Configuring ML-based situations
As a tenant administrator or a custom user with manage situations permissions, you can configure the time limit for aggregating events as part of an ML-based situation and display the policy-based situations along with the ML-based situations.
An event signature is the pattern that either distinguishes or treats an event from an event sequence as belonging to a different or same category.
Options to tune ML-based situations
Use the following options to tune these settings:
- Correlation Event Time Window (in mins): Set the time limit that determines whether two event signatures can be correlated or not provided if the signatures are also correlated from the topology and knowledge graph aspects. Any event that comes after the set time limit is not correlated.
- Situation Stability Window (in mins): Set the time limit that determines the Situation stability. The algorithm stops aggregating events to a situation after the set time limit is crossed if there are no new event signatures added to the situation within the set time limit. If there are new event signatures added, the stability window is reset until there no more new event signatures.
- Show Policy-based Situations: Show or hide the policy-based situations in the Overview > Situations and Situations pages. When enabled, the policy-based Situations are listed along with the ML-based or AIOps Situations in the console.
Example scenarios to understand the options
- Correlation Event Time Window
- Scenario#1 - The time window is set 10 minutes. Assume that a CPU saturation event signature occurred at 11:00 p.m. triggered by a virtual machine in EMEA location. Followed by that, you get a memory threshold violation event from EMEA location and a disk full event from NA location. Even though these two new event signatures are temporally correlated to the first event, but only the memory event from EMEA location meets the topological and knowledge graph aspects of the correlation rules. Therefore, only those two events are correlated.
- Scenario#2 - The time window is set 10 minutes. Assume that a CPU saturation event signature occurred at 11:00 p.m. triggered by a virtual machine in EMEA location. Followed by that, a disk space full event signature occurred at 11:12 p.m. in the same EMEA location. Even though these two events meet the topological and knowledge graphs correlation aspects, they are no more temporally related to each other. Therefore, they won't be correlated.
- Situation Stability Window
The stability window is set at 30 mins and assume that there is a situation having memory and CPU events. A DB failure occurred at 11:00 p.m., which generated a memory event signature at 11:05 p.m. The stability window for this signature is valid till 11:35 p.m. At 11:15, if you get another CPU signature event, which moves the stability window to 11:45 p.m. If there are no new signature events related to the same situation after 11:15 p.m., the situation is stabilized at 11:45 p.m.
To configure situation settings
- Click Configurations > Manage Situations.
- On the Manage Situations page, do the following:
- Drag the slide bar to set the Correlation Event Time Window (in mins). The permissible range is 5 to 60 minutes. By default, it is set to 15 minutes.
- Drag the slide bar to set the Situation Stability Window (in mins). The permissible range is 5 to 60 minutes. By default, it is set to 15 minutes.
- Expand Advance Settings and enable or disable the Show Policy-based Situations to show or hide the policy-based Situations along with the AIOPs Situations. By default, this option is enabled.
- Save the changes.