te-network-monitoring

$npx mdskill add automateyournetwork/netclaw/te-network-monitoring

Monitors and analyzes network performance using Cisco ThousandEyes

  • Checks test results, dashboards, and agent inventory for network health
  • Uses ThousandEyes API and MCP servers for data retrieval and visualization
  • Filters tests by type, name, or agent ID to provide relevant insights
  • Displays results through dashboards, path visualization, and alerts

SKILL.md

.github/skills/te-network-monitoringView on GitHub ↗
---
name: te-network-monitoring
description: "Cisco ThousandEyes — test management, agent inventory, test results, dashboards, path visualization, user/account management. Use when checking ThousandEyes test results, viewing network monitoring dashboards, listing agents, investigating alerts, or assessing overall network performance."
version: 1.0.0
license: Apache-2.0
tags: [cisco, thousandeyes, monitoring, network-tests, agents, dashboards, path-vis]
---

# ThousandEyes Network Monitoring

## MCP Servers

### Community Server (local, stdio)

- **Repository**: [CiscoDevNet/thousandeyes-mcp-community](https://github.com/CiscoDevNet/thousandeyes-mcp-community)
- **Transport**: stdio (Python)
- **Install**: `git clone` + `pip install -r requirements.txt`
- **Script**: `src/server.py`
- **Python**: 3.12+
- **Requires**: `TE_TOKEN`
- **Status**: Alpha/MVP, read-only

### Official Server (remote, HTTP)

- **Repository**: [CiscoDevNet/ThousandEyes-MCP-Server-official](https://github.com/CiscoDevNet/ThousandEyes-MCP-Server-official)
- **Endpoint**: `https://api.thousandeyes.com/mcp`
- **Transport**: Remote HTTP (via `npx mcp-remote`)
- **Auth**: Bearer token (`Authorization: Bearer <TE_TOKEN>`)
- **No local install** — hosted by Cisco
- **Requires**: `TE_TOKEN`, Node.js (for npx), org not opted out of AI features

## Community Server Tools (9)

| Tool | Parameters | What It Does |
|------|-----------|--------------|
| `te_list_tests` | `aid?, name_contains?, test_type?` | List all configured tests with filtering by name, type, or account group |
| `te_list_agents` | `agent_types?, aid?` | List enterprise, enterprise-cluster, and cloud agents |
| `te_get_test_results` | `test_id, test_type, window?/start?/end?/aid?/agent_id?` | Fetch network, page-load, and web-transaction test results |
| `te_get_path_vis` | `test_id, window?/start?/end?/aid?/agent_id?/direction?` | Path visualization — hop-by-hop network path data |
| `te_list_dashboards` | `aid?, title_contains?` | List all ThousandEyes dashboards |
| `te_get_dashboard` | `dashboard_id, aid?` | Dashboard details including widget inventory |
| `te_get_dashboard_widget` | `dashboard_id, widget_id, window?/start?/end?/aid?` | Widget data for a specific dashboard widget |
| `te_get_users` | none | List users in the ThousandEyes account |
| `te_get_account_groups` | none | List account groups accessible to the authenticated org |

## Official Server Tools (~20)

### Core Monitoring
| Tool | What It Does |
|------|--------------|
| List Tests | View all configured tests (web, network, DNS, voice) |
| Get Test Details | Detailed information about a specific test |
| List Events | Find network and application problems within time ranges |
| Get Event Details | Deep dive into specific events with impacted targets |
| List Alerts | View triggered or cleared alert rules |
| Get Alert Details | Comprehensive alert information with conditions and targets |
| Search Outages | Find network and application outages with filters |
| Instant Tests | **Active troubleshooting** — run tests on demand |

### Advanced Analysis
| Tool | What It Does |
|------|--------------|
| Get Anomalies | Detect metric anomalies in test data over time |
| Get Metrics | Retrieve aggregated metrics for dashboards and reports |
| Views Explanations | **AI-powered** — explain specific test results and visualizations |

### Endpoint Monitoring
| Tool | What It Does |
|------|--------------|
| List Endpoint Agents and Tests | List endpoint agents with filtering |
| Get Endpoint Agent Metrics | Time series data from endpoint agents |

### Network Path & BGP Analysis
| Tool | What It Does |
|------|--------------|
| Get Path Visualization | Network paths and hop-by-hop routing |
| Get Full Path Visualization | Comprehensive path data for all agents |
| Get BGP Test Results | BGP reachability and routing information |
| Get BGP Route Details | Detailed AS path and routing information |

### Account Management
| Tool | What It Does |
|------|--------------|
| Get Account Groups | List available account groups |

## Key Concepts

| Concept | Description |
|---------|-------------|
| **Test** | Synthetic probe: HTTP, network (ICMP/TCP), DNS, voice, SIP |
| **Agent** | Vantage point: Enterprise (on-prem), Cloud (Cisco-hosted) |
| **Path Visualization** | Hop-by-hop path showing latency, loss, and MPLS labels per hop |
| **Instant Test** | On-demand test execution for active troubleshooting |
| **Endpoint Agent** | Workstation agent monitoring WiFi, VPN, and SaaS experience |

## Workflow: Network Performance Assessment

When a user asks "how's the network performing?":

1. **List tests**: `te_list_tests` — discover all configured monitoring tests
2. **Test results**: `te_get_test_results` for key network tests — latency, loss, jitter
3. **Alerts**: List Alerts (official) — any active alert conditions
4. **Events**: List Events (official) — recent network/application problems
5. **Dashboards**: `te_list_dashboards` + `te_get_dashboard_widget` — executive summary metrics
6. **Report**: network performance dashboard with test-by-test metrics and alert status

## Workflow: Path Troubleshooting

When investigating "traffic to example.com is slow from the London office":

