Understanding event thresholds

Events are generated when event threshold values are exceeded.

The approach BMC ProactiveNet takes to detect abnormal behavior is different from the traditional threshold approach. The traditional approach requires the definition of hard thresholds that must be customized for each instance. This requires precise knowledge of the environment and is not very scalable in terms of administration. The following table describes the types of event thresholds that BMC ProactiveNet offers.

Types of event thresholds

Threshold type

Description

Absolute threshold

Absolute thresholds are static threshold that represent an absolute value above or below which an event is generated. In general, an absolute threshold is specified for attributes that have common accepted values beyond which performance is known to degrade. Absolute thresholds are better suited for attributes that change status. For example, if the total CPU utilization of a Solaris system is above 80%, it may result in performance issues. In this case, you can specify an absolute threshold of 80% for this attribute.

Signature threshold

Signature thresholds are dynamic thresholds that use the baseline as the threshold. Users do not need to set a threshold value, because the baseline is autogenerated. Because of this, it is a much more scalable approach in managing thresholds. 
Signature thresholds focus on performance metrics such as response time, utilization, errors for network devices, LANs, WANs, servers, and network application services, reporting readings above or below the baseline. 
Signature thresholds allow you to control the number of events generated by a monitor. They are used to set the minimum deviation from the high and low baseline, established by BMC ProactiveNet for a monitor whose overall baseline is considered too low. Signature thresholds are better suited for attributes that degrade over time. In case no signature threshold is enabled by the user, BMC ProactiveNet uses the default values to generate events.

Abnormality Event threshold

BMC ProactiveNet Abnormality thresholds operate in the same way that Signature thresholds work. However, they generate abnormality events utilized by Probable Cause Analysis correlation rather than generate events. Abnormality thresholds are automatically set (out of the box) on all metrics. This is important because users do notneed to do anything in order to start seeing the value of the abnormalities in context of Probable Cause Analysis correlation. Abnormalities are used in Probable Cause Analysis, generally do not generate events, and are automatically closed when the generating condition no longer exists.

  • Predefined Abnormality Event thresholds cannot be removed or cleared for any of the attributes. 
  • If the abnormality threshold is suppressed for any of the attributes, baselines are not generated and events are not triggered for those attributes. 
  • To disable the abnormality threshold, in Advanced option, select Suppress event, and click Apply. 

Intelligent threshold

Signature and absolute thresholds can be combined to create an intelligent threshold that generates events when a metric value falls outside its baseline and is above its absolute threshold. These help to alleviate issues with absolute values that are set too low for the normal operating environment. 
Intelligent thresholds provide the following benefits:

  • They reduce the aggravation to manually set and maintain hundreds of absolute thresholds. 
  • They reduce false events to a large extent, by guessing what the threshold must be for each attribute and device at any time or day of week. This eliminates the problem of over, or under, alerting. 
  • They facilitate faster detection of potential problems. This allows you to fix problems proactively.

Related topics

Setting-event-thresholds

Determining-the-probable-cause-for-an-event

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*