Procedure
- On the sidebar, click Analytics. Click Outlier.
- Click Add to add a configuration.
- In the Analytics/Configure page, provide the following details for the configuration:
Table 1. Field Description Name Name of the configuration Scope Name of the group that defines the VMs and the IPs for which the analysis needs to be done. You can select Application Tier or Security Group as the scope. If you select Application Tier, provide the name of the application and the tier separately. The number of VMs and Physical IPs that are defined for the tier is shown next to the name of the tier.
If you select Security Group, provide the name of the Security Group.
Note: The current limit for the number of VMs and Physical IPs in a tier is 200. Choose a tier or a security group with VMs and Physical IPs less than this limit. The scope should also contain a minimum of 3 VMs/Physical IPs.You can view the micro segmentation for the selected configuration by clicking View Micro-Segments.
Detection Type Currently, vRealize Network Insight enables you to detect the outlier in the system. Metric The detection is based on this flow metric. You can select the following options: - Bytes
- Packets
- Sessions
- Traffic Rate
Traffic Direction You can select Outgoing, Incoming, or Both as the traffic direction. If you select Both, then you can specify Incoming or Outgoing in the preview of the configuration. Traffic Type You can select Internet, East-West, or All based on the requirement. Destination Ports You can either select all ports detected on the flows discovered on the selected scope or manually enter the destination ports of your choice. If you select All Ports, the number of the destination ports is shown. If you select Manually enter ports, then enter the ports in the autocomplete text box, the analysis would be restricted to only these ports Note: The current limit for the number of ports is 20.Sensitivity It is a measure of the sensitivity of the detection and reporting that you require. The default value is Medium. Preview This section provides a preview of the particular configuration based on the inputs and parameters that you have provided. Specify the ports and the traffic direction if you have selected Both for Traffic Direction before. You will be able to identify the outlier VM in the graph. Note:- The outlier is detected by evaluating the data available in last 24 hours.
- You need a continuous flow of IPFIX data to detect the outlier.
- Click Submit to create the analytics configuration.
- Once the application is created, it is available in the list view of the applications in the Analytics Configurations page. Click that particular application to see a dashboard associated with it.