Views
Cloud Insights offers a detailed view of how your cloud native assets are connected together logically, your historical inventory, and, for AWS environments, a comprehensive end-to-end traffic flow. Events occurring within your cloud infrastructure, such as configuration changes and operational scaling events, are represented in Cloud Insights Inventory and Views screens within tables and timelines. These visualizations are available in the Cloud Insights section of the ThousandEyes platform and as the Cloud layer in Network & App Synthetics > Views.
Inventory Screen
Navigate to Cloud Insights > Inventory to view the cloud assets and services discovered through your integration with your cloud provider. The inventory screen displays the last 30 days of ingested data and it is refreshed every 5 minutes.
With the Cloud Insights inventory screen, you can see all your cloud networking, content delivery, and compute assets grouped by asset type, including for example load balancer, network gateway, and internet gateway, across all your cloud accounts and subscriptions, in one dashboard. You can see all your assets in the context of their respective public or private subnets, availability zones (AZ), virtual cloud instances (VPC or VNET), regions, and accounts or subscriptions.

Click on a region or subnet to see its details. Filtering assets by service and by tags is also supported.
For more information about Amazon Virtual Private Cloud (VPC), see What is Amazon VPC?. For more information about Microsoft Azure Virtual Network (VNET), see What is Azure Virtual Network?
Views Screen for Flow Log Analysis

For AWS environments, navigate to Cloud Insights > Views to see your flow log activity. Cloud Insights metrics can be used to visualize change events and traffic flow over time by ingesting network flow logs. You can also access a more granular “stacked view” by resource depending on the metric you choose (see Flow Log Metrics for more information).
In addition to the timeline, Cloud Insights provides a traffic table in the area below the timeline. Filtering and grouping are also available.

Flow Log Metrics
Cloud Insights offers you two types of timeline view to enhance your flow log traffic analysis. For an overview of all flow log traffic, select any metric under Total View. For a segmented view of particular assets, select any metric under Stacked View.

The following flow log metrics are available under Cloud Insights Views:
Metric
View
Description
Total Throughput
Total
Sum of virtual network accepted actions for traffic going to or coming from outside your cloud environment. Limited to traffic going through the test ingress point at the cloud edge.
Rejected Throughput
Total
Sum of rejected total throughput.
Throughput Inbound
Stacked
Total traffic from the remote endpoint to the local endpoint of the connection.
Throughput Outbound
Stacked
Total traffic from the local endpoint to the remote endpoint of the connection.
Rejected Throughput Inbound
Stacked
Total rejected throughput from the remote endpoint to the local endpoint of the connection.
Rejected Throughput Outbound
Stacked
Total rejected throughput from the local endpoint to the remote endpoint of the connection.
Connections per second
Stacked
Sum of new TCP (Transmission Control Protocol) connections.
Rejected Connections per second
Stacked
Connections that were dropped due to policy enforcement.
Flows per second
Stacked
The rate at which network flows (sequences of packets with the same 5-tuple: source IP, destination IP, source port, destination port, protocol) are observed in the cloud environment, measured in flow log records per second.
Skipped Data (for AWS only)
Stacked
Flows that were dropped by AWS due to performance issues, unlike “rejected” that were dropped due to policy enforcement.
For Outside Cloud Throughput, see Cloud Layer.
Stacked View

The stacked view enables you to gain granular insights into cloud traffic patterns to better optimize performance and troubleshoot issues.
Use cases include:
Identifying resource-specific traffic bottlenecks: Pinpoint which cloud resources (e.g., instances, load balancers) contribute disproportionately to Total Throughput, indicating potential bottlenecks or overutilized assets.
Optimizing cloud resource utilization and costs: Analyze traffic distribution across resources to identify underutilized or overutilized assets, reducing cloud costs and improving efficiency.
Detecting anomalous traffic patterns: Identify unexpected throughput spikes or drops for specific resources, indicating potential security issues (e.g., DDoS attacks) or misconfigurations.
Capacity planning for multi-cloud environments: Forecast resource needs across your cloud environment by analyzing historical throughput trends per resource. Grouping by resource type (e.g., all Transit Gateways) or filtering by region (e.g., us-east-1) supports multi-cloud strategies.
Once you select a metric under Stacked View, the top five assets by throughput are displayed, plus the total. You can add or remove up to ten assets using the checkboxes in the table below the timeline, or remove assets using the checkboxes along the comparison legend below the timeline.
Hover over a time slice for information about the segmented traffic at that point in time.

