About analytics

Read this document to find out more about analytics, including temporal correlation, seasonality, and probable cause.

Temporal correlation

Temporal correlation helps reduce noise by grouping alerts that share a temporal relationship. Alert correlation policies are created, allowing temporal correlation to be applied to subsequent alerts that match the discovered temporal profile. Click Administering policies created by analytics to read more about policies and how to review them. Temporal correlation is based on two capabilities:

  • Temporal grouping: the temporal grouping analytic identifies related alerts based on their historic co-occurrences. Subsequent alerts, which match the temporal profile are correlated together. With temporal grouping, you can choose the policy deployment mode that can be Deploy first or Review first. In Deploy first mode, policies are enabled automatically, without the need for manual review. In Review first mode, policies are not enabled until they are manually reviewed and approved.
  • Temporal patterns: the temporal pattern analytic identifies patterns of behavior among temporal groups, which are similar, but occur on different resources. Subsequent alerts, which match the pattern and occur on a new, common resource are grouped together.
Click Configure temporal correlation to learn how to configure temporal correlation and choose the policy deployment mode after installation. Click Displaying analytics details for an alert group to see how temporal alerts groups are displayed to your operations team in the Alerts page.

Seasonality

Seasonal alert enrichment helps identify alerts in your environment that consistently occur within a seasonal time window. The seasonal alert analytics identifies these characteristics on based on historical alert occurences. Seasonal alerts are enriched with a seasonal indicator, which displays whether an alert occurred in, or outside of, an expected seasonal period.

Examples of seasonal time windows include the following times:
Hour of the day
Between 12:00 and 1:00 pm
Day of the week
On Mondays
Day of the month
On the 3rd of the month
Day of the week at a specific hour
On Mondays, between 12:00 and 1:00 pm
Day of the month at a specific hour
On the 3rd of the month, between 12:00 and 1:00 pm

Click Configuring seasonality to learn how to configure seasonality and Displaying alert seasonality to see how seasonal enrichment of alerts is displayed to your operations team in the Alerts page.

Probable cause

Probable cause capability is designed to identify the alert with the greatest probability of being the cause of the alert group, by analyzing the topological information within the alerts. Learn more about probable cause as part of the Netcool® Operations Insight® installation.

Click Configuring probable cause to learn how to configure probable cause and Displaying probable cause for an alert group to see how probable cause data is displayed to your operations team in the Alerts page.

Topological correlation

You can create topology templates to generate defined topologies, which search your topology database for instances that match its conditions. Operators see alerts that are grouped by topology based on these topology templates.

Click Configuring topological correlation to learn how to configure topological correlation and click Displaying analytics details for an alert group to see how topological alert groups are displayed to your operations team in the Alerts page.

Scope-based grouping

Scope-based alert grouping is a method of grouping alerts together that have identical ScopeIDs and occur within a configured time window. The ScopeID field of the alert can be populated by using scope-based grouping policies within the WebGUI. The Scope Based Grouping policy editor allows you to define policies that will set the ScopeID to one or more alert fields based on a user-defined condition.

Click Configuring scope-based grouping to learn how to configure scope-based grouping and Displaying analytics details for an alert group to see how scope-based alert groups are displayed to your operations team in the Alerts page.