1. **Find test**: `te_list_tests` filtered by name or target
2. **Path visualization**: `te_get_path_vis` for the relevant test — hop-by-hop path
3. **Full path**: Get Full Path Visualization (official) — all agents, all paths
4. **BGP routes**: Get BGP Route Details (official) — is traffic taking an unexpected AS path?
5. **Anomalies**: Get Anomalies (official) — metric deviations over time
6. **Report**: path analysis with hop-by-hop latency, loss source, and routing assessment

## Workflow: Outage Investigation

When responding to a ThousandEyes alert:

1. **Alerts**: List Alerts (official) — active alert details, affected tests
2. **Events**: List Events (official) + Get Event Details — timeline, impacted targets
3. **Outages**: Search Outages (official) — broader outage scope (ISP, CDN, SaaS)
4. **Path vis**: `te_get_path_vis` — where in the path is the problem?
5. **Instant test**: Instant Tests (official) — run on-demand tests from multiple agents
6. **Report**: outage timeline with root cause (ISP node X, hop Y, BGP route change)

## Workflow: Endpoint Experience

When investigating "users complain about slow VPN":

1. **Endpoint agents**: List Endpoint Agents and Tests (official) — find agents on affected users
2. **Metrics**: Get Endpoint Agent Metrics (official) — WiFi signal, VPN latency, DNS response
3. **Path vis**: Get Path Visualization (official) — user-to-VPN-gateway path
4. **Correlate**: compare with enterprise agent test results — is it user-side or network-side?
5. **Report**: endpoint experience analysis with WiFi, VPN, and path diagnostics

## Workflow: BGP Monitoring

When auditing BGP health:

1. **BGP tests**: `te_list_tests` filtered by type=bgp
2. **BGP results**: Get BGP Test Results (official) — reachability, prefix visibility
3. **Route details**: Get BGP Route Details (official) — AS paths, origin validation
4. **Anomalies**: Get Anomalies (official) — BGP metric deviations
5. **Report**: BGP health summary with route stability assessment

## Integration with Other Skills

| Skill | How They Work Together |
|-------|----------------------|
| `pyats-routing` | ThousandEyes external BGP view + pyATS internal routing state = full picture |
| `pyats-troubleshoot` | ThousandEyes path vis (internet view) + pyATS show commands (device view) |
| `aws-network-ops` | ThousandEyes cloud agent tests + AWS VPC flow logs for hybrid visibility |
| `gcp-cloud-monitoring` | ThousandEyes metrics + GCP Cloud Monitoring for cross-platform correlation |
| `meraki-monitoring` | ThousandEyes synthetic tests + Meraki Dashboard live diagnostics |
| `fmc-firewall-ops` | ThousandEyes path vis through firewall + FMC rule audit |
| `servicenow-change-workflow` | ThousandEyes alerts trigger ServiceNow incidents |
| `gait-session-tracking` | Record all ThousandEyes investigations in GAIT audit trail |
| `slack-network-alerts` | Deliver ThousandEyes alert summaries to Slack channels |

## Important Rules

- **Read-only** — community server is read-only; official server has Instant Tests (on-demand test execution)
- **API rate limits** — ThousandEyes API usage counts against your org's rate limit; avoid rapid-fire queries
- **Account group scope** — queries default to the authenticated user's account group; specify `aid` for cross-group queries
- **AI features** — official server requires org not opted out of ThousandEyes AI features
- **Time windows** — use `window` (seconds) or `start`/`end` (ISO 8601) for time-bounded queries
- **Record in GAIT** — log all ThousandEyes investigations for audit trail

## Environment Variables

- `TE_TOKEN` — ThousandEyes API v7 OAuth bearer token (used by both community and official servers)

More from automateyournetwork/netclaw

SkillDescription
aap-automationRed Hat Ansible Automation Platform — inventory management, job template execution, project SCM sync, ad-hoc commands, host management, Galaxy content discovery. Use when automating infrastructure with Ansible, running playbooks, managing inventories, or searching for Ansible collections and roles.
aap-edaEvent-Driven Ansible (EDA) — activation lifecycle, rulebook management, decision environments, event stream monitoring. Use when managing event-driven automation triggers, enabling/disabling activations, or reviewing EDA rulebooks.
aap-lintansible-lint playbook and role validation — syntax checking, best practice enforcement, project-wide analysis, rule filtering. Use when validating Ansible playbooks, checking code quality, or enforcing automation best practices before deployment.
aci-change-deploySafe ACI policy change deployment - ServiceNow CR lifecycle, pre/post-change fault baselines, APIC policy application, automatic rollback on fault delta, and GAIT audit trail. Use when deploying ACI policy changes, creating tenants or EPGs, pushing config to APIC, or running a change window with rollback protection.
aci-fabric-auditComprehensive Cisco ACI fabric health audit - node status, tenant/VRF/BD/EPG policy review, contract analysis, fault triage, and endpoint learning verification. Use when auditing ACI fabric health, checking for faults, reviewing tenant policies, or running pre/post-change baselines on APIC.
arista-cvpArista CloudVision Portal (CVP) automation via REST API — device inventory, events, connectivity monitoring, tag management (4 tools). Use when managing Arista devices, checking CloudVision events, monitoring network connectivity probes, or tagging devices in CVP.
aruba-cx-configView and manage Aruba CX switch configurations, perform ISSU upgrades, and firmware operations
aruba-cx-interfacesMonitor Aruba CX switch interface status, LLDP neighbors, and optical transceiver health
aruba-cx-switchingView and manage Aruba CX switch VLANs and MAC address tables for Layer 2 operations
aruba-cx-systemDiscover Aruba CX switch system information, firmware versions, and VSF topology