You can further refine your view and table data by using filtering and grouping, described below.
Filtering and Grouping
Traffic views can be filtered by several dimensions, such as by cloud account/subscription, region, availability zone, VPC/VNET, and application, enabling flexible and contextual views of performance. Filter options are available for each local and remote resource. Local resources are where the flow logs are captured. Remote resources are where the flow logs are destined.
Filtering selections are available both above the timeline and below. Click on the ellipsis (...
) for additional options.

Table Tab
The Table tab displays a list of resources that meet the filter and grouping criteria specified just below the timeline. With the Table tab view you can:
Use the grouping and filter criteria to determine what is displayed.
Click on column headers to change the sort order.
Hover over a row to display more details about the row item.
Click the ellipsis (
...
) at the end of the row to filter based on the selected row item.

Events Tab
Cloud Insights tracks configuration change and operational scaling events and state changes across any element of the virtual infrastructure that serves your application. In addition to problematic infrastructure elements, a common cause for application downtime is changes made by an automated process or a live human. Monitoring change events not only allows you to determine what changed at what time, but also to correlate that change with application availability and other metrics.
To view change event metrics, select the Events tab beneath the chart.

A view of change events is also available in the Cloud layer of Network & App Synthetics > Views. Configuration changes and operational changes are colored on the topology view. Note that not all changes negatively impact applications and services.

Viewing Configuration Changes
You can view a diff of the change, before and after the change event occurred. To view a diff, select a row containing a configuration change from the Events table located below the timeline.

You can also use the Inventory screen to show the diff. Click on any row located under the Asset Name header.

Use the Events tab to track configuration changes and operational events due to adding or removing instances.
Map Tab
The Map tab groups cloud environment resources by region and displays them using a map visualization. Use the +
and -
buttons in the upper right to zoom in and zoom out, respectively. Hover over any item to display more details about the resource.

Network & App Synthetics Cloud Views
Cloud Insights are integrated with the Network & App Synthetics views both as a swimlane below the timeline showing configuration change and operational events, and as a traffic topology map.

Cloud Layer
The Cloud layer shows your cloud environment behind the Load Balancer that is serving your application. For AWS environments, this can also be the Global Accelerator. This view pulls in your cloud native inventory for the specific service, providing a logical service map of how your application is being served. You can use the traffic timeline to visualize how your application is distributed within your cloud provider networks.
The Cloud layer is available within Network & App Synthetics > Views. To navigate to the Cloud layer, click on the Cloud label to the left of the timeline. If you do not see a Cloud layer it means you have not configured a supported cloud provider integration, or you are not testing to a supported test target.

Available metrics for the Cloud layer timeline are Outside Cloud Throughput, Outside Rejected Throughput, Outside Connection Rate, Outside Rejected Connection Rate, and Event Count. You can choose to display any number of metrics at the same time.
Outside Cloud Throughput is traffic throughput to remote endpoints that are outside of your monitored cloud accounts or subscriptions (could be outside of the cloud or in the cloud but not monitored). For example, for an externally facing load-balancer the timeline displays how much traffic is entering the cloud and exiting the cloud through this load balancer over the given time period. You can use Outside Cloud Throughput to analyze relevant traffic and to determine if there is degradation of traffic to that node that could be causing a delay.
In this same vein, Outside Rejected Throughput is the total rejected throughput outside of the cloud environment, and Outside Connection Rate and Outside Rejected Connection Rate are the sum of new TCP connections (or dropped connections in the case of rejection) where the remote endpoint is outside of the cloud environment.
Cloud Layer Topology Tab
When the Cloud layer view is selected, the area below the timeline displays the traffic topology under the Topology tab, grouped into either regions or accounts for additional path context (see Topology Grouping below). The Topology tab offers two views, Service Configuration and Network and Security (currently, Network and Security is only available for AWS environments). The Service Configuration view shows resources that perform different functions and their configurations, such as load balancers and EC2 instances or virtual machines. The Network and Security view, available by clicking on any shield icon, shows how the different resources reach each other. This can include network interfaces and security groups.

