Network Insight offers outlier detection based on the metrics associated with the flows defined over the VMs and physical IP addresses. These VMs/IPs should have similar traffic patterns so that a classification of a particular VM/IP as an outlier is of value. For example, the VMs, which belong to the same tier of an application, generally perform the same function for the application, such as the VMs of an SQL database serving requests for a web application. For these kind of VMs, the number of requests received, the amount of traffic sent out, the session count, and so on go through a series of similar variations.
Through outlier detection, Network Insight enables you to detect a particular VM which might be experiencing very different traffic pattern compared to other VMs/IPs in the group. For example, if the VM is sending or receiving much higher/lower traffic compared to the rest of the group. It could be because of a wrongly configured load balancer, DDOS attack, and so on. Network Insight classifies such VMs/IPs as outliers. By looking at these outliers, the user easily knows about this unexpected behaviour and takes appropriate actions.