RCA configurations Event Management alert aggregation and RCA uses an RCA configuration to determine which alerts to include in its root cause analysis. The RCA configuration is used in learning the conditional probability of how a particular state of CI impacts other CIs. Multiple RCA configurations can be defined, but only a single configuration is in effect at any point of time for a given domain. There are two types of RCA configurations, and the base system includes a pre-defined RCA configuration for each type: Rule-based model: Considers the severity of the alert, and maps any severity level (Critical, Major, Minor, Warning) into a state. For example, a binary-state configuration maps into two possible states: 0 – No alert for the CI 1 – Alerts exist for the CI Each configuration consists of one or more rules that define the set of alerts to be included in the RCA, such as all alerts with the severity of critical. You can define custom RCA configuration using the rule-based model, adding rules to map alerts according to CI and alert attributes to various states.The base system includes the predefined RCA configuration Default Binary Model Config, which is the default RCA configuration. Multi-state model: Based on the combination of the Resource and the Metric Name alert columns to learn the model, and it is not associated with any rules. The multi-state model combines the Metric Name and Resource alert columns into a string, and then aggregates such strings from multiple alerts into a single state string. The number of resulting states is determined by the number of unique state strings for a particular CI.The base system includes the predefined RCA configuration Default Multi State Config, which you can use in a comparison test of RCA configurations. There are no variations for this default configuration, and therefore you cannot create a custom RCA configuration that is based on the multi-state model. There is no single RCA configuration that is the most optimal in every environment. Therefore, in addition to the default configurations, you can create custom rule-based RCA configuration. A custom RCA configuration can use additional CI and alert attributes, such as a location attribute to scope the analysis to a specific data center. User can add rules that define how to map alerts for different CIs to various states. You can compare the RCA results on actual business data, between any two RCA configurations allowing you to select the optimal configuration in your environment. A comparison simulates analysis on historical data, and the RCA Configs Comparison report displays the results of the comparison. Create an RCA configurationEvent Management alert aggregation and RCA uses an RCA configuration to determine which set of alerts from the sa_analytics_alert table to use for RCA. You can create a custom rule-based RCA configuration, compare it with another RCA configuration and decide how efficient and helpful it is. You can then choose the RCA configuration that is most suitable in your environment, and configure RCA to use that configuration in its analysis.Compare and deploy RCA configurationsCompare the results of root cause analysis between two RCA configurations on actual alerts, then choose the optimal configuration in your environment, and deploy it.