Synadia Insights
Quick Start
There are two ways to get started with Insights: against the built-in simulator (no license, no external NATS required), or against a real NATS system you already operate.
- Simulator. Explore the web UI, search language, and audit checks with synthetic data. No license needed.
- Real NATS system. Point Insights at a running NATS deployment with system account credentials. Configure a license before running the commands in the second half of this page.
Run Against the Simulator
./insights --simulator.enabled
This runs everything in a single process:
- A simulated NATS deployment with multiple clusters, servers, accounts, streams, consumers, and connections.
- The scraper, pulling data from the simulated servers every minute.
- The indexer, storing time-series snapshots into an in-memory DuckDB database.
- The web UI, serving the dashboard on port 8080.
All data is ephemeral by default. Open http://127.0.0.1:8080 in your browser.
To pick a larger or different topology:
# A medium-sized super cluster
./insights --simulator.enabled --simulator.profile super-medium
# A large core NATS deployment (no JetStream)
./insights --simulator.enabled --simulator.profile core-large
# A leaf node topology
./insights --simulator.enabled --simulator.profile leaf-small
Available profile families: core-{small,medium,large}, js-{small,medium,large}, super-{small,medium,large}, leaf-{small,medium,large}, super-leaf-{small,medium,large}.
To persist simulator data across restarts:
./insights --simulator.enabled --data-dir ./insights-data
Run Against a Real NATS System
Insights connects to a target NATS system using the system account and collects data from the $SYS monitoring endpoints. This is read-only. Insights does not modify the target system.
Prerequisites
- A valid license. See Installation › Configure a License.
- Credentials for the system account (
$SYS), typically as a.credsfile or a pre-configured NATS context. - Network reachability from the Insights process to the target NATS servers.
Connect with credentials
./insights \
--license.file /etc/insights/license.jwt \
--sys.server nats://your-nats:4222 \
--sys.creds /path/to/sys.creds
Connect with a NATS context
If you already manage credentials with the NATS CLI, reuse an existing context:
./insights \
--license.file /etc/insights/license.jwt \
--sys.context my-system
Authentication options
--sys.* supports the same authentication mechanisms as any NATS client:
| Method | Flags |
|---|---|
| Credentials file | --sys.creds /path/to/sys.creds |
| NATS context | --sys.context my-context |
| Basic auth | --sys.user USER --sys.password PASS |
| NKey | --sys.nkey SEED |
| JWT | --sys.jwt TOKEN |
TLS options (--sys.tls-cert, --sys.tls-key, --sys.tlsca, --sys.tls-first) and SOCKS proxying (--sys.socks-proxy) are also available.
Persist data
Add --data-dir to keep the DuckDB database and JetStream state across process restarts:
./insights \
--license.file /etc/insights/license.jwt \
--sys.server nats://your-nats:4222 \
--sys.creds /path/to/sys.creds \
--data-dir /var/lib/insights
See the Deployment Guide for topology choices, external sink configuration, headless mode, and production settings.
Open the Web UI
With either mode running, open http://127.0.0.1:8080. Use --web.hostname 0.0.0.0 to expose it on all interfaces.
The overview page shows system-wide cluster status, server and connection counts, JetStream usage, and active audit check findings. The sidebar navigates to per-entity views (clusters, servers, accounts, streams, consumers, connections, KV and object stores). The time control bar lets you switch between live mode and a pinned point in time.
As data accumulates, audit check findings appear on entity detail pages and on the overview, tagged by severity and grouped into six categories.
Next Steps
- Architecture. How data flows through the system.
- Audit Checks. Learn about the automated audit framework.
- Deployment Guide. Configure Insights for production.