CMDB alert groups

Service Analytics groups alerts by using different methods of correlation. For CIs without historical data, Service Analytics correlates alerts based on CIs' relationships in the CMDB. CMDB alert groups are displayed in the alert console and in the Event Management dashboard.

To correlate alerts into groups, Service Analytics relies on historical alert data. Analyzing historical data, Service Analytics learns patterns of alerts, and then attempts to match new alerts with these patterns to correlate alerts and create alert groups. However, in some situation such as with a new implementation, or with a new set of CIs, there is no historical data to learn from. In these situations, if the sa_analytics.agg.query_cmdb_correlation_enabled property is set to 'true', Service Analytics automatically correlates alerts based on relationships between the respective CIs that are defined in the CMDB. For example, a server that is hosting a computer, or processes that are running on a certain server - the alerts for the CIs in these relationships can be correlated into a CMDB alert group.

The relationships that are used for CMDB-based grouping are hosting and containment but only if the number of connections between the CIs is small. If two CIs are related through many connections, the connection is considered to be too weak for CMDB-based grouping.