The default view shown in the NSX Intelligence home page is the Groups view. A Groups view displays all the groups and the traffic flows that occurred in the last one hour.

View Selection

If you are not seeing the Groups view, click the down arrow next to the Computes label in the Security view selection area and select Groups. In the drop-down menu displayed, you can select All Groups or specific groups from the list, and then click Apply.

Use the Search text box to filter the list of available groups. If you click away from the selection drop-down menu without making any selection or if you select All Groups in the drop-down menu, the All Groups menu item is applied to the Groups view.

Nodes in a Groups View

A node in a Groups view represents a group of NSX compute entities (such as VMs, physical servers, and IP addresses) or a group of uncategorized VMs in your NSX-T Data Center inventory. The Groups view also includes nodes that represent entities that communicated with members of the groups, but are not part of your NSX-T Data Center inventory. The following screenshot is a sample of a Groups view.
Groups view in the Plan and Troublshoot UI. Surrounding text explains what one sees in Groups view.

The following table lists the types of group nodes you can see in the Groups view.

Type of Group Node



Regular Group

A Regular Group node in the NSX Intelligence visualization graph represents any collection of compute entities managed in your NSX-T Data Center environment. The NSX Intelligence graph supports regular groups with compute entities that include VMs, physical servers, IP addresses, or a combination of those entities. An NSX entity can belong to more than one group and can appear in more than one regular group node.

Uncategorized Group

An Uncategorized Group node represents a collection of compute NSX entities that do not belong to any group, but not in the NSX-T Data Center inventory.

Unknown Group

An Unknown Group node represents a set of miscellaneous compute entities that are not in the NSX-T Data Center inventory, but are within the data center, and are communicating to one or more NSX entities in NSX-T Data Center.

Public IPs Group

A Public IPs Group node represents a collection of public IP addresses (IPv4 or IPv6) that are communicating to NSX objects in your NSX-T Data Center. Any IP address that does not belong to any of the CIDR notations listed in the Private IP Range Settings for NSX Intelligence is classified as a public IP address.

Node Size and Color

The size of a node in the Groups view is based on the number of members belonging to that group. The bigger the size of a group node, the more compute entities belong to that group. The group name and its total number of members are displayed above the node.

The color of the node border indicates the types of traffic flows that have occurred with the compute entities belonging to that group.

Type of Group Node


A group node with a red-hued border indicates that at least one unprotected traffic flow was detected, regardless of the number of blocked or allowed flows that were detected during the selected time period.

A blue-hued border on a node means that no unprotected traffic flows were detected, but at least one blocked flow was detected, regardless of how many allowed flows were detected during the selected time period.

A node with a green-hued border indicates that there were no unprotected or blocked flows detected during the selected time period, and at least one allowed flow was detected.

A node with a gray-hued border means that during the selected time period there were no traffic flows detected for the compute entities belonging to that group.

Arrows in a Groups View

The arrows between the group nodes represent the traffic flows that have occurred during the selected time period between the compute entities in those connected group nodes. A self-referencing arrow on a group node indicates that at least one compute entity was communicating with another compute entity within that same group. See Working with Traffic Flows for more information.

Clusters of Group Nodes

If 100 or more group nodes and 1,000 or more traffic flows must be displayed, the NSX Intelligence graph displays the group nodes into clusters. These group clusters are based on the connectivity between compute entities in those groups during the selected time period. With group clustering, you can have a high-level view of the activities in your NSX-T Data Center environment during that selected time period.

The following screenshot gives an example of a groups cluster visualization. The colors of the nodes correspond to the types of traffic flows that occurred with those groups during the selected time period. Groups that did not have any members communicating with members of any other groups during the selected time period are placed together in a separate group cluster.
Screenshot of a groups cluster view. Feature is described in the surrounding text.

Pointing to a specific group cluster displays a number above the cluster area. This number indicates how many groups there are in that particular cluster visualization. To view more details about a specific cluster and the groups that are part of that cluster, zoom in the graph. As you zoom in closer to the nodes and arrows, the group and traffic flow details become more visible and easier to select. You can also apply filters to narrow the groups that are displayed in the visualization graph.

Node Selection in Groups View

When you point to a group node, information about that group is displayed, as shown in the following example for the group UbuntuVMGroup. If the group was added during the selected time period, a green New badge icon and the details of when the group was created are displayed. The total number of flows and the number and types of flows detected during the selected time period are listed. If there are any, the number of recommendations available for the group are also displayed.
Popup window that shows info about the group being pointed at. The image is described by surrounding content.
When you click a group node, a dashed circle marks the selection as a pinned group node. The other groups that are connected to the selected group node are also made more prominent in the view. All other nodes become dimmed. For example, in the following screenshot, the UbuntuVMGroup node is selected and becomes the pinned group node. The Uncategorized Computes group shared at least one traffic flow with at least one UbuntuVMGroup member during the selected time period and so it is also made prominent. All the other groups that did not communicate with UbuntuVMGroup are dimmed in the view.
Image of a pinned group node and nodes connected to it. Description is described in the surrounding content.

To clear the pinned selection, click any empty area of the visualization canvas.

If you zoom out of the Groups view and the details on the nodes are no longer visible, point to any visible part of a node to display the details.

Available Actions in the Groups View

A contextual menu of available actions or information is displayed when you right-click a group's node, as illustrated in the following image.

  • Selecting Deep Dive:Group_Name surrounds the selected group's node with a dashed circle to mark it as the pinned group node or the current group in focus. The compute entities that belong to the group are shown inside the group's node. All the groups that had traffic flows with the pinned group's members during the selected time period are also placed in the Groups view. In the following example, Windows7-group node is the pinned group. The other groups are in the view because their members had network traffic flows with the single VM in group Windows7-group during the selected time period.

  • When you select Filter By, the current group is added to the visualization filter that is used for the current Groups view.

  • When you select Recommendations, the table of available recommendations for the current group is displayed. From that Recommendations table, you can view the recommendation details and perform the available actions. See Working with NSX Intelligence Recommendations for more information.

  • Selecting Members displays a table of all the compute entities that belonged to the current pinned group during the selected time period. From that Members table, you can see the details about the VMs, IP addresses, and physical servers that belong to the selected group and the other groups to which each compute entity also belongs. To add a specific VM, IP address, or physical server to the current visualization filter, click the filter icon on the right.

  • When you select Flow Details, the Flow Details of a Group dialog box displays a table for the currently selected group. The table shows details about the flows that have completed and the flows that were active during the selected time period. See Working with Traffic Flows for more information.

  • Selecting Start Recommendation displays the Start New Recommendation wizard that assists you with generating a new micro-segmentation rule recommendation. See Generate a New NSX Intelligence Recommendation for details.