Clustering event data for advanced analysis

This advanced analytics feature uses sophisticated unsupervised machine learning algorithms and natural language processing to analyze event text to automatically cluster events by topic. Multiple use cases such as enabling you to identify hotspots, inform resource allocation and automate operations tasks, and analyze monitoring event text, Jira tickets are supported.

Use TrueSight Intelligence to define parameters that are used to automatically create clusters from events using advanced data analytics methods such as text analytics using bigrams, and latent Dirichlet allocation (LDA). Specify the app and event type that you want to use for creating clusters, and select the event field that needs to be scanned for patterns.

To manage the analytics jobs

Select Advanced Analytics to view the following details for the list of jobs.

ColumnDescription
NameName of the analytics job
Job TypeType of the analytics job
Time StartedDate and time when you ran the analytics job
Time FinishedDate and time when the analytics job was completed and results were ready
Status
  • Submitted: The job was successfully submitted
  • Running: The system is running the jobs
  • Finished: The system successfully ran the job. Click View to see the results.
  • Failed: The job was unsuccessful and failed. Click Re-Run to try running the job again.
Time to Expire

The current status or time duration after which the analytics job will expire

By default, all jobs expire after three days. Click Re-Run to run a job after it expires.

DeleteClick to delete the corresponding job
Re-RunClick Re-Run to run a job that has expired or failed
ViewClick View to view the results for the analytics job

To create an event cluster analytics job

  1. Select Advanced Analytics > New Event Cluster to create a new event cluster job
  2. Select the data
    1. Specify the Time range for which you want to analyze events.
    2. Select the App to which the events are associated.
    3. Select the Event type that you want to analyze.

    4. Click + Add and select additional filters.

      The Total Number of Events indicates the number of events found based on the data selection criteria. The time required for a job to run varies depending on the number of events, and can take a few minutes to an hour. Consider modifying the configuration to perform a quicker analysis using a smaller number of events.

  3. Select the parameters
    1. Select the Event field you want to analyze. Select fields such as the title or description for textual analysis. The title field is used by default, select additional fields as required.

    2. Select the number of clusters you want to create for this job.
  4. The suggested Job Name uses the value of the parameters used to create the job. If required, clear and type a custom name.
  5. Click Run.

    The event cluster job is added to the list of jobs. After the event analysis completes, click View to view the result for the job.

To view the job results and perform an in-depth analysis

Select Advanced Analytics and click View corresponding to a job in the list to open the job result. Click Re-Run to run a job that has expired.

The result displays the textual analysis of your chosen event field, each cluster is denoted by a box. The size of the cluster is proportional to the number of events that contain the keyword pairs in the cluster.

  • The cluster label: Each cluster contains multiple keyword pairs, and the top keyword pair is used as the cluster label. Place your mouse cursor over the cluster label to view the top ten keyword pairs for the cluster.
  • Total number of events: The number of events that contain the keyword pairs in the cluster is displayed in parenthesis.
  • Viewing events: Click anywhere in the cluster to view the list of events in the Events tab.

Use the result of the analytics to perform further analysis. For an example of using event clustering for analyzing service desk tickets, see Ticket clustering use case.

Was this page helpful? Yes No Submitting... Thank you

Comments