How BMC ProactiveNet performs probable cause analysis on  events

Probable cause analysis focuses on events that are able to impact other events in unexpected ways. Therefore, the following events are not considered during probable cause analysis:

  • Administrative events - Administrative events include all events that belong to specific event classes within the MC_CELL_EVENT class. These event classes are listed in Event information used in probable cause analysis.
  • VMware-related VMotion events - Events related to use of a virtual machine are handled differently from other events. For more information see Probable-cause-analysis-in-a-virtual-environment
  • Predictive events - Predictive events are early warning events that BMC ProactiveNet generates before a severe event occurs on an existing metric. 
  • Blackout events - Blackout events include all events that occur during a defined blackout period for an adapterThe Probable Cause Analysis(PCA) in BMC ProactiveNet computation is useful in troubleshooting performance-related issues. 

The Root Cause Analysis (RCA) in SIEM computation is useful in finding the root causes for the issues. The service model is well defined, and thresholds exist on all the metrics that represent the health of all the CIs that are present in the model.

  • The service model is present, but the thresholds are not set on all the metrics. In this case, PCA can be very effective by looking at relevant abnormalities, external events, and configuration change events. 
  • The service model is present in a detailed or high level, but many events are shown as impacting events. In this case, PCA can be used to sort the events by score computation and by looking at various factors like data correlation, time correlation, severity, and so on. 
  • The service model is not present. 
  • Impact computation is available only for open events. PCA is used for finding the root causes after the occurrence of an event. 

  • When troubleshooting system resource-related issues in virtual environments and BMC adapter for VMware is used for data collection. 

    Probable cause analysis can be performed on internal events and external events. An internal event is an event that is generated by the BMC ProactiveNet Server. Internal events also are referred to as intelligent events or data events because these events include a large amount of data. For a list of slots used by probable cause analysis to analyze events, see Event information used in probable cause analysis.

    External events are events that are received from an external source, such as a remote cell or an event adapter. Because these events come from a source that is external to BMC ProactiveNet, these events do not have the data associated with them that an internal event does.Because internal and external events vary in the amount and type of data that they supply, internal and external events are handled differently during the probable cause analysis process.

    Because internal events are rich in data, these events go through more analysis steps than external events. When BMC ProactiveNet is analyzing an internal event to determine whether it could be a probable cause for another event, it applies a series of filters to the internal event, in the order shown in the following figure:

    Probable cause analysis process for an intelligent event
    pca_Internal_events.gif

     

    Because external events do not contain data as internal events do, probable cause analysis for external events uses fewer filters, as illustrated in the following figure:

     

    pca_external_events.gif

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*