Viewing an alert group analysis by Now Assist in Express List
View an analysis of alert groups in Express List, generated by Now Assist using AI. The analysis helps you better understand the nature of the alert group, why the alerts in the group were correlated, and how to proceed in the remediation process.
The AI-driven alert group analysis offers a simplified, human-readable description of the group and technical information to help you investigate it more efficiently. The information provided is based on descriptions and Configuration Item (CI) details relating to the individual alerts in the group. Alert group analysis is supported for the following alert group types:
- Tag-based alert groups
- Tags help categorize alerts based on common attributes, such as impacted systems or services. Alerts in tag-based alert groups share certain tags, indicating similarities in the issues. The alert analysis for these groups presents the shared tags that were used to correlate the alerts in the group. It also provides insights into why these alerts were grouped. In addition, the analysis offers suggestions for a course of action based on the similarities between the tags.
- CMDB alert groups
- When an alert is created on a CI in the Configuration Management Database (CMDB), Event Management looks for alerts on other CIs that are closely related to it in the CMDB topology. A close topological relationship between CIs suggests an interdependence between components in the IT infrastructure and contributes to alert correlation. When a relationship between CIs is found, a CMDB alert group is formed. The alert analysis for CMDB alert groups explains the nature of the group and why it was formed, and the relationships between the CIs. It also provides technical information to help you decide on which alerts to concentrate your investigation.
- Log Analytics alert groups
- When Event Management identifies multiple Log Analytics alerts that are related in important ways, it groups them into a Log Analytics group. The system generates a Log Analytics group when the Log Analytics alerts share one or more relationships related to time, metadata, message text, and trend. The alert analysis for Log Analytics alert groups is based on the analysis of anomaly information provided by Health Log Analytics, and on the descriptions, CIs, and tags of the alerts in the group.
- Network Traffic-based alert groups
- The Network Traffic-based alert grouping method groups alerts by analyzing network traffic connections between processes across hosts. It leverages service candidates identified by ML Service Mapping to group the alerts. Alert analysis for network traffic-based alert groups gives a description for all the alerts in the group and the connections between them.
- Mixed alert groups
- The Mixed grouping method combines alerts using multiple grouping strategies, such as those used in CMDB alert groups and tag-based groups, in a single, cohesive group. This method leverages the strengths of each strategy to reduce alert noise, improve alert correlation, and highlight the true root cause of incidents.
- Automated alert groups
- Automated alert grouping uses aggregation algorithms to identify and group related alerts that share the same alert identifier, such as the CI and metric identifier, and that occurred multiple times within a similar time frame. The algorithms rely on historical data to detect recurring patterns and organize similar alerts. Alert analysis for automated alert groups provides details about the CI or time-based patterns that contributed to the grouping. The analysis also includes a summary of historical incidents related to the group, including frequency, criticality, and resolution strategies.