Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Automated alert groups

Log in to subscribe to topics and get notified when content changes.

Automated alert groups

Event Management alert aggregation and RCA aggregates alerts into automated alert groups that represent the underlying event data. Automated alert groups are displayed in the Alert Console and in the Event Management dashboard.

To enable creating automated alert groups, set the Enable alert aggregation (sa_analytics.aggregation_enabled) property to true. For troubleshooting, ensure that the Service Analytics group alerts using RCA/Alert Aggregation scheduled job is running.

If Domain Support - Domain Extensions Installer is activated, then alert aggregation is applied at the domain level that is specified in the sa_analytics.agg.learner_domain_level property. By default, this property is set to 2, which is the second domain level in the domain hierarchy.

To create automated alert groups, aggregation algorithms rely partly on historical data in the alert knowledge base from similar past alerts and processes. As alerts continue to be generated and processed, data is collected and incorporated into the alert knowledge base for future processes and analysis.

Automated alert groups provide these capabilities:
Predictive alerts
If an automated alert group pattern contains at least four alerts, then alert aggregation uses the information of these existing alerts to generate predictive alerts. Each predicted alert is associated with a probability percentage number which represents the confidence in this alert actually being generated in the future. Predicted alerts with probability above the value of the Alert Prediction Minimum Confidence Score (%) Threshold property, are then displayed in the Group Timeline view in the Alert Console.
Root Cause Analysis
If the Alert Correlation RCA Enabled property is set to true, then alert aggregation applies Root Cause Analysis (RCA) to automated alert groups, to identify a root cause alert within the group. Identified root cause alerts are then displayed with a star, in the Group Timeline view in the Alert Console. If a root cause alert is identified for an automated alert group, then that alert is designated as the primary alert of the group.