Configure pattern based alert grouping

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:3分

    • Configure the Alert Aggregation Learner (Service Analytics Alert Aggregation Learner - Daily), an offline job that runs daily to process past alerts. It identifies patterns of related alerts using a combination of pattern-based and probabilistic techniques, enabling quicker detection and resolution of recurring issues.

    始める前に

    Role required: evt_mgmt_admin

    このタスクについて

    The Alert Aggregation Learner tracks manual additions and removals of alerts from automated alert groups. If you undo any previous alert additions or removals, the automatic process adjusts accordingly.

    You can review user additions and removals from automated alert groups and undo any action to prevent it from being automatically repeated. The Alert Aggregation Learner also identifies patterns in manual alert groups, enabling automatic formation of new alert groups based on these patterns when new streams of alerts arrive.

    手順

    1. Navigate to All > Event Management > Administration > Alert Corrlelation Properties.
    2. Enable the following properties.
      • Enable alert aggregation for Automated, CMDB, and Text-based groups (sa_analytics.aggregation_enabled).
        注:
        When disabled, disables all other groups.
      • Enable ML based Automation correlation (sa_analytics.specific_patterns_enabled).
    3. オプション: To configure the time period for the Alert Aggregation Learner to process alerts, perform the following steps:
      1. Navigate to All > System Properties > All Properties.
      2. On the System Properties page, select the sa_analytics.agg.learner_period_days property.

        If the property doesn't exist, you need to define it.

      3. Set the property's Value to the number of days by which you want alert aggregation learner job to process.
        注:
        Values larger than 30 days increase job processing time. For optimal performance, use values of 30 days or less.