Text-based alert grouping

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • In text-based alert grouping, the EM Alert Clustering Solution forms clusters based on the Description, Metric name, and Configuration item.Class fields. Using this solution, text-based groups are created. When a new alert arrives, the ML Predictor determines which cluster it belongs to, and alerts in the same cluster form a group.

    The ML Predictor job is asynchronous and assigns real-time alerts to clusters. There may be slight delays in receiving the predictor's results, causing the creation of text-based groups to be delayed by several minutes, as the alert grouping job runs once per minute. If the prediction results are not ready during the current run, it will recheck during the next run of the grouping job.

    For text-based logic to execute, you must have the Predictive Intelligence plugin installed and the EM Alert Clustering Solution definition is activated. Text-based thresholds are:
    • Cluster quality threshold: sa_analytics.alert_grouping_tb_cluster_quality_threshold, default is 70.
    • Alert rank threshold: sa_analytics.alert_grouping_tb_alert_rank_threshold, default is 0.3 (smaller values are better).
    Note:
    To use these properties, you need to create properties with the same names and assign the required values to them. For more information on how to create a property, see Add a system property.

    The EM Alert Clustering Solution definition is located in the ml_capability_definition_clustering table. To access it, navigate to Predictive Intelligence > Clustering > Solution Definitions.

    To verify if the solution definition is active, see Verify text-based clustering solution.
    Note:
    To disable the EM Alert Clustering Solution definition, disable text-based alert grouping by setting the property sa_analytics.text_based_group_enabled to false and clearing the Active check box in the EM Alert Clustering Solution definition.