Automated alert groups

Service Analytics correlates alerts into automated alert groups that represent the underlying event data. Automated alert groups are displayed in the Alert Console and in the Event Management dashboard.

If Domain Support - Domain Extensions Installer is activated, then alert aggregation is applied at the domain level that is specified in the sa_analytics.agg.learner_domain_level property. By default, this property is set to 2, which is the second domain level in the domain hierarchy.

To create Service Analytics automated alert groups, aggregation algorithms rely partly on historical data in the alert knowledge base from similar past alerts and processes. As alerts continue to be generated and processed, data is collected and incorporated into the alert knowledge base for future processes and analysis.

Automated alert groups provide these capabilities:
Predictive alerts
If an automated alert group pattern contains at least four alerts, then alert aggregation uses the information of these existing alerts to generate predictive alerts. Each predicted alert is associated with a probability percentage number which represents the confidence in this alert actually being generated in the future. Predicted alerts with probability above the value of the Alert Prediction Minimum Confidence Score (%) Threshold property, are then displayed in the Group Timeline view in the Alert Console.
Root Cause Analysis
If the Alert Correlation RCA Enabled property is set to true, then alert aggregation applies Root Cause Analysis (RCA) to automated alert groups, to identify a root cause alert within the group. Identified root cause alerts are then displayed with a star, in the Group Timeline view in the Alert Console.