CMDB alert groups

Service Analytics groups alerts by using different methods of correlation. For CIs without historical data, Service Analytics correlates alerts based on those CIs' relationships in the CMDB. CMDB alert groups are displayed in the Alert Console and in the Event Management dashboard.

To correlate alerts into groups, Service Analytics relies on historical alert data. Analyzing historical data, Service Analytics learns patterns of alerts, and then attempts to match new alerts with these patterns to correlate alerts and create alert groups. However, in some situations such as with a new implementation, or with a new set of CIs, there is no historical data to learn from. In these situations, Service Analytics can automatically correlate alerts based on CI relationships. This correlation is based on hosting rules, containment rules, and suggested relationships. For example, the alerts for the CIs in the following relationships can be correlated into a CMDB alert group:
  • A server hosting a computer
  • Processes that are running on a specific server
Note: The hosting and containment relationships that are used for CMDB-based grouping are used only if the number of connections between the CIs is small. If two CIs are related through many connections, the connection is considered to be too weak for CMDB-based grouping.

Properties associated with CMDB alert groups

  • The Enable CMDB Correlation for Alert Aggregation (sa_analytics.agg.query_cmdb_correlation_enabled) property must be enabled to allow Service Analytics to automatically use CI relationships to correlate alerts and form CMDB alert groups.
  • If the Enable Suggested Relations for CMDB Correlation (sa_analytics.agg.query_cmdb_suggested_relationship_enabled) property is enabled, then any suggested relationships defined in the system, are used when forming CMDB alert groups.
  • The CMDB Groups: Relationship level (sa_analytics.agg.query_cmdb_graph_walk_nodes) property sets the number of levels to use for dot-walking. This impacts the application of CMDB hosting rules, containment rules, and endpoints to CMDB group formation during alert aggregation.