Displaying analytics details for an alert group

On alert lists associated to an incident, click the option to show the correlation information to understand why these alerts were grouped together. This option displays the underlying temporal, topological, and scope-based groups.

Procedure

  1. In the Alert Viewer, click the Click the View correlation icon View correlation to display the Correlation column in the table.

    • Temporal Temporal group column

      Based on alert history, the alerts in this column that are marked with a large dot Large dot tend to occur within a short time of each other.

    • Scope-based Scope-based group column

      The alerts in this column that are marked with a large dot Large dot occur within a configurable time window on an administrator defined scope, such as a location, service, or resource.

    • Topological Topological group column

      The alerts in this column that are marked with a large dot Large dot occur on resources within a predefined section of your network topology.

  2. Click a dot Large dot to see more details on any of these sub-groups.

Temporal group column Temporal group

Clicking a dot Large dot in this column opens the sidebar, with the Temporal correlation section open. This section contains the following information:

  • First group instance

    Date and time of first instance of this group.

  • Total group instances

    Total number of historical instances of this group. For details of when these instances occurred and how many alerts occurred in each instance, see the Group instance heatmap.

  • Average instance duration

    Average time in seconds that this group instance lasted.

  • Group instance heatmap

    Time-based heatmap showing recent historical period in days with a gray square for each day. Each darker square indicates a day on which there was at least one group instance. Hover over the square to see details of this group instance.

Scope-based group column Scope-based group

Clicking a dot Large dot in this column opens the sidebar, with the Scope-based section open. This section contains the following information:

  • Group duration

    Duration of the scope-based group. For example: "These alerts were found to share a cause as they all occurred on the same resource within N minutes of each other." N being the configured time.

Topological group column Topological group

Clicking a dot Large dot in this column opens the sidebar, with the Topological section open. This section contains the following information:

  • Topology group name

    Name of the topology defined in the topology management service, on which this topology group is based.

  • Topology

    Pane showing the resources in the topology on which this topology group is based. You can perform the following actions on the topology:

    • Click the resource to displays the relationship between that resource and neighboring resources. The relationships are displayed in text on the lines connecting the resources. Examples of relationships include: runsOn, members, exposes.

    • Right-click the resource to display the context menu. For more information about the actions available from the context menu, see see Viewing a topology.