Abstract: In one embodiment, a device associates one or more performance metrics with a particular session of an online application. The device makes a determination that a user of the online application associated with the particular session should be queried for feedback regarding their application experience. The device obtains, based on the determination, feedback from the user regarding their application experience, by causing a chatbot to be presented to the user and query the user for feedback regarding their application experience. The device associates the feedback from the user regarding their application experience with the one or more performance metrics.

Abstract: In one embodiment, a service receives telemetry data collected from a plurality of different networks. The service combines the telemetry data into a synthetic input trace. The service inputs the synthetic input trace into a plurality of machine learning models to generate a plurality of predicted key performance indicators (KPIs), each of the models having been trained to assess telemetry data from an associated network in the plurality of different networks and predict a KPI for that network. The service compares the plurality of predicted KPIs to identify one of the plurality of different networks as exhibiting an abnormal behavior.

Abstract: In one embodiment, a service computes a data fidelity metric for network telemetry data used by a machine learning model to monitor a computer network. The service detects unacceptable performance of the machine learning model. The service determines a correlation between the data fidelity metric and the unacceptable performance of the machine learning model. The service adjusts generation of the network telemetry data for input to the machine learning model, based on the determined correlation between the data fidelity metric and the unacceptable performance of the machine learning model.

Abstract: In one embodiment, a network assurance service executing in a local network clusters measurements obtained from the local network regarding a plurality of devices in the local network into measurement clusters. The network assurance service computes aggregated metrics for each of the measurement clusters. The network assurance service sends a machine learning model computation request to a remote service outside of the local network that includes the aggregated metrics for each of the measurement clusters. The remote service uses the aggregated metrics to train a machine learning-based model to analyze the local network. The network assurance service receives the trained machine learning-based model to analyze performance of the local network. The network assurance service uses the receive machine learning-based model to analyze performance of the local network.

Abstract: The present technology allows a hybrid approach to using artificial intelligence engines to perform issue generation, leveraging both on-premise and cloud components. In the technology, a cloud-based computing device receives data associated with a computing network of devices and uses machine-learning to create a model of the computing network. The cloud-based computing device communicates the model to a computing system located on-premise with the computing network and receives data related to the issues and insights created by the on-premise computing system. The cloud-based computing device determines if the on-premise computing system is producing issues and insights below a threshold quality. If yes, the cloud-based computing device updates the model based on updated data associated with the computing network and communicates the updated model to the on-premise computing system.

Abstract: In one embodiment, a network assurance service that monitors a network detects a network issue in the network using a machine learning model and based on telemetry data captured in the network. The service assigns the detected network issue to an issue cluster by applying clustering to the detected network issue and to a plurality of previously detected network issues. The service selects a set of one or more actions for the detected network issue from among a plurality of actions associated with the previously detected network issues in the issue cluster. The service obtains context data for the detected network issue. The service provides, to a user interface, an indication of the detected network issue, the obtained context data for the detected network issue, and the selected set of one or more actions.

Abstract: In one embodiment, a service receives telemetry data collected from a plurality of different networks. The service combines the telemetry data into a synthetic input trace. The service inputs the synthetic input trace into a plurality of machine learning models to generate a plurality of predicted key performance indicators (KPIs), each of the models having been trained to assess telemetry data from an associated network in the plurality of different networks and predict a KPI for that network. The service compares the plurality of predicted KPIs to identify one of the plurality of different networks as exhibiting an abnormal behavior.

Abstract: In one embodiment, a network assurance service maintains a data lake of network telemetry data obtained by the service from any number of computer networks. The service generates a machine learning model for on-premise execution in a particular computer network to detect network issues in the particular network. To do so, the service repeatedly selects a candidate set of model settings based in part on the data lake of network telemetry data, trains a machine learning model using network telemetry data from the data lake that matches the candidate set of model settings, and tests performance of the trained model using an emulator that emulates network issues in the particular network. The service further deploys the generated machine learning model to the particular computer network for on-premise execution.

Abstract: In one embodiment, a service computes a data fidelity metric for network telemetry data used by a machine learning model to monitor a computer network. The service detects unacceptable performance of the machine learning model. The service determines a correlation between the data fidelity metric and the unacceptable performance of the machine learning model. The service adjusts generation of the network telemetry data for input to the machine learning model, based on the determined correlation between the data fidelity metric and the unacceptable performance of the machine learning model.

Abstract: In one embodiment, possible voting nodes in a network are identified. The possible voting nodes each execute a classifier that is configured to select a label from among a plurality of labels based on a set of input features. A set of one or more eligible voting nodes is selected from among the possible voting nodes based on a network policy. Voting requests are then provided to the one or more eligible voting nodes that cause the one or more eligible voting nodes to select labels from among the plurality of labels. Votes are received from the eligible voting nodes that include the selected labels and are used to determine a voting result.

