Many enterprises and businesses are looking to integrate AI agents together to standardize workflows and front ends. To help customers achieve that goal and make Kentik data more accessible to other workflows, Kentik AI Advisor now supports the Model Context Protocol (MCP), enabling seamless integration with AI agents and development frameworks like Claude Desktop, GitHub Copilot, and others.

What is MCP?

The Model Context Protocol is an emerging industry standard for AI agent access to data and interaction with external systems. It's supported by all major AI agents and development frameworks, making it easy to extend AI capabilities with specialized tools and data sources.

Key Benefits

• Standardized Integration - MCP is becoming the industry standard for AI agent integrations, ensuring broad compatibility and future-proofing your workflows
• Plug & Play Simplicity - Integrate AI Advisor into your existing AI agents and workflows without complex API implementations
• Multi-turn Conversations - Full support for contextual follow-up questions and session management, enabling natural back-and-forth interactions
• Real-time Progress - See AI Advisor's reasoning process in real-time as it analyzes your network

How It Works

The Kentik-hosted MCP server provides tools that enable AI assistants to:

• Ask natural language questions about your network
• Maintain conversation context across multiple questions
• Review full conversation history from any session

Simply configure your MCP-compatible AI agent with your Kentik API credentials and the MCP endpoint:

US Cluster: https://api.kentik.com/mcp
EU Cluster: https://api.kentik.eu/mcp

Required HTTP Headers:

• X-CH-Auth-Email: email@company.com
• X-CH-Auth-API-Token: api-token

Available Tools

The MCP server exposes three core tools:

1. ask_question - Submit a new question to AI Advisor
2. ask_followup - Continue a conversation with follow-up questions
3. get_session_history - Retrieve full conversation history

Example Use Cases

Network questions show up everywhere: incident channels, postmortems, capacity reviews, security investigations. Here are some common ways AI Advisor MCP can help you integrate network intelligence into other places:

• Network Operations - Integrate AI Advisor into your NOC workflows and automation tools
• Custom Dashboards - Build custom interfaces that leverage AI Advisor's intelligence
• Development Workflows - Use AI Advisor directly from your IDE with Claude Code or GitHub Copilot
• Slack Bots - Create custom Slack integrations for team collaboration

Getting Started

Check out our Knowledge Base documentation for detailed setup instructions, including:

• Configuration examples for Claude Desktop, GitHub Copilot, and other MCP clients
• Authentication setup
• Best practices and troubleshooting tips

Questions or feedback? Reach out to your Kentik account team or contact support.

One of the most common steps in investigating a network issue is validating connectivity from the right vantage point—checking whether a destination is reachable, measuring latency or packet loss, and identifying where traffic may be breaking down along the path. Traditionally, that means switching tools to run ping or traceroute, then manually bringing those results back into the troubleshooting process.

With On-demand Connectivity Test, AI Advisor can perform that step for you directly from a Kentik Universal Agent. This keeps the investigation in one place, reduces context switching, and adds another source of real-time diagnostic data that AI Advisor can use alongside other telemetry as it reasons through the problem.

What It Does

The Connectivity Test tool provides Ping and Traceroute diagnostics directly from your private Universal Agents through AI Advisor's conversational interface:

• Ping: Test device connectivity, measure latency, and detect packet loss
• Traceroute: Identify network bottlenecks, points of failure, or routing loops
• Private vantage points: Run tests from your own network locations where Universal Agents are deployed

How to Get Started

Prerequisites:

1. Deploy at least one Universal Agent (Settings » Universal Agents)
2. Install the Connectivity Test capability on the agent:
   • Open the Agent Details drawer
   • Under Capabilities » Available, click Install next to Connectivity Test

Once installed, AI Advisor automatically detects available agents and includes them in its system context (agent names, site locations, etc.).

How to Use It

Simply ask AI Advisor in natural language to test the connectivity to the destinations of interest.

