In the world of IT operations, the Configuration Management Database (CMDB) is often considered the heart of an organization. It provides a structured view of all the configuration items (CIs), their attributes, and their interconnected relationships. However, what if your organization doesn't have a fully matured CMDB or doesn't have a CMDB at all? Can you still harness the power of advanced AIOps platforms like ServiceNow's Predictive AIOps? The answer is a resounding yes.
Step 1: Connecting Monitoring / Observability Data Sources
The first step in this journey is to connect your monitoring and observability data sources to your AIOps solution. This could include tools like Zabbix and vRealize, which send events on servers that have no CI entities available in the CMDB. By integrating these data sources, you can start to leverage the power of AIOps immediately, even without a mature CMDB.
Once these data sources are connected, you can immediately see the value of the data by leveraging the out-of-the-box event deduplication engine. This engine can achieve a massive reduction in noise, averaging more than 99%. By eliminating duplicate events, the engine streamlines data analysis and enables more accurate insights to be extracted from the data.
Note: In my previous blog I shared some examples and step by step scenario how to accomplish this stage.
Step 2: Defining Event Management as a Data Input for Health Log Analytics
The next step is to define Event Management as a data input for Health Log Analytics (HLA). This allows you to leverage the powerful HLA logic to identify abnormal behavior based on the streamed events.
With HLA, you can proactively identify correlations and abnormal patterns, such as a group of nodes (aka servers) that became anomalous without the need to define any logic. This is achieved by leveraging unsupervised machine learning to capture these alerts.
Note: Event Management data input is not an OOTB connector and it is a roadmap item.
Step 3: Leveraging the Power of HLA
Once Event Management is defined as a data input for HLA, you can start to see the real power of this approach. HLA can parse logs (in this case, the Event Management’s event are the logs) and detect anomalies, predicting possible issues before they affect service. This allows you to proactively manage your IT environment, identifying potential issues before they escalate into major incidents.
In addition, HLA can provide insights into related changes, incidents, and recurring alerts, offering a broader picture of the situation. These insights can be valuable in identifying problematic trends or repeated issues.
Step 4: Showcasing the Results
To illustrate the power of this approach, let's look at some screenshots. These screenshots show how multiple events from the different hosts are grouped as a single abnormal alert generated by HLA. Further drilling down shows that almost 20 servers suffer from a similar issue at the same time window. HLA was able to identify this abnormal pattern just by analyzing the events w/o the need for CIs in the system. This grouping reduces the number of individual alerts sent to teams, minimizing noise and improving response efficiency as well as illustrating the system proactiveness. More importantly, while each individual event might have been dismissed on its own, the simultaneous occurrence of these events following the same pattern has enabled HLA to identify a likely alert. This proactive alert generation, which would have been entirely missed without ServiceNow Predictive AIOps, demonstrates its true potential and power..
Alert details:
Related logs:
Conclusion
Even without a mature CMDB, you can still harness the power of ServiceNow's Predictive AIOps. By connecting your monitoring and observability data sources to event management and defining Event Management as a data input for HLA, you can leverage the powerful HLA logic to identify abnormal behavior and proactively manage your IT environment. This approach allows you to maximize the value of your AIOps solution, improving operational efficiency and service quality.
