Phased rollout This version is currently available to SaaS customers only. It will be available to on-premises customers soon.

Configuring incident correlation to detect similar incident clusters

After BMC Helix ITSM Insights is activated, Service Desk managers can use the Real-time incident correlation workspace to detect similar incident clusters and view emerging hotspots.

The system uses a set of default fields and settings for the Real-time incident correlation workspace. As a tenant administrator, you can change the incident correlation configuration based on your requirements. 

Before you begin

Best practice
When you change the incident correlation configuration, all existing clusters are removed from the dashboard and the system performs the analysis again. This action might impact the analysis being carried out by any Service Desk managers or agents who are using the Real-time incident correlation dashboard for analysis.

We recommend that any configuration changes for incident correlation are done in off hours, so that the impact is minimal.

Out-of-the-box configuration for incident correlation

BMC Helix ITSM Insights uses a set of default fields and settings to display the clusters in the Real-time incident correlation dashboard. 

The following table describes this out-of-the-box configuration for incident correlation:

Fields

Default value

Default fields used by the system for incident correlation

  • Assignee
  • Assignee Group
  • Assignee Support Company
  • HPD_CI
  • Priority
  • City
  • Closed Date
  • Company
  • Site
  • Detailed Description
  • HPD_CI_ReconID
  • Impact
  • Incident Number
  • Service Type
  • InstanceId
  • Last Resolved Date
  • Categorization Tier 1
  • Categorization Tier 2
  • Categorization Tier 3
  • Region
  • Reported Date
  • Service CI
  • ServiceCI_ReconID
  • Site Group
  • Status
  • Status Reason
  • Submit Date
  • Description
  • Total Time Spent
  • Urgency

The maximum number of days a cluster can stay open

7 days

Similarity threshold

7

Minimum number of incidents that a cluster should have
to be visible in the dashboard

5


To update the configuration

  1. In BMC Helix ITSM Insights, click the Settings icon.PNG icon.
    The Settings page is displayed.
  2. Navigate to Settings > Real-time incident correlation >  Configure.
    The Real-time incident correlation configuration page is displayed.
    In the Data Set section, you can view the data fields being used by the system for the configuration.
  3. In the Create clusters section, specify the parameters by which the data is to be grouped.
    IC Config 2.PNG
    • For the first level of grouping, select up to two fields to group the incidents at the top level for clustering. Only categorization fields are available for selection such as service, CI, and company.
    • Select up to five additional field names for matching incidents to be grouped into a cluster. Only text fields are available for selection.
  4. In the Advanced section, specify the following details: 
    IC Config 3.PNG
    • The maximum period that a cluster would stay open from the time an incident is last updated. This window can range from hours to days. The default value is 7 days.  
    • The similarity threshold, which can be a value between 1 and 10, the default value being 7.  The higher the value you select, the more stringent is the test to match the similarity of the incident, and therefore, the clusters formed are more cohesive and smaller.  
    • The minimum number of incidents that a cluster should have to be shown in the dashboard.
  5. Click Save.

The job configuration is updated and the system restarts building new clusters based on the new configuration. The clusters with prior configuration are removed from the dashboard.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*