Here are example prompts:

• Test the connectivity to device ABC1
• Ping 8.8.8.8 with 5 packets
• Traceroute to 147.91.1.120
• Check if we can reach our DNS server from the Boston office
• Run a traceroute from our London agent to 1.1.1.1

AI Advisor will:

1. Select the appropriate Universal Agent(s)
2. Execute the ping or traceroute test
3. Display results with success/failure indicators
4. Interpret ICMP responses and provide actionable insights

Key Benefits

On-Demand Connectivity Tests help teams investigate issues more efficiently by combining real-time diagnostics with the broader network context already available in AI Advisor. Because these diagnostics run inside AI Advisor and remain part of the investigation, they can improve both the speed and quality of troubleshooting in several ways:

• Context-aware: AI Advisor knows your agent locations and can suggest the best vantage point
• Conversational troubleshooting: No need to SSH into servers or use separate tools
• Multi-agent support: Can run tests from multiple agents simultaneously for comparison
• Integrated analysis: Correlate connectivity results with flow data, metrics, alerts, and other telemetry
• Faster MTTR: Quickly validate reachability during incident investigations

Ready to try it? Quickly install Universal Agent's Connectivity Test and start testing with AI Advisor!

As we've noticed, almost every time a table with data inside is displayed within Kentik Portal, it invariably takes no time before our users ask for it to be downloadable in a CSV format.
Additionally, AI Advisor very often displays results in a table format, because it is one of the most legible ways for our users to efficiently parse that data.

Hence, we've taught AI Advisor to display a Download CSV action button with any and every data table it displays.
This could be the end of the product announcement, but read on, it gets even more interesting.

Spreadsheets, day in to day out

If you work in the computer or networking industry, you can certainly confirm first hand that one of the most routine tasks we all end up performing every day is some variant of this sequence of actions:

1. Get some data from a SaaS tool
2. Download said data
   1. If you're lucky and the tool has the capability, export to CSV/XLSX
   2. If you're not copy it from the browser into a spreadsheet (comes with the customary prayer that it will format fine through pasting)
3. Massage the data to make it presentable to an audience

Rinse and repeat, all day every day including weekends.

Enter AI Advisor

As we are all making more and more room for AI Advisor to boost productivity, the aforementioned loop gets less taxing, thanks to this new Download CSV button mentioned earlier. Just take a look at the example below where I'm asking AI Advisor to give me a list of the top inbound ASN to my network by traffic:

We could call it a day and close the product announcement here, but I really wanted to make it worth your read here, so bear with for another paragraph, will you?

Cranking it up a notch

As mentioned earlier, there's always some amount of massaging you'll want to do on tabular data before presenting it to someone else.
The previous example is no exception. Right now I'm getting a table with the following columns 1) rank 2) AS Name, 3) Avg Traffic.

What if I wanted to:

• display the ASN registration country in its own column for further filtering, and in a way that's human readable
• add a link on each row to the peeringDB record for each network (arcane knowledge, you can reach the PeeringDB page of any ASN via this URL format: https://peeringdb.com/asn/ )

Let's go.

I know, you're welcome 😉

Not so long ago, we released an update to Kentik Portal's Search Engine that gave it AI Superpowers. Since then, the Search Engine has been able to point users to any screen in Kentik Portal based on any question pertaining to a task they want to perform, such as "Where can I track my IP Transit spend?" or "How can I monitor my backbone link capacity?". In order to deliver this feature we've built an AI module that feeds off a complete SiteMap of the Portal and knows what each module on any URL does, and what its entry pointer in the Knowledge Base is.

We've extended this feature to our beloved AI Advisor for it to gain new abilities, read on.

"AI Advisor, please help!"

Given our ever-increasing product surface, we wanted to make it easier for new users to hit the ground running. Often, someone will make a note of certain portal functionalities during a trial period that they will want to implement later in their deployment of the product, but forget where in the Kentik Portal it exists or how to implement them. This usually results in getting to the outcomes you want slower.

Sometimes, a user will need to dig into how a certain computation is made, or why Kentik Portal is making specific determinations.

This is where this feature shines: on any screen in Kentik Portal, you can now ask AI Advisor to explain to you how a certain screen works, just as how you would ask your Customer Success advisor.
AI Advisor will then fetch the relevant data from the SiteMap, link it to relevant Knowledge Base article and give you a crash course on how the screen you're currently looking at works. Basically, you can ask Kentik to explain how it works. We believe that this will significantly help with the timeliness to answer to our user's question about the product, and more durably unblock them in the pursuit of operating their infrastructure with our platform.

