Training with real event data
When training with real event data, policies are auto-deployed by default. The tooling has optional settings, including a default setting for auto-deploying policies, which temporarily overrides the system setting used in the automatic scheduled training run.
Before you begin
- The ea-events-tooling container is installed
by the operator. It is not started as a pod, and contains scripts to install data on the system,
which can be run with the
kubectl run
command. - Find the values of image and
image_tag for the ea-events-tooling container, from the
output of the following
command:
Where <release_name> is the custom resource release name of your cloud deployment. For example, in the following output, image iskubectl get noi <release_name> -o yaml | grep ea-events-tooling
ea-events-tooling
, and image_tag is2.0.14-20200120143838GMT
.kubectl get noi <release_name> -o yaml | grep ea-events-tooling --env=CONTAINER_IMAGE=image-registry.openshift-image-registry.svc:5000/default/ea-events-tooling:2.0.14-20200120143838GMT \ --image=image-registry.openshift-image-registry.svc:5000/default/ea-events-tooling:2.0.14-20200120143838GMT \
Hybrid deployment: For a hybrid deployment, run the following command:
Where <release_name> is the custom resource release name of your hybrid deployment.kubectl get noihybrid <release_name> -o yaml | grep ea-events-tooling
IBM® Netcool® for AIOps deployment: For an online or offline deployment (airgap) of Netcool Operations Insight® with IBM Cloud Pak for AIOps, find the values of image and image_tag from the noi-operator CSV file. Run the following command:
Where <noi-operator> is the noi-operator CSV file name.oc get csv <noi-operator> -o yaml | grep olm.relatedImage.NOI_ea-events-tooling: | awk -F ': ' '{print $2}'
- If you created your own docker registry
secret, then patch your
service
account.
Where noi-registry-secret is the name of the secret for accessing the Docker repository.kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "noi-registry-secret"}]}'
Note: As an alternative to patching the default service account with image pull secrets, you can add the following option to each kubectl run command that you issue:--overrides='{ "apiVersion": "v1", "spec": { "imagePullSecrets": [{"name": "noi-registry-secret"}] } }'
About this task
Once you have finished working with the sample data, local data, or migrated data scenarios, run
this procedure to start processing live event data.
Note: Policies and groups that were created for
the sample data, local data, and migrated data scenarios are removed.
The runTraining.sh
script overrides most options that are in place for the
regular training. The deployment setting for manually run training is auto-deploy (policies do not
appear in the suggested policies panel). This setting can be changed with the -d
command line option. If manual training is run with the -d false
option (review
first mode), then the policies created from manual training are not auto-deployed and appear in the
suggested policies panel.
Procedure
Run the runTraining.sh
script.
kubectl run trainer -it --command=true --restart=Never --env=LICENSE=accept --image=image:image_tag runTraining.sh -- -r release_name [-t tenantid] [-a algorithm] [-s start-time] [-e end-time] [-d auto-deploy]
Where:- release_name is the custom resource release name of your deployment.
- image is the location of the ea-events-tooling container.
- image_tag is the image version tag.
- algorithm is either related-events or seasonal-events. If not specified, defaults to related-events.
- Optional: tenantid is the tenant ID associated with the data that is
processed, as specified by the
global.common.eventanalytics.tenantId
parameter in the values.yaml file that is associated with the operator. - Optional: start-time and end-time are the start and end times to train against. You can specify the start or end time, neither, or both. If neither are specified, the current time is used as the end time and the start time is 93 days before the end time. You can either specify the start and end times with an integer Epoch time format in milliseconds, or with the default date string formatting for the system. Run ./runTraining.sh -h to determine the default date formatting.
- Optional: auto-deploy Set to true to deploy policies immediately. Set to false to review policies before deployment. Running sample data or local data scenarios turns on the auto-deployment of policies, even if you have installed with temporalGroupingDeployFirst set to false.