Skip to Content

Investigating ML-based primary situations

Related topics

Investigating ML-based independent situations

Investigating ML-based situations that impact multiple services

Use-cases

As an operator or a site reliability engineer (SRE), use the ML-based primary situations to: 

  • Investigate issues faster by grouping related issues
  • Reduce redundant alerts
  • Focus on probable root causes
  • Take actions that affect all related situations in one go

A primary situation is a grouping of multiple related open situations that occur due to a common issue and impact multiple services across the service hierarchy. Instead of analyzing each situation individually, operators and SREs can investigate the primary situation to understand the broader context and take corrective actions efficiently. This approach streamlines troubleshooting, reduces redundant alerts, and highlights the root issue affecting multiple services.

For a primary situation to be created, all the involved situations must be linked through shared CIs or relationships, regardless of the impact direction. Also, at least two events are required on each participating service. These are then grouped into a primary situation based on topological links.

Example

Consider a scenario where a network switch failure occurs in a shared infrastructure of a data center. This switch is a configuration item (CI) that supports multiple business-critical services such as login service, billing service, and payment portal.

Due to the failure, each of these services experiences degraded performance or outages, triggering separate situations in BMC Helix AIOps. As all these situations involve the same network switch CI, and are linked through related CIs in the topology. 

WarningSome content is unavailable due to permissions.

automatically groups them into a primary situation.

Information
Important

The following features are not available for primary situations:

  • Similar situations
  • Situation explanation
  • CI Topology analysis
  • BMC HelixGPT-based capabilities
  • Situation highlights 

 To investigate a primary situation

  1. On the 

    WarningSome content is unavailable due to permissions.

    console, click Situations.
    All situations that occurred in the last 24 hours are displayed in a hierarchical view. Primary situations are indicated by the Parent Situation - light mode.gif icon.
    To learn more about primary situations, see Situations overview
  2. Expand the primary situation group to view all related situations.
  3. Identify one or multiple root cause situations indicated by the target target_root_cause_analysis.gif icon.
  4. Click the primary situation and view the following details on the situation details page:
    • Situation name, severity, priority, type, last modified date, and status

       BMC Helix AIOps evaluates all events, causal and child events, correlated into the situation, and assigns the highest severity found among those events to the situation. If multiple events have the highest severity, the situation’s priority is set to the highest priority among those events. For more information, see How situation severity and priority are determined.

      The original causal event might or might not determine the final severity and priority. The causal event determines the root cause assignment, but the severity and priority of the situation are determined by evaluating all events that form the situation. Situation severity and priority are determined from the highest-severity event only when the situation-severity parameter is set to priority-from-highest-severity value in the situations_configurations/search API, and the Multi-service Situations feature is enabled. For more information, see Configuring ML-based situations and Managing situations by using REST APIs.

    • Incident ID: Click to view the incident (if created), or click Create Incident to create an incident in BMC Helix IT Service Management (requires a subscription to BMC Helix IT Service Management). An incident created from a situation inherits the situation's severity and priority values.
    • Name of the impacted service: Click the service name to view service-level details in a new tab.
    • Related situations: Lists all grouped situations under the primary situation.
    • Show Notes: Opens the Logs and Notes panel. View logs and notes associated with the situation. 
      primary_situation_253.png
  5. In the Related Situations section, identify the root cause situation (indicated by the target_root_cause_analysis.gif icon) and analyze attributes such as time of occurrence, number of similar situations, number of related events, type, severity, priority, status, and incident ID.
  6. (Optional) Click a situation name or related events link to drill into more detail.
  7. (Optional) Click the Incident ID link to open the incident in BMC Helix IT Service Management.
  8. (Optional) Click the action menu kebab_three_dots_menu_01.gif to perform actions on a situation.
    For more information, see Performing situation actions
    related_primary_situations_253.png

FAQs

How can I exclude specific events from a Situation?

To exclude specific events from being included in the ML-based situations, you can use event enrichment policies to tag them appropriately.

  1. Create an event enrichment or refinement policy in BMC Helix Operations Management.

  2. In the policy, set the tags slot of the event to include the ExcludeFromSituation tag.

  3. When this tag is applied, BMC Helix AIOps automatically excludes the event from being correlated into any ML-based situation.

  4. Verify the exclusion by checking the event's tags slot and confirming that it does not appear in any active situation.

You can refine event inclusion logic by using the advanced enrichment or refinement policies. For information about enrichment policies, seeAdvanced time based and dynamic enrichment policies.

For example, exclude events from known noisy CIs or event sources.

Why must a situation causal event have a single unique node ID?

When a situation is created and noise consolidation is enabled, the causal event must be associated with only one unique node ID. If multiple node IDs exist:

  • Incident creation may fail with errors like 400 internal error.

  • Incident creation may be delayed by several minutes.

  • ITSM field length validation errors may occur, especially if a host is associated with multiple node keys.

Ensure causal events are mapped to a single, unique node ID to prevent delays, failures, or validation errors during incident creation.

Where to go from here

To perform additional actions on a situation or on the events included in the situation, Performing situation actions.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix AIOps 25.4