Topology Grouping
Topology grouping allows you to view your network and application path structure in an organized and meaningful way. This helps you to understand service dependencies and traffic flows within specific geographic or organizational boundaries, making it easier to pinpoint issues and their impact on users in those groups.

By default, the nodes in your topology view are grouped by region. In the top right corner of the Topology tab, you can change the view to group by account, or to remove grouping for a more compact view.

Service Configuration View
The default view under the Topology tab is the Service Configuration view. Operational events are highlighted in blue while configuration change events are highlighted in green.

Searching in the Service Configuration View
You can use the search box to locate a specific resource by name. The Service Configuration view shows the found resource highlighted with other resources greyed out.

Network and Security View
If network and security information is available, a shield is shown on the line connecting two resources. To access the Network and Security view, click the shield icon.

The Network and Security view shows the paths traffic travels between the interfaces assigned to each resource. In addition to network interfaces, the Network and Security view also shows firewalls. You can use the Network and Security view to troubleshoot reachability issues along different network paths between resources.

Entry points can also be prefixed with interface and security group information. This is helpful for monitoring traffic passing through an outside-facing firewall.

Click on the shield icon for the Network and Security view.

To exit the Network and Security view, click on Service Configuration on the upper left corner of the Topology tab section.

Searching in the Network and Security Layer
When you search for a resource in the Service Configuration view that can only be displayed in the Network and Security view, shield icons where the resource can be viewed are highlighted.

Click on a highlighted shield to switch to the Network and Security view to view the found resource.

Note that resources can be repeated in the Network and Security view. In the example above, multiple shield icons are highlighted for the same interface. These are repetitions of the same interface shown in different path configurations.
AWS Topology
For AWS, the traffic topology tab shows what's behind the AWS Global Accelerator or Load Balancer that is serving your application. You can distinguish between traffic flow that originates outside AWS and is destined in AWS, originates and is destined in AWS, and originates in AWS and is destined outside AWS. This means that you can identify network blindspots in the context of where traffic originates and is destined. You can also see traffic flow size (bytes/sec) between each hierarchical AWS instance, e.g. AWS account, AWS region, VPC, AZ, Subnet, AWS instance, and AWS elastic network interface.

Cross-zone Availability
If you have cross-zone availability configured, these paths are shown in the Network and Security view under the Topology tab. The topology reflects what availability zones a load balancer is actually sending traffic across.



Even when a load balancer has two interfaces and cross-zone availability is off, the topology only shows the path configured for the same availability zone as the destination displayed in the topology. If your load balancer is not configured to cross zones, then the view will not show any traffic crossing zones.

Direct Connect
When you click on the shield next to a Direct Connect resource, the Network and Security View shows its configured VIFs (Virtual Interfaces).

Cloud Layer Events Tab
If any configuration change or operational events are selected in the traffic timeline, they will be listed in the Events tab underneath the timeline.

Click on any row to view details of the event. Configuration changes show a diff of the change that was made. Click on the blue Explore in AWS/Azure button above the diff to access the change in the relevant environment.

Cloud Layer Traffic Tab
Use the Traffic tab to view a detailed list of servers along with specific throughput metrics. This list can be grouped and filtered using the selection menus at the top of the list. This functions in the same way as the Cloud Insights Table tab.
Last updated