Clustering event data for advanced analysis
This advanced analytics feature uses sophisticated unsupervised machine learning algorithms and natural language processing to analyze event text to automatically cluster events by topic. Multiple use cases such as enabling you to identify hotspots, inform resource allocation and automate operations tasks, and analyze monitoring event text, Jira tickets are supported.
Use TrueSight Intelligence to define parameters that are used to automatically create clusters from events using advanced data analytics methods such as text analytics using bigrams, and latent Dirichlet allocation (LDA). Specify the app and event type that you want to use for creating clusters, and select the event field that needs to be scanned for patterns.
To manage the analytics jobs
Select Advanced Analytics to view the following details for the list of jobs.
|Name||Name of the analytics job|
|Job Type||Type of the analytics job|
|Time Started||Date and time when you ran the analytics job|
|Time Finished||Date and time when the analytics job was completed and results were ready|
|Time to Expire|
The current status or time duration after which the analytics job will expire
By default, all jobs expire after three days. Click Re-Run to run a job after it expires.
|Delete||Clickto delete the corresponding job|
|Re-Run||Click Re-Run to run a job that has expired or failed|
|View||Click View to view the results for the analytics job|
To create an event cluster analytics job
- Select Advanced Analytics > New Event Cluster to create a new event cluster job
- Select the data
- Specify the Time range for which you want to analyze events.
- Select the App to which the events are associated.
Select the Event type that you want to analyze.
Click + Add and select additional filters.
The Total Number of Events indicates the number of events found based on the data selection criteria. The time required for a job to run varies depending on the number of events, and can take a few minutes to an hour. Consider modifying the configuration to perform a quicker analysis using a smaller number of events.
- Select the parameters
Select the Event field you want to analyze. Select fields such as the title or description for textual analysis. The
titlefield is used by default, select additional fields as required.
- Select the number of clusters you want to create for this job.
- The suggested Job Name uses the value of the parameters used to create the job. If required, clear and type a custom name.
- Click Run.
The event cluster job is added to the list of jobs. After the event analysis completes, click View to view the result for the job.
To view the job results and perform an in-depth analysis
Select Advanced Analytics and click View corresponding to a job in the list to open the job result. Click Re-Run to run a job that has expired.
The result displays the textual analysis of your chosen event field, each cluster is denoted by a box. The size of the cluster is proportional to the number of events that contain the keyword pairs in the cluster.
- The cluster label: Each cluster contains multiple keyword pairs, and the top keyword pair is used as the cluster label. Place your mouse cursor over the cluster label to view the top ten keyword pairs for the cluster.
- Total number of events: The number of events that contain the keyword pairs in the cluster is displayed in parenthesis.
- Viewing events: Click anywhere in the cluster to view the list of events in the Events tab.
Use the result of the analytics to perform further analysis. For an example of using event clustering for analyzing service desk tickets, see Ticket clustering use case.