Gaining Value from AIOps Solutions Without a Fully Matured CMDB

In my previous blog I provided a comprehensive coverage for ServiceNow AIOps solution and its multiple techniques. AIOps is transforming the way organizations manage and respond to IT incidents. By leveraging AI and machine learning, AIOps solutions can filter, correlate, and group events to reduce noise and improve alert management. But what if your organization doesn't have a fully matured Configuration Management Database (CMDB) in place? In this blog post, we will explore how you can still gain value from AIOps solutions without a fully matured CMDB and provide a step-by-step guide to implementing node-based automatic grouping and tag-based grouping capabilities.

Step 1: Connecting Data Sources

The first step in gaining value from AIOps solutions without a fully matured CMDB is connecting multiple data sources. In our example, we'll be connecting Zabbix and vRealize, which send events on servers that have no CI entities available in the CMDB. This demonstrates how AIOps can still provide value even in the absence of a fully matured CMDB.

To connect these data sources, you'll need to:

1. Configure the data source integration within your AIOps solution, ensuring that it can ingest data from both Zabbix and vRealize.
2. Set up event collection and forwarding from Zabbix and vRealize to your AIOps solution.
3. In ServiceNow AIOps this can be easily archived with a few clicks using our Integration Launchpad that provides a guided experience to setup data sources.

In the picture below we can see the Integration Launchpad view for events connector.

Once data sources are plugged into a system, the value of the data can be immediately seen by leveraging the out-of-the-box event deduplication engine. This engine can achieve a massive reduction in noise, averaging more than 99%. By eliminating duplicate events, the engine streamlines data analysis and enables more accurate insights to be extracted from the data. This reduces the time and effort required for data processing and analysis, leading to more efficient and effective decision-making. But the story doesn't stop here, and additional improvement can be achieved.  

Step 2: Enabling Node-Based Automatic Grouping

When CMDB is not fully deployed, ServiceNow AIOps solution can be easily configured to leverage other alert attributes such as node name, metric name and others to build the grouping models. As covered in my previous blogs, ServiceNow AIOps uses both temporal based algorithms (Conditional Probability and Mutual Information) to build alert patterns as well as K-Means Algorithm to group alert based on their text. Once Node-based automatic grouping is enabled, it acts as a key feature of AIOps solutions that allows you to group events based on their source, such as server hostname or IP address without the need of Configuration Items in your CMDB. To enable node-based automatic grouping:

1. Configure the event ingestion settings to process events from both Zabbix and vRealize as shown before.
2. Enable node-based automatic grouping, ensuring that events are grouped based on their source, by enabling the relevant system property (sa_analytics.enable_no_ci_grouping).
3. add node field as an identifier (on top of the default ‘Configuration Item’) under Pattern Identifier menu.
4. Verify temporal and text-based grouping are enabled (automatic grouping is enabled by default)

Once doing so, the solution will build new models based on alert history and will group alerts together based on the matching of the incoming alerts stream to the auto-created models.

The below picture shows a text-based (K-Means) grouping for alerts without CI in the same time window:

The following shows a temporal grouping (Conditional Probability) for alerts without CI in the same time window coming from multiple sources.

Step 3: Leveraging Tag-Based Grouping Capabilities

Tag-based grouping is another powerful feature of AIOps solutions that enables you to group events based on shared tags. To leverage tag-based grouping capabilities:

1. Create a simple event rule within your AIOps solution that extracts tags from incoming events. This may involve parsing event payloads for specific tag patterns or keywords.

This is an example how it looks in ServiceNow AIOps

2. Define basic tag-based clustering rules that group events based on shared tags. These rules can be as simple or complex as needed, depending on your organization's requirements.
   
   The below is an example for Tag-Based Rule that based on exact tag matching
   

    

3. Apply these tag-based clustering rules to your AIOps solution, enabling better event management and reducing noise.

This is an example how multiple alerts from the same host/ip are being  grouped and shown in ServiceNow AIOps solution (AIOps Experience Express List)

Step 4: Assessing Alert Coverage and Alert Reduction Results

By implementing node-based automatic grouping and tag-based grouping capabilities, your organization can achieve significant benefits in alert management. Key improvements include:

- Improved alert coverage: Your AIOps solution will now be able to identify and group related events, providing better visibility into potential issues.

- Alert reduction: By grouping related events together, the number of individual alerts sent to teams will be significantly reduced, minimizing noise and improving response efficiency.

Within ServiceNow AIOps solution, a value realization dashboard (based on Platform Analytics) can quickly demonstrate the trend of alert coverage once the new rules are being enabled which means the actionable alerts number was dramatically reduced to meaningful alerts only.

Additionally, despite the spike in events, the total number of alerts was not increased due to proper grouping:

Conclusion

Implementing AIOps solutions without a fully matured CMDB is not only possible but can provide substantial value to your organization. By connecting multiple data sources, enabling node-based automatic grouping, and leveraging tag-based grouping capabilities, you can improve alert management and gain insights more efficiently. While a fully matured CMDB is still an essential goal for any organization, don't let its absence hold you back from reaping the benefits of AIOps.

As your CMDB implementation matures, you can accomplish further correlation and root cause analysis by utilizing topology-based correlation, business service impact, prioritization, end-user impact, improved probable root causes, and more. AIOps is a journey with multiple stages of maturity; you shouldn't wait to deploy until you reach the highest level, as you can gain valuable benefits even in the initial phases within days and with minimal investment. Embark on your AIOps journey today..