Viewing abnormality and MVGD events
TrueSight Intelligence uses metric data to establish a baseline, which indicates a normal range for the measurements. A deviation from this baselines causes the system to automatically generate events that are available from the Events menu.
Before you begin
You can see a list of events only if they are generated by the sources used to collect data. For more information, see Collecting data.
A minimum of six hours of data is required for TrueSight Intelligence to establish the baseline.
An abnormality event indicates a deviation of a metric value from its baseline. For example, if the number of loan requests received every hour on the previous day were between 100 and 200, this value range is established as the baseline. An abnormality event is generated if the number of requests goes above or below this established range for the current day. Click an event to view details such as Event ID, IP addresses, Device name, and so on. The abnormality events is highlighted on the chart.
The Events screen lists the events generated and can be accessed from various screens in the UI. Use this screen to view details, and apply filters to drill down.
The tenantId, source.ref, source.type, and eventClass fields are part of the fingerprint fields. A new event is generated for every change to the value of any of these fields.
To view event details
From the event list, click an event to view its details. Use the buttons available to navigate to the previous and next event.
- Chart: Displays the chart of the metric for which the event was generated.
- Properties: View all the event fields along with corresponding values for each field.
- History: View the state changes for the selected event.
- Developer tools: View technical information and copy the code to the clipboard for analysis.
To view details for a multivariate Gaussian distribution (MVGD) event
Anomalies in data are detected based on deviation in the values of a standard set of metrics collected using the TrueSight Meter. TrueSight Intelligence applies this technique on multiple system metrics, which are collected every second from meters installed on hosts, and detects abnormal hosts while taking into consideration multiple metrics across hosts over a period of time. This provides an early warning system for proactive intervention and resolution of host-related issues before they impact end user response time or application performance.
The standard set of metrics collected by the TrueSight meter are:
- CPU Utilization
- Disk Data Write
- Disk Data Read
- Network Inbound
- Network Outbound
- One Minute Load Average