Closing the Detection-to-Diagnosis Gap: AI Advisor now supports On-Demand Connectivity, Config Context, and Device Diagnostics
Summary
Knowing something is broken is easy. Figuring out why is hard. Introducing three new, native AI diagnostic capabilities in the Kentik Network Intelligence Platform to accelerate root cause analysis and keep your network running better.
Does this story sound familiar? Something is broken. Users are unhappy. Leadership wants answers now. Telemetry and alerts confirm the problem is real, but they do not provide enough detail to explain it. You still have to figure out what changed, what is true right now, and what to do next. And you have to do it fast.
This is the part of incident response that the industry still has not solved very well. Detection has improved a lot. Observability tools are much better than they used to be at spotting anomalies, correlating events, and narrowing the scope of a problem. But diagnosis still depends heavily on manual investigation. In practice, symptoms can point you in the right direction without telling you the actual reason something is broken, which is why so much of MTTR still gets consumed by the diagnosis phase rather than the detection phase.
In a field of a thousand haystacks, observability tools have gotten pretty good at pointing you to the haystack that probably contains the needle. Useful, sure. But the actual search through that haystack is still largely manual. Manually review the alert and triggering telemetry, correlate it with other signals, run pings and traceroutes to understand/confirm the vantage point, check whether anything changed in configuration, and often log into devices directly to ask deeper questions about the live state. The hard part is no longer spotting that something is wrong. The hard part is proving what’s wrong quickly enough to matter.
At Kentik, we have always believed that data without context is just noise. True network intelligence means being able to connect the dots, not just what is happening, but why it is happening, and with the evidence that supports that conclusion.
That is why today we are introducing three new AI capabilities designed to shrink the time between detection and diagnosis:
- On-Demand Connectivity Tests
- Config Context: Backups and Diffs
- SSH Command Access: On-Demand Device Diagnostics
They are three distinct features unified with Kentik AI Advisor to achieve the same goal: helping network teams move from alert to evidence to resolution faster, with less tool hopping and greater confidence in what they see.
On-Demand Connectivity Tests: Starting from a specific vantage point
One of the first things engineers do when troubleshooting a network issue is look to validate reachability and path behavior from the right vantage point. Can we reach the destination at all? Is there packet loss? Is this phenomenon observed only from New York, or is it observed from London, Paris, and Tokyo as well?
That sounds simple, but in practice, it is usually manual and messy. You leave the alert, ticket, or dashboard, find the right host or test point, open a command console, run pings or traceroutes, and mentally stitch the results back into the rest of the incident. This could take several minutes or longer, and the whole process exists outside of a seamless workflow. Wait… what was the latency on that path again?
With On-Demand Connectivity Tests, AI Advisor can now automatically run ping and traceroutes. That means you can test from the vantage point that actually matters, without switching tools and without losing context along the way. AI Advisor can use those results alongside the rest of the evidence it is already gathering, so reachability, latency, loss, and path behavior can be analyzed alongside your telemetry in the same place.
That’s what makes this more useful than simply adding ping and traceroute capabilities to Kentik. The tests run from a specific and relevant vantage point (where you already have agents), return that information right to your investigation, and become part of the same body of data AI Advisor works with to help address the issue at hand.
Config Context: Backups and Diffs where you actually need them when things break
When a network problem hits, configuration is one of the first places engineers look, for good reason. Configuration changes are one of the most common causes of outages and performance regressions. A route-map adjustment, a QoS tweak, a policy change, or an accidental push of the wrong configuration can quickly disrupt an otherwise healthy device and bring down part of the network.
The challenge is that configuration management tools usually live somewhere else and often have tighter access because of the sensitivity of what they can do. So even when your instinct is to check whether something changed right away, you still have to break the investigation thread, jump into another tool, find the device, find the right revision, compare it to the last one, and decide whether any of it actually explains what you are seeing.
That’s why, with Config Context: Backups and Diffs, we’re bringing configuration files and diffs directly into Kentik NMS and AI Advisor, making critical configuration context available alongside the rest of your network telemetry.
