Configure pattern based alert aggregation

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Configure the Alert Aggregation Learner (Service Analytics Alert Aggregation Learner - Daily), which is an offline job that runs daily to process past alerts. The Alert Aggregation Learner identifies patterns of related alerts using a combination of pattern-based and probabilistic techniques.

    Before you begin

    Role required: evt_mgmt_admin

    About this task

    • The Alert Aggregation Learner tracks manual additions and removals of alerts from automated alert groups.
    • The Alert Aggregation Learner also learns the patterns of alerts in manual alert groups. Later, when new streams of alerts arrive, alert aggregation automatically forms automatic alert groups according on these patterns.

    Procedure

    1. Navigate to All > Event Management > Administration > Alert Corrlelation Properties.
    2. Enable the following properties.
      • Enable alert aggregation for Automated, CMDB, and Text-based groups (sa_analytics.aggregation_enabled).
        Note:
        When disabled, disables all other groups.
      • Enable alert aggregation for CI-based Automated groups (sa_analytics.specific_patterns_enabled).
    3. Optional: Navigate to All > System Properties > All Properties.
    4. Optional: On the System Properties page, select the sa_analytics.agg.learner_period_days property.
      If the property doesn't exist, you need to define it.
    5. Optional: Set the property's Value to the number of days by which you want alert aggregation learner job to process.
      Values larger than 30 days increase the job processing time. Use values of 30 days or less for best performance.