Abstract: In one embodiment, a network assurance service maintains a data lake of network telemetry data obtained by the service from any number of computer networks. The service generates a machine learning model for on-premise execution in a particular computer network to detect network issues in the particular network. To do so, the service repeatedly selects a candidate set of model settings based in part on the data lake of network telemetry data, trains a machine learning model using network telemetry data from the data lake that matches the candidate set of model settings, and tests performance of the trained model using an emulator that emulates network issues in the particular network. The service further deploys the generated machine learning model to the particular computer network for on-premise execution.

Abstract: In one embodiment, a device in a network receives information regarding a network anomaly detected by an anomaly detector deployed in the network. The device identifies the detected network anomaly as a false positive based on the information regarding the network anomaly. The device generates an output filter for the anomaly detector, in response to identifying the detected network anomaly as a false positive. The output filter is configured to filter an output of the anomaly detector associated with the false positive. The device causes the generated output filter to be installed at the anomaly detector.

Abstract: In one embodiment, a network assurance service that monitors a plurality of networks subdivides telemetry data regarding devices located in the networks into subsets, wherein each subset is associated with a device type, time period, metric type, and network. The service summarizes each subset by computing distribution percentiles of metric values in the subset. The service identifies an outlier subset by comparing distribution percentiles that summarize the subsets. The service reports insight data regarding the outlier subset to a user interface. The service adjusts the subsets based in part on feedback regarding the insight data from the user interface.

Abstract: In one embodiment, a device in a network performs anomaly detection functions using a machine learning-based anomaly detector to detect anomalous traffic in the network. The device identifies an ability of one or more nodes in the network to perform at least one of the anomaly detection functions. The device selects a particular one of the anomaly detection functions to offload to a particular one of the nodes, based on the ability of the particular node to perform the particular anomaly detection function. The device instructs the particular node to perform the selected anomaly detection function.

Abstract: In one embodiment, a network assurance service receives data regarding a monitored network. The service analyzes the received data using a machine learning-based model, to perform a network assurance function for the monitored network. The service detects a lowered performance of the machine learning-based model when a performance metric of the machine learning-based model is below a threshold for the performance metric. When it is determined that the lowered performance of the machine-learning based model is correlated with the sample rate of the received data, the service adjusts the sample rate of the data.

Abstract: In one embodiment, a local service of a network reports configuration information regarding the network to a cloud-based network assurance service. The local service receives a classifier selected by the cloud-based network assurance service based on the configuration information regarding the network. The local service classifies, using the received classifier, telemetry data collected from the network, to select a modeling strategy for the network. The local service installs, based on the modeling strategy for the network, a machine learning-based model to the local service for monitoring the network.

Abstract: In one embodiment, a network assurance service receives, from a reporting entity, data regarding a monitored network for input to a machine learning-based analyzer of the network assurance service. The service forms a reporting entity model of the reporting entity, based on at least a portion of the data received from the reporting entity. The service identifies a behavioral change of the reporting entity by comparing a sample of the data received from the reporting entity to the reporting entity model. The service correlates the behavioral change of the reporting entity to a change made to the reporting entity. The service causes performance of a mitigation action, to prevent the behavioral change from affecting operation of the machine learning-based analyzer.

Abstract: In one embodiment, a network assurance service executing in a local network clusters measurements obtained from the local network regarding a plurality of devices in the local network into measurement clusters. The network assurance service computes aggregated metrics for each of the measurement clusters. The network assurance service sends a machine learning model computation request to a remote service outside of the local network that includes the aggregated metrics for each of the measurement clusters. The remote service uses the aggregated metrics to train a machine learning-based model to analyze the local network. The network assurance service receives the trained machine learning-based model to analyze performance of the local network. The network assurance service uses the receive machine learning-based model to analyze performance of the local network.

Abstract: In one embodiment, a primary networking device in a branch network receives a notification of an anomaly detected by a secondary networking device in the branch network. The primary networking device is located at an edge of the network. The primary networking device aggregates the anomaly detected by the secondary networking device and a second anomaly detected in the network into an aggregated anomaly. The primary networking device associates the aggregated anomaly with a location of the secondary networking device in the branch network. The primary networking device reports the aggregated anomaly and the associated location of the secondary networking device to a supervisory device.

Abstract: In one embodiment, a network assurance service executing in a local network clusters measurements obtained from the local network regarding a plurality of devices in the local network into measurement clusters. The network assurance service computes aggregated metrics for each of the measurement clusters. The network assurance service sends a machine learning model computation request to a remote service outside of the local network that includes the aggregated metrics for each of the measurement clusters. The remote service uses the aggregated metrics to train a machine learning-based model to analyze the local network. The network assurance service receives the trained machine learning-based model to analyze performance of the local network. The network assurance service uses the receive machine learning-based model to analyze performance of the local network.