As you will discover in the examples that follow, contrary to a lot of AI Assistants, AI Advisor just does not dump help links on the user. It answers in precise, summarized terms to questions related to functionality and how it works under the hood.

A simple example with Connectivity Costs

As you can see in the screenshot below, AI Advisor now includes the additional step in its reasoning to summon the SiteMap tool

Landing on a screen and asking what it does and how it works is now a trivial operation, for instance on the Connectivity Costs workflow screen:

...leading to a follow-up conversation of how it works:

Another example, this time with Kentik Market Intelligence

Another example, directly taken from the Kentik Market Intelligence page, as it is one of our more niche products - expectedly not all users are fully aware of what marvels it performs

... where a follow-up interaction would most likely be around "How do we establish a score to rank networks against each others", again successfully clarified by AI Advisor

...which begs the follow-up question around the different Retail, Wholesale and Backbone types of scores, for which AI Advisor will even compose an explanatory diagram on the fly:

AI Advisor gets smarter every day, so don't be shy, ask it anything !

These examples are all but a tiny fraction of how AI Advisor can supercharge your life of managing infrastructure -- and we're adding new capabilities to it every day.
This is the simplest, most straightforward way for you to start on the journey to faster results and outcomes from Kentik: next time, right before you contact our amazing Customer Success team of advisors, give AI Advisor a prompt and see what it answers, you may be surprised ;)

As a network intelligence platform, one of the areas that we often try to help customers understand is their flow volume. Sampling is a critical part of that calculation, as it affects your data resolution and how confidently you can slice and dice the data to make decisions. Our flow-based pricing model is setup to protect you, the customer, from getting penalized for traffic spikes that might take you over your plan's Max FPS. After speaking with many users, we found that Kentik needed to provide more transparency when sampling was happening, so that you can adjust device sampling, pak size, and maintain the level of data accuracy that you expect in Kentik. 

As we made changes to the product, primarily as part of the Licenses page where your plans are laid out, we also included some updates to:

a) Flow Licenses - to show you which plans (FlowPak, CloudPak, DevicePak) have significant downsampling, potentially due to device configuration or under-licensing

b) NMS Licenses - to more clearly reflect your device counts and limits

c) Device Flow and Downsampling indicators - to allow you to filter and view devices that may be sending more flow than you expect, or to use AI Advisor to identify and suggest remediations

d) Cloud FPS and Sampling configuration - to allow you to view raw FPS in your cloud environment before Kentik-configured sampling

Understanding your Licenses

You'll notice a few changes to your Licenses page for Traffic plans (FlowPak, DevicePak), CloudPak plans, and NMS (NPak). Firstly, we wanted to provide more visibility to downsampled devices. This includes links to the Devices page with the relevant devices highlighted.

Secondly, we wanted to provide a better understanding of sampling ratios and FPS measures, especially for AWS & Azure cloud exports that support an additional export-configured sampling. We included similar graphs for Traffic FlowPaks as below, to show the trend of received FPS and stored FPS over time. These underlying metrics are also available in Metrics Explorer under /kentik/licensing/flow measurements.

Finally, we wanted to clearly show which NMS devices were onboarded as Full-monitor Devices vs. ICMP-only, so that you can clearly track your device counts as you onboard and grow your network. 

Don't double-downsample Devices

We also wanted to extend this transparency within the Licenses page to other parts of the Kentik product by surfacing the same FPS indicators and flow telemetry. We added additional filters to the Devices table and Flow status indicators, in addition to also supporting this same context in AI Advisor.

We also added more of this data in the Telemetry tab for the device, including a historical view of received FPS and stored FPS for the past 30 days.

That's a lot of Cloud flow

Understanding flow volume in your Cloud environment is a consistent pain point, so we wanted to add additional visibility there, too. Now, as part of your Public Clouds settings, you can see a breakdown of flow volumes across the various cloud exports that you have configured. Kentik supports customizable sampling ratios for AWS & Azure cloud exports, allowing you to adjust the number of flows that you send to Kentik for storage. (While GCP & OCI support sampling natively, we also surface your configured sampling ratios in the export table.)

