the timeline. If you do not see a Cloud layer it means you have not configured a supported cloud provider integration, or you are not testing to a supported test target.

Cloud layer timeline and path vis

Available metrics for the Cloud layer timeline are Outside Cloud Throughput, Outside Rejected Throughput, Outside Connection Rate, Outside Rejected Connection Rate, and Event Count. You can choose to display any number of metrics at the same time.

Outside Cloud Throughput is traffic throughput to remote endpoints that are outside of your monitored cloud accounts or subscriptions (could be outside of the cloud or in the cloud but not monitored). For example, for an externally facing load-balancer the timeline displays how much traffic is entering the cloud and exiting the cloud through this load balancer over the given time period. You can use Outside Cloud Throughput to analyze relevant traffic and to determine if there is degradation of traffic to that node that could be causing a delay.

In this same vein, Outside Rejected Throughput is the total rejected throughput outside of the cloud environment, and Outside Connection Rate and Outside Rejected Connection Rate are the sum of new TCP connections (or dropped connections in the case of rejection) where the remote endpoint is outside of the cloud environment.

When attempting to correlate flow log data with other metrics, a related spike may show up in the next adjacent bucket. This is because traffic flow log data is aggregated every 5 minutes.

Cloud Layer Topology Tab

When the Cloud layer view is selected, the area below the timeline displays the traffic topology under the Topology tab, grouped into either regions or accounts for additional path context (see Topology Grouping below). The Topology tab offers two views, Service Configuration and Network and Security (currently, Network and Security is only available for AWS environments). The Service Configuration view shows resources that perform different functions and their configurations, such as load balancers and EC2 instances or virtual machines. The Network and Security view, available by clicking on any shield icon, shows how the different resources reach each other. This can include network interfaces and security groups.

The Service Configuration view, grouped by region

Topology Grouping

Topology grouping allows you to view your network and application path structure in an organized and meaningful way. This helps you to understand service dependencies and traffic flows within specific geographic or organizational boundaries, making it easier to pinpoint issues and their impact on users in those groups.

The same Service Configuration view, grouped by account

By default, the nodes in your topology view are grouped by region. In the top right corner of the Topology tab, you can change the view to group by account, or to remove grouping for a more compact view.

The grouping toggle

Service Configuration View

The default view under the Topology tab is the Service Configuration view. Operational events are highlighted in blue while configuration change events are highlighted in green.

Operational Events are highlighted in blue. Configuration Change Events are highlighted in green.

Searching in the Service Configuration View

You can use the search box to locate a specific resource by name. The Service Configuration view shows the found resource highlighted with other resources greyed out.

Searching in the Service Configuration view

Network and Security View

If network and security information is available, a shield is shown on the line connecting two resources. To access the Network and Security view, click the shield icon.

Network and Security view shield

The Network and Security view shows the paths traffic travels between the interfaces assigned to each resource. In addition to network interfaces, the Network and Security view also shows firewalls. You can use the Network and Security view to troubleshoot reachability issues along different network paths between resources.

Interface Details in the Network and Security View

Entry points can also be prefixed with interface and security group information. This is helpful for monitoring traffic passing through an outside-facing firewall.

A prefixed interface in the Service Configuration view

Click on the shield icon for the Network and Security view.

A prefixed interface in the Network and Security view

To exit the Network and Security view, click on Service Configuration on the upper left corner of the Topology tab section.

Click on "Service Configuration" to exit the Network and Security view

Searching in the Network and Security Layer

When you search for a resource in the Service Configuration view that can only be displayed in the Network and Security view, shield icons where the resource can be viewed are highlighted.

Searching for a network interface

Click on a highlighted shield to switch to the Network and Security view to view the found resource.

Viewing a found network resource

Note that resources can be repeated in the Network and Security view. In the example above, multiple shield icons are highlighted for the same interface. These are repetitions of the same interface shown in different path configurations.

AWS Topology

For AWS, the traffic topology tab shows what's behind the AWS Global Accelerator or Load Balancer that is serving your application. You can distinguish between traffic flow that originates outside AWS and is destined in AWS, originates and is destined in AWS, and originates in AWS and is destined outside AWS. This means that you can identify network blindspots in the context of where traffic originates and is destined. You can also see traffic flow size (bytes/sec) between each hierarchical AWS instance, e.g. AWS account, AWS region, VPC, AZ, Subnet, AWS instance, and AWS elastic network interface.

AWS traffic topology map

Cross-zone Availability

If you have cross-zone availability configured, these paths are shown in the Network and Security view under the Topology tab. The topology reflects what availability zones a load balancer is actually sending traffic across.

Highlighting a single path for a load balancer with cross-zone availability configured
Additional interface detail for a load balancer with cross-zone availability configured
Second path for a load balancer with cross-zone availability configured

Even when a load balancer has two interfaces and cross-zone availability is off, the topology only shows the path configured for the same availability zone as the destination displayed in the topology. If your load balancer is not configured to cross zones, then the view will not show any traffic crossing zones.

Load balancer with multiple instances showing a single instance in the same zone

Direct Connect

When you click on the shield next to a Direct Connect resource, the Network and Security View shows its configured VIFs (Virtual Interfaces).

A Direct Connect gateway in the Network and Security view

Cloud Layer Events Tab

If any configuration change or operational events are selected in the traffic timeline, they will be listed in the Events tab underneath the timeline.

List of configuration change and operational events

Click on any row to view details of the event. Configuration changes show a diff of the change that was made. Click on the blue Explore in AWS/Azure button above the diff to access the change in the relevant environment.

Details of a configuration change

Cloud Layer Traffic Tab

Use the Traffic tab to view a detailed list of servers along with specific throughput metrics. This list can be grouped and filtered using the selection menus at the top of the list. This functions in the same way as the Cloud Insights Table tab.

Last updated