RCA Config Comparison Report

This report displays the results of a comparison between two RCA configurations defined for Service Analytics root cause analysis. Evaluate and score the comparison results. Then choose the RCA configuration that appears most efficient in your environment, and deploy it.

In addition to the default RCA configurations, you can create custom rule-based RCA configurations, and you can compare any two configurations (ConfigA and ConfigB). For each configuration that is being compared, RCA algorithms are applied using real historical alerts from the past 7 days. The RCA Config Comparison Report displays the RCA results for each configuration, if it would have been used during the past 7 days. Once you start a comparison, wait for the report to show that the status is Completed.

To display the report, navigate to Service Analytics > Reports > RCA Configs Comparison, which requires the evt_mgmt_admin role. The report has 3 sections, each section provides further details for a selected item in the previous section.

Comparison summary list

This section lists summaries of recent comparisons, with the following details:
Column Description
Start time Time the comparison started.
Run Name System created unique ID for the comparison run, prefixed by 'RUN'.
Status Status of the comparison, ensure it is completed before reviewing the details.
Config (A) The first RCA configuration used in the comparison.
Config (B) The second RCA configuration used in the comparison.
Score (A) Sum of user assigned scores for all automated alert groups analyzed by Config (A).
Score (B) Sum of user assigned scores for all automated alert groups analyzed by Config (B).
Service Discovered business service or manual service for which alerts were used in this comparison.
Actions:
  • Select a comparison for which to display further details about RCA results for Config (A) alongside Config (B).
  • Deploy an RCA configuration:
    1. Click the link for the RCA configuration that you want to deploy in the Config (A) or Config (B) column.
    2. On the configuration form, click Deploy.

RCA results for Config (A) and Config (B) per comparison

This section displays a comparison of root cause analysis for Config (A) and Config (B), for the selected comparison in the previous section. Displaying the following details:
Column Description
Grouping Time Time that the group was created.
Root Cause Comparison of the root cause CI being identified by Config (A) and Config (B). Both configurations have either identified the Same root cause CI, or a Different one.
Score (A) User assigned score of RCA results for this automated alert group, as it was analyzed by Config (A).
Score (B) User assigned score of RCA results for this automated alert group, as it was analyzed by Config (B).
Probability % (A) Confidence in the accuracy of the root cause CI identified by Config (A).
Probability % (B) Confidence in the accuracy of the root cause CI identified by Config (B).
Group Name (A) Automated alert group created by Config (A).
Group Name (B) Automated alert group created by Config (B).
Related Alerts (A) Summary of alerts within the automated alert group created by Config (A), broken down by alert severity.
Related Alerts (B) Summary of alerts within the automated alert group created by Config (B), broken down by alert severity.
Actions:
  • Select a automated alert group to display further details about all the alerts within that group.
  • Score results:
    1. Select the group and the configuration that you want to score, in either Score (A) or Score (B) column.
    2. Double-click the score value, enter a numeric score, and then click the green check-mark. The new group score value is aggregated into the summary score for Score (A) or Score (B) in the comparison summary row for this comparison.
  • Toggle between different display options for the automated alert groups:
    • Same: Displays only the automated alert groups for which RCA results for Config (A) and Config (B) are identical.
    • Different: Displays only the automated alert groups for which RCA results for Config (A) and Config (B) are different.
    • All: Displays all automated alert groups for which there are RCA results for either Config (A) or Config (B).

Correlated alert group details per config

This section displays details of all related alerts within a automated alert group selected in the previous section. Displaying the following details for both Config (A) and Config (B):
Column Description
Number Alert ID.
Severity Severity of the alert.
Description Description of the alert.
Configuration Item CI that the alert is associated with.
Updated On Last time that the alert was updated.