We hope that this added visibility enables you to maintain the level of data accuracy that you desire in Kentik as your network traffic grows! As always, please don't hesitate to reach out to us to provide feedback anytime.

To create a more seamless Kentik experience and more tightly integrate Kentik into your network operations workflows, we are pleased to announce Kentik's AI Advisor REST API is now available. This provides programmatic access to AI Advisor investigations, allowing you to integrate AI Advisor directly into your enterprise AI Agents, chatbots, and other automation workflows.

The AI Advisor REST API provides programmatic access to the same advanced network analysis capabilities available in the Kentik portal, allowing you to ask natural language questions and receive AI Advisor's insights through a simple, asynchronous REST interface

What is AI Advisor REST API?

AI Advisor REST API gives you programmatic access to Kentik's network intelligence agent, enabling you to:

• Ask questions in natural language about your network operations, device health, traffic patterns, and performance
• Maintain conversational context across multi-turn chat sessions for deeper analysis
• Receive markdown-formatted responses with transparent reasoning and actionable insights

Common Use Cases

• ITSM Integration: Connect AI Advisor to ServiceNow, Jira, or other ticketing systems for automated network analysis
• Automated Workflows: Trigger network analysis from alerting systems or scheduled jobs for reporting
• Chatbot Integration: Interact with AI Advisor in your favorite chat application
• AI Agents Integration: Extend your enterprise AI agent with AI Advisor's capabilities

API Endpoints

• POST /ai_advisor/v202511/chat - Create new session with initial prompt
• GET /ai_advisor/v202511/chat/{id} - Retrieve session status and results
• PUT /ai_advisor/v202511/chat - Add follow-up questions to existing session

Authentication & Access

The AI Advisor REST API uses standard Kentik API authentication with email and API token headers. All Admin and Member users with AI Advisor access can use the API.

Get Started Today

Ready to integrate AI-powered network intelligence into your workflows? Check out our comprehensive documentation:

• AI Advisor REST API Documentation - Complete API guide with examples
• OpenAPI Specification - Full API schema
• AI Advisor Overview - Learn about AI Advisor capabilities

Have questions? Contact your Kentik account team or reach out to support@kentik.com.

CDN Analytics is one of the most valued features in our platform, and for good reason. With 75% to 85% of a broadband ISP’s inbound traffic routinely being carried by just five major CDNs, understanding CDN-originated traffic is critical for managing subscriber performance and network capacity.

However, CDNs vary widely in how they operate. They range from massive commercial entities to single-purpose networks built exclusively for content providers (like Netflix’s Open Connect, Facebook's Network Appliances, or Google Global Caches). Because of this complexity, automatically enriching traffic data based on its true CDN origin is both an art and a science. It requires a smart detection engine – the core of our True Origin technology – that keeps evolving.

Additionally, the relationship between a broadband ISP and a CDN often extends beyond standard interconnection agreements, particularly when CDNs offer Cache Embedding programs. When caching appliances are co-located in the ISP's last mile, the ISP needs to verify the ROI: measuring the efficiency of that last-mile caching against the real-world costs of hosting, cooling, and powering the hardware.

Today, our detection engine grows again to help support these use cases. We are adding detection for Edgevana and Valve to our CDN Analytics, bringing our list of detected commercial and purpose-built CDNs to 65!

Let’s double-click into what this means for your network.

How does Kentik's True Origin CDN detection engine work?

The theoretical bits are somewhat trivial: flow telemetry comes in with source and destination IPs, which we map in real time to source or destination CDNs to enrich flow records we ingest. For this to be possible, our CDN Detection Engine constantly maintains a list of CDN-to-IP mappings behind the scenes. This list leverages a number of datasets:

• Multiple passive DNS datasets
• Our customer's real-time DNS data feeds 
• Routing registry data for prefixes originated by CDN ASNs
• Interface classification-based detection of 'Embedded Cache' type interfaces
• Configuration inputs from our customers declaratively adding Embedded Caches

This data is parsed every day using a set of heuristics, and allows Kentik to generate a unique and very accurate data set of IP-to-CDN mappings that include 1) IPs for servers in each CDN's infrastructure, and 2) last-mile-embedded servers in the broadband ISPs of both customers and non-customers. 

