Ops Intelligence
Asset Intelligence
Observability
Robotic Data
Introduction
How it Works
Getting Started
Glossary
Implementer Guide
cfxDimensions Installation
cfxOIA Installation
cfxOIA Application Services
Release Notes
KEY FEATURES GUIDE
Incident Management
Alert Management
Advanced Alert Configuration
Alert Mappings
Alert Enrichment
Alert Correlation & Suppression
Creating and Updating Correlation Policies
Creating and Updating Suppression Policies
Correlation Recommendations
ML Driven Operations
Data Exploration
RDA (Robotic Data Automation)
Analytics
UI & PORTAL FEATURES GUIDE
Filters Management
Customizing Table Views
Exporting Data
Administrator Guide
User Roles & RBAC
Collaboration
Projects
INTEGRATIONS GUIDE
Integrations Overview
Featured Integrations
Powered by GitBook

Correlation Recommendations

cfxOIA correlation engine can learn and provide new correlation recommendations using unsupervised ML clustering on historical alert data. OIA provides this recommendation in the form of list of problems or symptoms, each identified as a cluster, that are relatable in customer's environment. It also provides a confidence score %, indicating the level of similarity of messages in each cluster and higher the confidence score, more similar the messages are. Admins can run generate the recommendations on-demand by running ML experiments on historical alert data by selecting data from a certain time period, for example during past 3-months or past 6-months. An upcoming feature is to be able to schedule the ML experiments to be run on an periodic or ongoing basis. The way this clustering process works is it first devariablizes i.e takes out all variables, identities etc. from alert data and tries to arrive the core message tha alert represents. For example, if multiple alert messages with

user john.doe not able to login to cms1.acme.local
user mark.scott unable to open login into portal cms1.acme.local
user lucy.lu complaining of login failure cms1.acme.local

The real issue is with "unable to login" and not the user who complained. OIA gets to the real symptom by using devariablization and performing DBSCAN and HDBSCAN clustering algorithms to come up set of a symptoms or problem clusters found in the data.

Administrators can review new clustering recommendations by browsing through list of symptom clusters, select a symptom cluster and create a correlation policy out of the symptom cluster. This process can be repeate for other clusters. Admins can also rename symptom clusters and give an appropriate name to the cluster based on the messages in the clusters. For example, "Device not reachable", "Batch job failure", "Duplicate IP", "Disk Fragmentation high" etc.

Previous
Creating and Updating Suppression Policies
Next - KEY FEATURES GUIDE
ML Driven Operations
Last updated 11 months ago