RCA configurations

Service Analytics uses an RCA configuration to determine which alerts to include in its root cause analysis. The RCA configuration is used in learning the conditional probability of how a particular state of CI impacts other CIs. Multiple RCA configurations can be defined, but only a single configuration is in effect at any point of time for a given domain.

There are two types of RCA configurations, and the base system includes a pre-defined RCA configuration for each type:
  • Rule-based model: Considers the severity of the alert, and maps any severity level (Critical, Major, Minor, Warning) into a state. For example, a binary-state configuration maps into two possible states:
    • 0 – No alert for the CI
    • 1 – Alerts exist for the CI

    Each configuration consists of one or more rules that define the set of alerts to be included in the RCA, such as all alerts with the severity of critical. You can define custom RCA configuration using the rule-based model, adding rules to map alerts according to CI and alert attributes to various states.

    The base system includes the predefined RCA configuration Default Binary Model Config, which is the default RCA configuration.

  • Multi-state model: Based on the combination of the Resource and the Metric Name alert columns to learn the model, and it is not associated with any rules. The multi-state model combines the Metric Name and Resource alert columns into a string, and then aggregates such strings from multiple alerts into a single state string. The number of resulting states is determined by the number of unique state strings for a particular CI.

    The base system includes the predefined RCA configuration Default Multi State Config, which you can use in a comparison test of RCA configurations. There are no variations for this default configuration, and therefore you cannot create a custom RCA configuration that is based on the multi-state model.

There is no single RCA configuration that is the most optimal in every environment. Therefore, in addition to the default configurations, you can create custom rule-based RCA configuration. A custom RCA configuration can use additional CI and alert attributes, such as a location attribute to scope the analysis to a specific data center. User can add rules that define how to map alerts for different CIs to various states.

You can compare the RCA results on actual business data, between any two RCA configurations allowing you to select the optimal configuration in your environment. A comparison simulates analysis on historical data, and the RCA Configs Comparison report displays the results of the comparison.