Configuration > RCA Workspace > Event Correlation
1. Getting Started with vuSmartMaps™
3. Console
5. Configuration
6. Data Management
9. Monitoring and Managing vuSmartMaps™
A powerful feature that utilizes a set of correlation profiles to link events from multiple sources intelligently.
We have 2 types of correlation.
Rule-based correlation involves using a determined set of correlation profiles (rules) to correlate events originating from a list of event sources. Each profile has a set of instructions that guides the system to combine 2 or more events into a single cluster. The cluster generated is termed a Correlated Event.
For example,
We can associate various metadata to a Correlated Event like the count of raw events, start time representing the timestamp when the correlated event was first formed, duration, end time, and so on. This provides the users the ability to make more sense of the problem at hand and reduce the time to fix it.
Click on the RCA Workspace on the left Toggle Menu.
The workspaces page shows a list of previously configured Workspaces. Click on the + button to create a new Workspace.
You can now configure the workspace; the workspace comprises 3 major sections
Enter the Workspace Name and Description, select the Category as 3T Alert Correlation, and choose the Run Type as Online or Offline.
Click on Create and Next at the bottom right to create the Workspace.
Once Workspace is created, you will be directed to the Event Sources page, where you can add events by selecting the Event Data Model.
Click on Next to move to the final step.
Choose a category on which you want to correlate the events. The ‘Journey Based’ and ‘Fields Based’ Correlation profiles are fully functional now.
Click on Finish to complete the setup.
And, you will arrive back at the listing page. Click on the Activate Workspace button from the Actions column.
Choose the ‘Start Time’ and ‘End Time’ within which events will be considered for correlation. Click on the Start button to begin the correlation.
You will find the correlated alerts that appear below. Here out of 100 raw events, 77 events were correlated and brought down to just 6 events. You can notice an amazing 71% suppression.
Alternatively, you can upload a CSV file to correlate the events and click on the Start button.
You will find the correlated alerts that appear below. Here out of 4 raw events, 2 events were correlated and brought down to 1 event. You can notice an amazing 25% suppression.
ML Alert Correlation is a sub-module that helps customers optimize their time while investigating potential downtimes and failures inside the application.
The correlation module helps by analyzing many alert streams from different sources, correlating them by various factors, including data and domain, and reducing the noise.
This helps reduce the false positives to the maximum extent and suppresses the events/ alerts fatigue, which greatly helps operators and respective teams improve the MTTR.
Click on the RCA Workspace on the left Toggle Menu.
The workspaces page shows a list of previously configured Workspaces. Click on the + button to create a new Workspace.
You can now configure the workspace; the workspace comprises 3 major sections
Enter the Workspace Name, and Description, and select the Category as Event Correlation.
Click on Save and Next to create the Workspace.
Once Workspace is created, you will be directed to the Event Sources page, where you can add events by selecting the Event Data Model.
Click on Save and Next to move to the next step.
After successfully configuring Event Sources, you will be directed to the Settings page.
It has 4 major sections.
This is the first section and it allows you to configure notification types. It supports Email and WhatsApp notifications.
Email: Enter the Recipient’s email address. Use commas to add multiple IDs. You could also add an Email group to notify a set of people.
WhatsApp: Enter the Recipient’s mobile. Additionally, you can add a WhatsApp group to notify a set of people.
This is the second section of the Settings page. It has 2 main segments – Training and Inference.
Note: A new user may choose to leave the default settings unchanged
This is the third section of the Settings page. You must choose the start time and end time of the data that must be utilized to train the algorithm.
Please select the larger range of data for the first run so that the algorithm can learn the rules.
Note: The larger the data training the more the algorithm will take a significant amount of time to learn the rules.
This is the last section of the settings page. The event correlation algorithm runs in a scheduled fashion. You can use this page to adjust how frequently training and inference jobs must run.
Click on the Finish button to complete the ML Alert Correlation configuration.
And, you will arrive back at the listing page. Click on the Activate Workspace button from the Actions column.
Choose the ‘Start Time’ and ‘End Time’ within which events will be considered for Training or Training and Inference. Click on the Start button to begin.
If you choose Training and Inference, choose the percentage of the Data used for Inference.
💡Note: The inference phase utilizes the rule created during training to correlate events in real-time.
You will find the training and inference happening in the Status window. To view the results you can click on the link-like button that will take you to the Alert Console and display the results.
Alternatively, you can upload a CSV file to correlate the events and click on the Start button.
Browse through our resources to learn how you can accelerate digital transformation within your organisation.
VuNet’s Business-Centric Observability platform, vuSmartMaps™ seamlessly links IT performance to business metrics and business journey performance. It empowers SRE and IT Ops teams to improve service success rates and transaction response times, while simultaneously providing business teams with critical, real-time insights. This enables faster incident detection and response.