How Text Based Grouping of Alert Works

Ravi Shekhar
Tera Contributor

‎01-22-2024 08:41 PM

How Text Based grouping of alert working , Is there any scope to tuning text based grouping . 

What parameter it takes and what logic it use to group . 

 

As per my understanding once we enable properties it works , but don't know what logic they use , how they group , is that only description we consider or any other attribute of alert too . 

0 Helpfuls
  • 735 Views
4 REPLIES 4

Rahul Priyadars
Giga Sage
Giga Sage

‎01-22-2024 09:07 PM - edited ‎01-22-2024 09:08 PM

Is this what you are looking for.

Event Management uses clustering models to identify common text patterns in alerts and create alert groups. To enable this functionality, you must activate the Machine Learning (ML) plugin and have at least 100 alerts. 

 

FYI OOTB available Clustering ML Solution Definitions.--> ml_capability_definition_clustering.list

 

RahulPriyadars_0-1705986385418.png

Inside ML Solution Definition Fields are Defined for clustering. You can edit / create new , Train it and then Model Can be Deployed.

 

Regards

RP

0 Helpfuls

Ravi Shekhar
Tera Contributor
In response to Rahul Priyadars

‎01-22-2024 09:21 PM

HI @Rahul Priyadars , 

 

Under ml_capability_definition_clustering.list , how we identify whether this clustering is happening only for text based . 

 

My concern is in txt based grouping what we consider , is that any logic . Text based by default takes description for there grouping alert ? . 

0 Helpfuls

Rahul Priyadars
Giga Sage
Giga Sage
In response to Ravi Shekhar

‎01-22-2024 09:44 PM

When Alerts are grouped you Can see what TYPE of Correlation is Applied- As alerts are added to a group, a message is added to the alert’s Work notes field that indicates the reason for aggregating that alert into the group. 

Ensure that the evt_mgmt.alert_groups_reasoning.enable_worknotes property is configured with Value = all.

 

On TEXT based grouping i do not see much text as its all done by Background Job.

RahulPriyadars_0-1705988351831.png

 

Regards

RP

0 Helpfuls

Ravi Shekhar
Tera Contributor
In response to Rahul Priyadars

‎01-22-2024 10:04 PM

 

Hi @Rahul Priyadars , 

 

Please help me to understand , so

1) Grouping happen in Test based we have to create/define Similarity Fields Under Clustering             Definition

2) Clustering Definition we use only in text based grouping or other type of grouping as well 

 

If Clustering Definition >> tuning for text Based Grouping then we can create our own and define different attribute fields of alert under Similarity Fields for Text Based Grouping .  

 

Regards,

Ravi Shekhar

0 Helpfuls