Leveraging Passive DNS data feeds and Interface Classification, setup for our customers is kept minimal as most of the embedded caches in their network will be automatically detected. In case they are not (one example is when these servers are behind a 3rd party router that's not registered with Kentik), a config interface allows them to statically declare them. 

What happens when we add a new CDN to our detection engine?

Train the detection engine on CNAMEs

This basically means that we feed it with patterns to look for in terms of unique CNAMEs to be crawled in our set of passive DNS data-feeds. We're talking about the *.akamaized.net or `*.fastly.net` well-known CNAME patterns that CDN customers use to link their own domain names in order for these CDNs to serve.
This data is further fed to the engine via our OTT DNS Taps, since it taps the DNS queries upstream of your subscribers.

Wire the ASN-to-CDN mappings using Routing Registries

The other trivial source of data is the ASNs that a given CDN uses to run their infrastructure on: all prefixes originated by these ASNs is turned in to CDN-to-IP mappings. For instance Akamai is well known to operate AS20940, but they have successively acquired other companies such as Prolexic, Instart Logic, Linode ...and not all of their associated ASNs are used to deliver CDN traffic to users. In the same vein, Netflix is publicly known to operate the Open Connect cache network both at IXes on their own servers via AS2906, but also via embedded caches on AS40027. This updated list gets parsed every day and adds to the IP-to-CDN mappings from the day before.

We also add metadata to all CDN entries in the engine's directory service, so that we can present users with added context for a given CDN – such as:

• The public logo of the CDN to embellish the CDN's detail page
• CDN type – are they a Commercial CDN, a purpose-build content CDN, or a Cloud Provider
• What their associated ASNs are and PeeringDB entries are
• Do they run an Embedded Cache Program (such as Netflix's OCA, Facebook's FNA, Google's GGC, Akamai's AANP, Apple's AEC...) and store the link to these individual initiatives web pages

Here's what the /service-provider/cdn/Valve details page looks like:

Wire the detection engine to Interface Classification

For the CDNs running an Embedded Cache Program, we built our engine to be able to detect as many of the IPs corresponding to these cache servers, even when they are in your own last-mile network and not directly hosted in the CDNs ASNs.

One of the ways our engine detects this is it looks at SNMP interface data from your Network Devices and inspects those with an Embedded Cache Connectivity Type. For those, the engine takes the IP subnet the interface is on, and if able to match a CDN from the interface description or the Provider Interface Classification field, assigns an additional IP-to-CDN Mapping.

In the CDN Analytics > Config section of the portal, you can see which ones are automatically detected (updates once a day) as depicted below:

Add means for users to self-declare IP CIDRs to CDN Mappings

Some Content CDNs (aka purpose-built) that run a last-mile Cache Embedding program have been known to provide a router to the broadband ISP in addition to the caches. The CDN in this case retains admin control over this router, which in turn cannot be registered with Kentik.

The consequence is that Embedded Cache interfaces cannot be auto detected since they're located on a device not registered in Kentik. In this case, users from the ISP will want to declare the CIDR space used to number the caches manually, which they can do in the Additional Embedded Caches tab of the CDN configuration workflow.

When adding a new CDN with a last-mile Embedded Cache program, we ensure that it is added to the manual addition config screen for users to start entering their static mappings.  

The following Cache Embedding CDNs are currently covered: Akamai, Amazon, Apple, Azion (Brazil), Baishan Cloud, ByteDance (tiktok), CDN77, Cloudflare, Edgevana, Facebook, G-Core, Globo, Google, i3D, Izzi, Limelight, Lumen/Level(3), Azure, Netflix, Netskrt, Quantil/China NetCenter, Qwilt, Valve.

As a result, the IP-to-CDN mappings resulting from this configuration form will be added to the daily mechanism that generates the global CDN-to-IP mappings.

Adding a CDN Offload widget to the landing page

While last-mile Cache Embedding provides many benefits to the broadband ISP, they also come with an operational cost around rack space, power, and cooling. Because of this, the embedding broadband ISP will often want to be able to measure the benefits for each embedding CDN to continuously justify the decision to embed.