Kentik can now periodically scrape running configurations over SSH, store them as backups, and surface them and their diffs directly in Kentik. You can view the current config, track revision history, and compare what changed from the same place you are already investigating alerts, telemetry, and device context. Asking “what changed?” becomes part of the workflow instead of a detour into a separate system. And because Kentik only reads and redacts configs, there is no risk of the wrong person accidentally changing the network during normal operations.
But we’ve also gone further. Manually reviewing configs and diffs, even in context with your telemetry and alerts, is still manual. Plus, it isn’t always easy to find what you are looking for among thousands of configuration lines, or to understand what the config is saying if you aren’t familiar with a specific vendor or device.
That’s why we also made configuration and diffs accessible to AI Advisor to help interpret them in natural language. It can help explain intent, call out meaningful changes, answer straightforward questions like “show me the current running config,” or tackle more interpretive ones like “summarize the impact of the config changes during last night’s maintenance window.” In more complex investigations, AI Advisor will also look at configuration diffs as a source of telemetry to evaluate if changes might be relevant to the observed alerts and telemetry.
SSH Command Access: On-Demand Device Diagnostics
Even with strong telemetry and configuration context, there are moments when the answer is still deeper in the device. Packet loss could mean physical errors, congestion, or a bad queue. BGP might look down, or it might be up while routes are quietly being filtered. An interface can be technically “up” while the optics beneath it are degrading.
That is when engineers stop reading dashboards and open a terminal.
With SSH Command Access: On-Demand Device Diagnostics, AI Advisor can now propose and run approved, read-only show commands on supported devices, gather live diagnostic evidence, and interpret it in context. So instead of breaking the thread, logging in manually, and pasting output back into the investigation, AI Advisor can pull that device truth into the same workflow you are already in. In other words, AI Advisor is no longer limited to the data you instrumented and collected ahead of time; it can now retrieve the device data most relevant to the problem at hand.
Sometimes you know what you are trying to validate, but you do not remember the exact syntax across vendors. In those moments, AI Advisor acts as a translator: You describe what you want to learn, it proposes the relevant commands, you approve them, and it explains what the outputs mean.
Other times, you do not know what you are looking for yet. You just know something is wrong. In those situations, AI Advisor can reason from the alert, telemetry, configs, connectivity tests, and the rest of the available context, then propose the next diagnostics that are actually worth running.
This is especially useful in real-world NOC environments. Not everyone is a senior network engineer or architect. Not every engineer remembers every command across every vendor. And even very good engineers do not know everything. Command Access helps less experienced engineers troubleshoot more like seasoned ones, and it helps experienced engineers stay focused on the problem rather than burning time on syntax lookups, copy-paste loops, and context switching.
Importantly, this capability was designed with control and risk management in mind. Command Access is strictly read-only. Only approved show commands are allowed. Users confirm commands before they run. Kentik also maintains command controls so problematic commands are not even suggested in the first place, with additional exclusions configurable in Kentik AI settings.
Bridging the gap between detection and diagnosis
We’ve been a leader in network observability for a long time. But moving from observability to network intelligence means going beyond telling teams that something is wrong and helping them understand it quickly enough to fix it.
That is what these three capabilities are really about. Many tools are good at spotting symptoms and narrowing the scope. But then the tools of the trade for understanding what’s really going on tend to be local, vendor-specific, or otherwise siloed from the telemetry. By bringing them together, they help close the gap between seeing the haystack and actually finding the needle.
That is also why the broader Kentik Network Intelligence Platform matters. These are not disconnected utilities floating off to the side. They sit alongside the rest of the telemetry and workflows already in Kentik, including alerts, traffic, metrics, synthetics, syslog, traps, and device inventory. AI Advisor keeps the investigation context intact across those sources, so teams do not have to rebuild it manually. Instead of bouncing between separate tools for symptom detection, connectivity checks, config history, and live device interrogation, the evidence stays in one place.
What’s next
This launch is part of a broader direction for Kentik. We are continuing to deepen the context available inside the platform and make AI Advisor more useful in the moments when teams are under pressure and need answers quickly. The more complete the picture inside the investigation, the easier it becomes to move from symptoms to cause without losing time or confidence along the way.
If you want to see these capabilities in action, reach out for a demo. We would love to show you how On-Demand Connectivity Tests, Config Context, and Command Access fit into real troubleshooting workflows.
