Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Service Analytics automated alert groups

Log in to subscribe to topics and get notified when content changes.

Service Analytics automated alert groups

Service Analytics correlates alerts into automated alert groups that represent the underlying event data. Automated alert groups are displayed in the alerts console and in the Event Management dashboard.

If the Domain Support - Domain Extensions Installer plugin is activated, then alert aggregation is applied at the domain level that is specified by the sa_analytics.agg.learner_domain_level property. By default, this property is set to 2, which is the second domain level in the domain hierarchy.

Alert aggregation

Alerts are grouped based on the CI that is associated with the alerts. Service Analytics groups alerts that are very similar, but not necessarily identical, and also based on how close in time the alerts were created.

Alerts for technical services, manual services, and alert groups are not associated with a service model and do not undergo RCA. Other than being correlated by time and CI, these alerts are not necessarily related by the same underlying problem.

Alert aggregation has these components:
Alert Aggregation Learner
An offline job that runs once a day to process past alerts. The Alert Aggregation Learner identifies patterns of related alerts using a combination of pattern-based and probabilistic techniques. If the sa_analytics.agg.learner_group_by_property property is set, then before processing starts, the Alert Aggregation Learner groups alerts by the specified CMDB property.
Real Time Query
A scheduled job that runs every minute and updates alert aggregation groups. It tries to match real-time alerts with alert patterns stored in the alert knowledge base.

RCA for discovered business services and manual services

Service Analytics applies root cause analysis (RCA) algorithms if one of the CIs in an automated alert group belongs to a discovered business service or to a manual service, in order to identify root cause CIs. For a discovered business service and for a manual service, an automated alert group contains alerts that were generated by the root cause CIs and by related CIs.