The key metric for the main benefit is called offload: offload is a ratio between how much traffic is delivered to the subscribers from the cache vs. how much traffic is delivered to the subscribers in total – from a cache or from outside of the network. This Offload Ratio is commonly measured as a percentage. Traditionally, CDNs that transport a constantly growing long tail of user-generated content tend to have lower Offload Ratios (as popular content is competing for the discreet storage space offered by the embedded appliances). Conversely, CDNs with a fixed catalog (Netflix being a prime example, as the size of their catalog being somewhat fixed at all times) can achieve very high offload for a little cache footprint.

Note: there are subtleties between CDNs as to how we compute the Offload ratio. While we usually run these computations at peak time, because offload makes the most sense when traffic is at its highest, cases like Netflix Open Connect are different because the peak for inbound traffic happens when the caches fill themselves at night instead of during the delivery peak.

Users can enable/disable any Embedding CDN widget on the CDN Analytics landing page via the config screen, here's what it looks like:

And here's what a fully furnished landing page with offload widgets can look like:

Even better, all those independent widgets lead to a dashboard that will precisely let users figure out what the traffic patterns are for the caches when it comes to offload and will display all the following types of cache traffic:

• OffNet to Subscribers (aka longtail)
• OnNet to Subscribers (aka last-mile delivery)
• Cache to Cache Fill Traffic
• OffNet Cache Fill traffic

We hope you enjoyed this walk through on the internals of our CDN detection system. If you have any questions about it, please let Kentik's Product Team know, as we heavily count on your inputs to add new CDNs or new capabilities to the workflow as our CDN detection engine gets smarter and smarter!

For several years, kprobe has served as a flexible bridge for our community, providing deep host-level visibility and DNS insights. However, the requirements for modern network observability are changing. To ensure our customers are equipped with our latest innovations and highest-performance capabilities, we have officially sunset kprobe as we consolidate our engineering focus onto the Kentik Universal Agent.

This transition is about more than just a tool change; it is about providing you with a unified, high-performance foundation for the next decade of networking. We recommend all users begin transitioning to these supported alternatives to stay aligned with Kentik’s innovation roadmap.

Unlocking the Next Generation of Innovation

Maintaining disparate legacy agents limits the speed at which we can deliver value. By centralizing our development on the Universal Agent, we are creating a streamlined control plane that enables us to roll out new capabilities from advanced metadata enrichment to UI-driven orchestration, at a much faster cadence. This move ensures you are always running on our most secure, platform-agnostic, and performant code base.

The Path to Modern Observability

1. High-Performance DNS & OTT Insights

For those utilizing kprobe for DNS performance or OTT traffic mapping, the Kentik Universal Agent is your direct path forward. Our recently released DNS Tap capability is now live, purpose-built to replace kprobe’s DNS-tapping functions with higher throughput. By mapping DNS queries directly to hostnames, it provides the deep service context required for modern OTT visibility without the CPU overhead of legacy packet processing.

2. Standardized Host Flow & System Visibility

For general host-flow export and system-mode visibility, we recommend the industry-standard hsflowd. As a mature, widely adopted open-source project, hsflowd provides excellent cross-platform support and is the ideal choice for users who prioritize open-source consistency for general host metrics.

A Strategic Shift in Application Visibility
As the industry moves toward pervasive encryption (TLS 1.3), traditional application-layer packet decoding such as kprobe’s legacy HTTP decodes has become less effective for modern, secure environments. Kentik’s strategy is evolving to focus on high-scale transport-layer visibility and cloud-native insights. For specialized use cases requiring deep, unencrypted HTTP packet analysis, we recommend leveraging dedicated APM or specialized DPI tools that complement Kentik’s network-wide observability.

Timeline & Support

• Status: kprobe is officially deprecated as of today.
• Repositories: The GitHub repository has been moved to an "Archived" state.
• Support: While traffic processing and query results will remain working without any intended interruption standalone agents deprecated such as kprobe will receive limited to no new software updates. Plan your migration today. 

Ready to access the latest Kentik innovations?
Contact your Kentik account team or visit our Knowledge Base for detailed migration guides.

We are incredibly grateful to the developers and customers who helped kprobe grow, and we look forward to building the future of network observability together.

