We are excited to release a new Kentik AI feature called “Cause Analysis," part of our core Traffic Analysis portfolio. Designed to help network engineers more quickly understand the underlying network traffic contributing to network anomalies, this new interactive feature in Data Explorer uses data mining, AI, and Kentik's industry-leading context enrichment to instantly identify the most relevant and contributing factors (dimensions) of network traffic within a given time frame. It reduces the amount of time it takes to investigate sudden traffic changes, like spikes, increases and drops in relatively short time frames.

Our goal is to make it easier and faster for our users to quickly understand the most important characteristics of the traffic contributing to a change, like application, IP addresses or prefixes, ASNs or public cloud services. This analysis is done automatically upon user request without needing to select any flow dimensions in the Kentik Data Explorer and without expert level knowledge in traffic analysis. The results can easily guide a user to understand the cause of traffic changes and anomalies and to take appropriate further actions.

This feature is available for companies that have enabled Kentik AI.

Cause Analysis in Data Explorer

Cause Analysis in Data Explorer supports three user workflows:

Traffic analysis - to find the most contributing traffic dimensions in a single time selection window

In this workflow, a user is able to select a single time window on the graph and to invoke Cause Analysis. Currently the time window is limited to 2 hours.

The results of the analysis will be shown below the chart in an additional tab named “Cause Analysis” which will emphasize the most contributing factors on the traffic during the selected time window. A Kentik AI summary of the results is provided at the top of the panel. The lower part of the panel shows numerical results presented in a hierarchical table, which are produced by Kentik’s data mining algorithms.

The values of traffic rate and the percentages in this table are estimates and not the completely exact values. The intention of this feature is to efficiently emphasize the most contributing dimensions to help answer the question "what happened?".

The analysis considers selected traffic metric, e.g. Bits/sec, Packets/sec or Flows/sec.

Traffic comparison analysis - to find changes in traffic patterns between two selected time windows

In this workflow, a user is able to select two time windows on the graph and to invoke Cause Analysis, which will then show the most contributing factors to the traffic increase. This helps users quickly answer the question "what changed?" The system will first compare the two selected windows based on average traffic volume. Based on the results, it will further compare the window with lower average traffic to the window with higher average traffic, emphasizing which type of traffic significantly contributed to the increase. With this approach, it is irrelevant which time window will be selected first.

The results of the analysis will be shown below the chart in the tab called “Cause Analysis”. Kentik AI’s summary of the results is provided at the top of the panel. The lower part of the panel shows numerical results presented in a hierarchical table, which are produced by Kentik’s data mining algorithms.

Automatic detection and analysis of traffic changes

In this workflow, the system will automatically analyze time series results in Data Explorer and look for significant changes in the traffic that might be interesting to the customer. Those significant changes can be spikes, drops or sudden increases and decreases in traffic. On these changes, Kentik AI will perform analysis of the traffic difference before and after the change, trying to pinpoint which traffic contributed to the increase or decrease.

The workflow starts when a user clicks the button “Analyze” at the top of the time series chart or at the bottom of the query panel.

• The system will try to detect the most significant 5 changes (configurable)
• These changes will be marked in the chart
• The “Cause Analysis” panel below the chart will list the changes with the relevant details: type of the change, average traffic metric of the change and time of the change point.
• An AI summary of the change will be provided in the summary section
• Each change can be further visually expanded to show numerical results presented in the hierarchical table, which are results of Kentik’s data mining algorithms.

Cause Analysis in Kentik Insights

With this first release, Cause Analysis is also being integrated into the Device Traffic Increase Insight. The Insight is enriched with valuable information of the most contributing factors to the device traffic increase.

The system will automatically determine when the traffic increase started and perform analysis of traffic differences between traffic before increase and during detected increase. The results are presented below the time-series chart with a Kentik AI summary of the results and the relevant details. This information can help users determine what is a likely cause of such traffic increase on the particular device.

As always, we welcome your feedback as you start to use this new feature. Please reach out with any questions, concerns or feedback.