Displaying temporal correlation

The system continually analyzes past alerts to determine which alerts tend to frequently co-occur. When these alerts occur together again, they are correlated.

The temporal details page shows the alerts that make up a temporal group, together with all of the historical instances of the group. You can navigate into these instances to view detailed timelines of each instance. You can also view alert details.

Procedure

  1. Identify alerts that are temporal in the Alert Viewer. You can click the Filter icon Filter to filter by Grouping insights.

  2. Click the View correlation icon View correlation to display the Correlation column in the table.

  3. Clicking the temporal icon Temporal in this column opens the sidebar, with the Temporal correlation section open. This section contains the following information:

  • First group instance

    Date and time of first instance of this group.

  • Total group instances

    Total number of historical instances of this group. For details of when these instances occurred and how many alerts occurred in each instance, see the Group instance heatmap.

  • Average instance duration

    Average time in seconds that this group instance lasted.

  • Group instance heatmap

    Time-based heatmap showing recent historical period in days with a gray square for each day. Each darker square indicates a day on which there was at least one group instance. Hover over the square to see details of this group instance.

    Temporal correlation section
    Figure. Temporal correlation section

  1. Click the More information link at the end of the side panel's Temporal correlation section to launch out to the temporal details page.

Temporal policy details
temporal correlation details

The temporal details page shows the alerts that make up a temporal group, together with all of the historical instances of the group. You can navigate into these instances to view detailed timelines of each instance. You can also view alert details. The temporal details page contains the following sections:

  • Toolbar

    • Search: searches alert data in all event group instances that are shown on this page.

    • Filter: filters the alerts that are shown by severity level:

      • Critical Critical

      • Major Major

      • Minor Minor

      • Warning Warning

      • Information Informational

      • Indeterminate Indeterminate

  • Overview timeline

    Displays alert group instances over time and controls the display of alert group instance data on the rest of the page. By default the time range sliders are open sufficiently to show data on all alert group instances. Modify the time range by either clicking and dragging over the desired range inside the timeline, or by dragging the sliders to the desired range. The rest of the screen updates accordingly.

  • Alert group instance timeline

    Displays all of the alerts that have historically participated in instances of this temporal alert group. The instance map provides a graphical view over time of when the various instances have occurred.

  • Alert group instance details

    Displays the following information for each alert group instance:

    • Start date and time of event group instance: indicates the first occurrence value of the first alert in the alert group instance.

    • Distribution of event severity values: pie chart providing a visual indication of the alert severity values. Hover over the pie chart for more details.

    • Sparkline: chart of alert occurrence over time.

    • Duration of event group instance: duration of the alert group instance, in text.

    • Down chevron icon: click the down chevron icon Downward-pointing chevron icon to see an alert table showing column details for each alert in this group instance.