The Kentik Product Team

Our users and readers probably noticed a few months back that we added the ingestion of SNMP Syslogs and Traps to our platform via NMS.
Today we are bringing new enhancements to that Syslog functionality. But before we dig into those, let's do a quick recap of what was already available.

Setting up Syslog on a Network Device

First order of business when you want to add Syslog observability to your Kentik setup is to deploy our Universal Agent and enable the syslog capability on it. Deploying Universal Agent is trivial and all that's needed is to enable the Syslog Server capability during the final steps of the deployment process, as pictured below:

For an already deployed agent, the capability can be installed/enabled on the fly as depicted below from the Settings > Universal Agent agent list.

Once this is done, all you need to do is configure your network devices to send Syslog records to this agent. If necessary, you can also configure the listening IP and ports on the syslog capability.
Provided your device is NMS enabled, the Kentik cluster will ingest Syslog records from the device via the Universal Agent's syslog capability.

How can I access Syslog data for analysis? (part 1)

All ingested syslog data is enriched with a sum of attributes and immediately stored in our universal telemetry datastore, making it ready for analysis.
Syslogs (as well as SNMP Traps) correspond to a new broad type of Telemetry available in our platform called Events. We intend to add additional event types in the near future, so stay tuned!

Once ingested, new Metrics and Dimensions choices (both Group By and Filter) will be available in Data Explorer, as depicted below - allowing for very granular event type queries.

Here's an example of a Data Explorer query displaying syslog volumes per device and per severity over time.

Additionally, the new Events View tab on the data table will appear for users to display a complete list (unaggregated) of all the Syslog messages captured in this time window for filter defined in the query.

Of course, all of these visualizations are available to a bunch of extra useful capabilities such as

• Saved Views
• Dashboards
• Filter Based Dimensions
• Generate One Chart per Series

So what's new with Syslog? (part 2)

As of today, we're adding a few niceties, this is where it all becomes interesting. The keen eye will have noticed that the Infrastructure > Devices inventory screen includes a new filter in the NMS Status section - this filter now allows users to narrow the device list down to those that we are seeing Syslog entries for.

...but the real deal is that starting today a new Syslogs tab appears on the Infrastructure > Device > device details screen: let's say you are doing your rounds on a device, eyeballing it's metrics in the overview tab - you see a spike on CPU on the overview spark line and want to check if error reported by syslog has happened that may explain it, here's what it looks like when you click on the Syslog tab. Now users can easily search for specific syslog entries on this device of any Severity within any Time Range.

What does the future hold?

As mentioned earlier, we are just getting started on Events. They will soon play an important role in our unified observability stack, being additionally available to our recently released AI Advisor: when clicking on the top right Ask button on a Device Details page to summon the agent, it will already have the recently Syslogs for the device as part of its context.

As a fast follow-up, we will be soon adding SNMP Traps as a similar additional tab in the Device Details screen.

Later this year, we will be opening up amazing possibilities to query together Traffic (Flow), NMS (SNMP/ST), Events (syslogs, traps & more) and Performance (Synthetics) together in a cohesive set of visualizations - so stay tuned as things are just about to become interesting!

Low Resolution login screen

More often than not, our users may have to access Kentik Portal from a web browser running via Terminal Server or some equivalent VNC variant.
Some of our users have reported that the animated gradient on the new Login Screen resulted in a very laggy experience in such remote setups.

To solve this issue, we have introduced a QueryArg in the login URL that these users can now bookmark, which instead of an animated gradient displays a static one, therefore solving this issue:

https://portal.kentik.com/login?lowres=true if you are a US Platform user, or https://portal.kentik.eu/login?lowres=true if you are an EU Platform user.

Kentik Next for SSO users

https://next.kentik.com (alternatively https://next.kentik.eu to our EU users) is a public version of Kentik Portal which is always ahead of our production systems - it is the equivalent of OSes' Nightly Builds, a public pendant to our portal.kentik.com main instance. "Next" as we call it, exists for our customers to experience the next features to hit our production systems. (Disclaimer: as paint may constantly be wet on it, we advise users to stick to the product systems to perform production work). 

Up until now Next was not available to our SSO users - but it is now, so give it a try !