How a leading financial information and analytics company strengthened Network Observability with Selector
A leading financial information and analytics company deployed Selector as a hybrid observability platform to collect network telemetry across distributed environments, correlate events across multiple signal types, and give operations teams a more usable view of device, site, and service health.
At a glance
Leading financial information and analytics company
Financial Services
Hybrid SaaS with distributed on-premises data collection
- Consolidate network observability
- Improve alert quality
- Support topology-aware operations
- Integrate monitoring data into existing operational workflows
- Distributed telemetry collection
- SNMP and syslog ingestion
- Synthetic checks
- REST-based enrichment
- Topology views
- Event correlation
- Reporting
- Incident workflow integration
- Webhooks-based alert ingestion from multiple existing tools
- Clearer infrastructure visibility
- Better signal quality for operations teams
- Scalable foundation for broader observability coverage
Challenge
The customer needed to replace a legacy monitoring approach that produced excessive alert volume, limited operational context, and too much manual effort in triage. The core issue was not a lack of telemetry, but the difficulty of tuning high-volume infrastructure signals into reliable operational decisions.
Solution
Selector was deployed using a centralized cloud control plane with distributed on-premises collection components. This architecture supported local ingestion of network, log, and synthetic telemetry while enabling centralized correlation, dashboards, topology views, and reporting.
Impact
The implementation improved visibility across a large, multi-environment network estate and supported a higher-quality operational workflow through deduplication, event correlation, drill-down investigation, and broader telemetry coverage.
A technical foundation for distributed network operations
The customer operates a complex infrastructure footprint spanning campus environments, data centers, and cloud-connected services. Supporting this environment required an observability approach that could ingest telemetry from multiple domains, preserve local collection flexibility, and still present a consistent operational view to central teams.
Selector was introduced to provide that operational layer. The platform combined controlled SaaS-based orchestration with distributed remote collection, enabling the customer to ingest and normalize metrics, logs, synthetic results, and contextual data without relying on a single collection model or a narrow set of device types.
Key challenges
Signal Quality
High alert volume reduced the usefulness of individual alerts and increased the effort required to identify likely root cause.
Telemetry diversity
The environment required support for multiple collection patterns, including polling, pushed logs, synthetic checks, API-based enrichment, and contextual inventory inputs.
Topology awareness
Operational teams needed more than point metrics. They needed visibility into site, device, and interconnection relationships to investigate issues in context.
Workflow alignment
The platform had to fit existing authentication, collaboration, and incident management processes rather than create a parallel operational path.
High telemetry volume without enough operational context
The customer’s existing monitoring stack was generating a large volume of alerts into incident workflows, but the alerts did not provide enough context to consistently support fast prioritization or efficient investigation. Operations teams were spending time separating duplicate symptoms from meaningful issues, and the surrounding device, site, and topology context was not always easy to assemble quickly.
The technical challenge also reflected the shape of the environment. The customer needed coverage across heterogeneous infrastructure, including traditional network devices, logs, synthetic tests, and cloud-connected resources. A workable solution had to support polling, pushed telemetry, REST-based collection, and contextual enrichment while remaining operationally manageable at scale.
A hybrid observability architecture with distributed collection
Selector was deployed using a hybrid architecture that combined a centralized cloud platform with distributed on-premises collection. This approach allowed telemetry to be collected close to the source across multiple regions and network domains, while giving operations teams a unified view of infrastructure health, events, and dependencies. The deployment supported secure outbound connectivity over standard enterprise-friendly protocols, making it well-suited for environments with controlled network access and established security policies.
The platform ingested a broad set of operational data, including SNMP polling, SNMP traps, syslog, synthetic monitoring, blackbox checks, REST-based telemetry, CMDB context, cloud resource data, webhook events, and selected email-driven operational signals. Bringing these sources together allowed the customer to correlate device health, event activity, reachability, and inventory context in a single operational layer.
That telemetry was then organized into workflows built for day-to-day operations. The platform supported views for device health, site health, topology, incidents, and event correlation, along with focused analytics for conditions such as tunnel degradation, routing instability, interface issues, and broader network risk indicators. Reporting extended those workflows with structured summaries for site health, tunnel performance, and critical interface conditions.
What Selector enabled
Distributed telemetry ingestion
The solution supported a mix of polling, pushed logs, synthetic checks, REST-based collection, and contextual inventory inputs within a single operational framework.
Topology-based investigation
Teams could move between site-level and device-level views and inspect interconnections with richer interface context.
Correlation and deduplication
A core requirement was to reduce alert noise by grouping related events and improving the usefulness of the signals reaching operations teams.
KPI-driven dashboards
The dashboard model included CPU, memory, interface, BGP, ping, log, event, and topology-oriented views tied to operational monitoring needs.
Operational Reporting
The deployment supported formal reporting on site health, tunnel performance, and critical interface conditions, extending visibility beyond live dashboards.
Workflow integration
The architecture aligned with enterprise SSO, collaboration tooling, and incident management workflows to make observability outputs easier to operationalize.
Technical depth without operational disruption
The value of this approach was not only in the breadth of telemetry collected, but in the way the deployment model balanced enterprise practicality with observability depth. By using distributed remote collectors and a centralized platform layer, the customer could extend coverage across multiple environments while preserving a manageable operational model.
This also made the solution more useful in day-to-day operations. Instead of requiring teams to pivot across disconnected tools and raw event streams, the platform was designed to combine device metrics, logs, topology context, and correlation outputs into a smaller number of higher-value workflows. That design choice matters in large environments where scale alone can overwhelm otherwise capable teams.
Stronger operational visibility across a complex environment
The deployment gave the customer a stronger observability foundation across a large, distributed network environment. By bringing together telemetry from multiple sources and improving how events were correlated, the platform helped operations teams work with better context, clearer prioritization, and a more useful monitoring signal. It also supported the transition away from a legacy monitoring approach that was creating unnecessary alert noise and operational overhead.
Beyond the immediate monitoring gains, the architecture created room for broader observability maturity. With centralized visibility, distributed collection, and support for multiple telemetry types, the customer established a platform that could expand to cover additional data sources, deeper integrations, and more advanced operational workflows over time.
Results snapshot
Large-scale monitoring coverage
The solution supported observability across thousands of devices in a distributed enterprise environment.
Multi-source telemetry in one platform
The deployment brought together infrastructure metrics, logs, synthetic monitoring, contextual inventory, and cloud-related telemetry into a unified operational view.
Improved alert quality
Correlation and deduplication helped reduce alert noise and made it easier for operations teams to focus on the issues that mattered most.
Topology-aware investigation
Operational teams could move between site-level and device-level views to investigate infrastructure conditions with more context.
Reporting for operational performance
The platform supported reporting for site health, tunnel performance, and critical interace conditions, extending visibility beyond dashboards alone.
Alignment with existing workflows
The deployment fit into existing authentication, collaboration, and incident response processes, making adoption easier for operational teams.
Expanding the foundation for broader observability
This deployment established a strong foundation for continued growth in observability across the customer’s environment. With distributed collection, multi-source telemetry, and unified operational views in place, the organization is well-positioned to extend coverage, deepen integrations, and support more advanced analytics over time.
As the environment evolves, this foundation can support broader monitoring use cases, richer operational context, and more proactive workflows across infrastructure and operations teams.
