1. On the sidebar, click Analytics. Click Outlier.
  2. Click Add to add a configuration.
  3. In the Analytics/Configure page, provide the following details for the configuration:
    Table 1.




    Name of the configuration


    Name of the group that defines the VMs and the IPs for which the analysis needs to be done. You can select Application Tier or Security Group as the scope.

    If you select Application Tier, provide the name of the application and the tier separately. The number of VMs and Physical IPs that are defined for the tier is shown next to the name of the tier.

    If you select Security Group, provide the name of the Security Group.


    The current limit for the number of VMs and Physical IPs in a tier is 200. Choose a tier or a security group with VMs and Physical IPs less than this limit. The scope should also contain a minimum of 3 VMs/Physical IPs.

    You can view the micro segmentation for the selected configuration by clicking View Micro-Segments.

    Detection Type

    Currently, Network Insight enables you to detect the outlier in the system.


    The detection is based on this flow metric. You can select the following options:

    • Bytes

    • Packets

    • Sessions

    • Traffic Rate

    Traffic Direction

    You can select Outgoing, Incoming, or Both as the traffic direction. If you select Both, then you can specify Incoming or Outgoing in the preview of the configuration.

    Traffic Type

    You can select Internet, East-West, or All based on the requirement.

    Destination Ports

    You can either select all ports detected on the flows discovered on the selected scope or manually enter the destination ports of your choice. If you select All Ports, the number of the destination ports is shown. If you select Manually enter ports, then enter the ports in the autocomplete text box, the analysis would be restricted to only these ports


    The current limit for the number of ports is 20.


    It is a measure of the sensitivity of the detection and reporting that you require. The default value is Medium.


    This section provides a preview of the particular configuration based on the inputs and parameters that you have provided. Specify the ports and the traffic direction if you have selected Both for Traffic Direction before. You will be able to identify the outlier VM in the graph.

    • The outlier is detected by evaluating the data available in last 24 hours.

    • You need a continuous flow of IPFIX data to detect the outlier.

  4. Click Submit to create the analytics configuration.
  5. Once the application is created, it is available in the list view of the applications in the Analytics Configurations page. Click that particular application to see a dashboard associated with it.