Investigating ML-based situations

Generative AI situation summary powered by BMC HelixGPT

To help the operators or SREs with faster root cause analysis, accurate understanding of the context, and cause behind the correlation of each situation, powered by BMC HelixGPT, BMC Helix AIOps provides a human-readable AI-generated situation summary. This summary gives a synopsis of a short problem classification, a brief root cause summary, and a causal summary explaining the complete context.

Without BMC HelixGPT, you can only see the summary generated by BMC Helix AIOps AI/ML algorithm.

If BMC HelixGPT is not enabled for your tenant, contact BMC Support.

To view and investigate a situation

1. On the BMC Helix AIOps console, click Situations.
   By default, you can see All Situations in the hierarchical view. You can change it to a list or tile view.
2. Click an individual situation to view the details.
   You can also expand a primary situation or similar Situation group and can click any individual situation of that group.

3. Analyze the brief situation summary and perform actions.

   When BMC HelixGPT is enabled

   When BMC HelixGPT is not enabled

   AI-generated summary (Short problem statement, brief summary, and detailed problem context) Situation severity, priority, last modification date, incident ID (if available), and status. For ML-based situations, the impacted service name is displayed with a link. Clicking the link opens the service details page. Clicking the Incident ID link opens the incident in BMC Helix IT Service Management – SmartIT. (Requires BMC Helix ITSM subscription) Action menu to perform actions on situations.

   Situation name, severity, incident ID (if available), status, and last modification date. Clicking the Incident ID link opens the incident in BMC Helix IT Service Management – SmartIT.  (Requires BMC Helix ITSM subscription) For ML-based situations, the impacted service name is also displayed with a link. Clicking the link opens the service details page. The total number of change requests displayed as part of the situation. Clicking the link opens the Changes tab. (Requires BMC Helix ITSM subscription) Action menu to perform actions on situations.  Situation highlight to show the number of events from the top three impacted hosts.

4. (Optional) From the Similar Situations section, analyze the pattern and trend of similar situations associated with the same service node.
   This section is displayed only if at least two occurrences of similar situations are identified within a 24 hours window. This section is not displayed for a primary situation.

1. 1. Click the Aggregated View to view the number of occurrences against the day of the week. The day of the week is represented on the Y-axis and the hourly time slot for 24 hours is represented on the X-axis. This view is seen only if there are situations available for more than one week. The situations are grouped by the day of the week from Sunday to Saturday.
   2. Click the Detailed View to view the number of occurrences against day and date for the last 30 days. The day and date is represented on the Y-axis and the hourly time slot for 24 hours is represented on the X-axis. This view is seen even if the data is available for a single day. This view captures data between the first occurrence date and the most recent occurrence date for the last 30 days. 
   3. Click Show More to view additional situation details such as time of occurrence, number of related events, type, severity, priority, status, and incident ID. Clicking the Incident ID link opens the incident in BMC Helix IT Service Management – SmartIT. 

   4. (Optional) Click the action menu to perform event actions for a situation.
      

      Important

      All events except the alarm type events can be closed. You can close a situation even if the incident created for the situation is not closed.

      
      
      

2. From the Situation Explanation section, use the root cause view or list view to analyze the root cause events associated with the situation.
   This section is not displayed for a primary situation. However, it is visible for individual situations that are grouped as part of a primary situation.
   • The Root Cause View shows the impact flow of events in a situation in graphical format. Based on the temporal and topological relationships between various causal events in the situation, the ML algorithm determines the root cause event and consequent events. Each event in the graph is aligned against the corresponding CI Kind. The impact direction of the graph indicates the impact flow from the root cause event. You can see the impact score percentage displayed along with the event. The total impact score from all the events adds up to 100 percent.
     • Hover over an event to view the impacted node details and the corresponding CI or CI Kind highlighted in the CI topology and analysis section. 
     • Click an event to view additional details on the Situation Details pane.
       

1. • The List View displays all causal events. In the List view, you can view the event messages, impacted host, occurrence time, severity, priority, status, and incident ID. 

   • The Changes view displays the change requests from the last five days.

     Important

     The capability to view change requests for situations is available upon request. For more information, contact BMC Support.

2. From the CI topology and analysis map, identify the CIs with maximum impact probability due to the situation.
   The topology map is not shown when you click to view the details of a primary situation. However, it is shown for all related and similar situations.
3. Expand the Similar Situations section to view the list of situations that occurred in the past with the number of occurrences.
   The Similar Situations section is displayed if at least two occurrences of similar situations are identified within a 24-hour window. You can expand the section to analyze the list of all historical occurrences of the situation. This section is not displayed for a primary situation. 
4. (Optional) Expand the Situation events section and do the following actions:

1. • Select List view to view additional event details and perform event operations. Do the following actions:
     

     • Use the column selector to customize the columns and make it appear or disappear from the view.
       Only selected columns are displayed. You can also drag and drop the columns to rearrange them based on your requirement. 
     • Change the View Type to either Flat or Hierarchical.
       The flat view type is selected by default, where the events are listed in a sequence. A hierarchical view groups events within events based on event signatures to give a better organized presentation of events.

     In the flat view, the events are listed in a sequence. A hierarchical view groups events within events based on the event signatures, which is an organized presentation of events as shown in the following image.

     • The Automations column displays the matching automations for the event. To run automations, see Remediating-events-for-services-and-situations. 
     • (Optional) You can also request for the automations to be created or if you have permission, create automations for events yourself.

     

     1. Click an event message to view the Event Details pane with the following details:
        
        • 
          
          • Event name, event score, severity, priority, status, and the More Details button to open the event details page in BMC Helix Operations Management. 
          • Event assignee details.
          • Date when the event first occurred or was last modified.

          • Event summary showing the Class, Incident ID, Object Class, Object, and Host. Clicking the Incident ID link opens the incident in BMC Helix IT Service Management – SmartIT. 
            For more information about Classes and Objects, see EVENT base event class.

          • Logs and notes history: All logs and notes for an event are displayed.
            • Enter a note in the text box and click Add Note to add any additional notes related to the event. 
              Any note added for the event is reflected for the event in BMC Helix Operations Management.
          • Performance View tab: If the slot value for the event class is Alarm, the tab displays the time-series data collected from key the attributes of the causal events of ML-based situations.
            
     2. Click the action menu to perform event actions.
        
2. (Optional) Expand the Related Situations section.
   By default, this section remains expanded for a primary situation.
   
   1. Identify the root-cause situation and analyze the attributes such as time of occurrence, number of similar situations, number of related events, type, severity, priority, status, and incident ID. Clicking the Incident ID link opens the incident in BMC Helix IT Service Management – SmartIT. 
      
      • The (Primary Situation) icon under the Type column represents a group of stabilized or saturated ML-based situations. 
      • The (Root-Cause) icon before the Situation name represents the root-cause situation among the list of all correlated situations.
   2. (Optional) Click the action menu to perform actions for a situation.

Situation or event actions

 The event actions are available based on user role. The following table describes the actions you can perform on situations or events. For more information about the impact of actions on an event, see Performing event operations in the BMC Helix Operations Management online documentation.