Monthly Averages from Daily Metrics Problem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2025 07:53 AM
I'm working on using performance analytics to capture MTTA, MTTC data in security incident response. There were several metrics that came OOB for tracking this and other SIR metrics, and they get added to an SI.completed metric view, which is used as an indicator source for several other SIR PA indicators. We created our own scripted metric definitions to properly track state changes as the SIR goes through lifecycle updates. The individual metrics are creating fine for each metric definition, and they're getting added into the SI.completed metric view correctly. We also created our own automated indicators, but they all leverage the same SI.completed metric view source, which collects daily.
The issue we realized is how those daily PA snapshots are getting rolled up to monthly values in our dashboards. Due to the issue with how PA aggregates averages, noted in this KB: KB0754102 , our monthly metrics are off because we're averaging the daily values/days of the month instead of the individual incident metrics/number of incidents occurring for that month.
I'm not a PA expert, but it seems that due to the limitation on rolling up data, we'd have to create separate indicator sources if we want to get weekly, monthly, quarterly rollups accurately. This isn't ideal because there are a number of breakdowns at each level that we're also wanting to collect, and it seems like it would be ideal to limit the number of indicator sources and breakdowns created.
Can someone with deeper PA knowledge let me know how to best set this up if you were starting from scratch? Would formula indicators be a better option, or should we stick with using metrics but separate indicator sources? Ideally we'd like users to be able to filter the data on the dashboard using a date filter, and click into the single score widget to manipulate date numbers and look at individual record lists, but I think doing separate indicators/sources would necessitate separate widgets on the dashboard for weekly, monthly, quarterly data, etc.
