New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE

Operations Bridge AIOps: Automatic Event Correlation

Micro Focus Expert
Micro Focus Expert
4 0 244

Automatic Event Correlation (AEC), a part of Micro Focus Operations Bridge AIOps capability, is the analytic capability on top of the COSO Data Lake that offers the automatic correlation of events using machine-learning algorithms. It works by analyzing patterns in the event stream and using these patterns to group events together, which, with a high probability, originate from the same problem. A group of related events is transformed into a single (correlated) event sent back to Operations Bridge Manager (OBM). This grouping of events facilitates event processing for an operator. It shows all related events together (grouped by AEC), making it easier to identify and work on the root cause. Closing the group event automatically closes all associated events.

Our latest release, Operations Bridge 2020.08, introduced the following enhancements in the AEC area:

  • Automatic event correlation across CIs (it is no longer required to create CI collections manually)
  • The possibility to promote or prohibit a certain correlation group
  • Setting an event type by using event type custom attributes
  • Best Practice documentation on the TBEC/SBEC/AEC usage

Automatic event correlation across CIs

Automatic Event Correlation can correlate the events of topologically related CIs. In the past, it was necessary to create CI collections manually in the Run-time Service Model (RtSM). Starting with Operations Bridge 2020.08, Automatic Event Correlation can automatically determine correlation groups by reading the RTSM topology data and checking which CIs are linked with Impact Relationships.

Promoting and prohibiting correlation groups

  • If AEC already detected a pattern for one correlation group, you can now instruct it to apply this pattern to other correlation groups by promoting this correlation group. The "Promote this correlation group" action ensures that a specific group of events is always correlated. The system will now look for this group of events globally, expanding the possibilities of it being found. For more information and a detailed procedure, see Promote a Correlation Group.
  • If you do not want to correlate a group of events, you can instruct the system to prohibit a specific correlation group. The "Prohibit this correlation group" action stops a group of events from being correlated. For details, see Prohibit a Correlation Group.

Note that it takes about 15 minutes to promote and prohibit actions to take effect once initiated.

Promote and Prohibit actions can be executed from the Workspaces > Operations Console > Event Perspective UI using Custom Actions.

Correlation group.PNG

Figure 1. Promoting a correlation group

To show all promoted or prohibited correlation groups, we have created the Auto Correlation Preferences Tool (call-auto-correlation-preferences.sh). You can also use this tool to delete (revert) the correlation group's promoted or prohibited state.

For more information on the tool, its synopsis, options, and examples, see Use Auto Correlation Preferences tool on our practitioner portal.

Customizable event attributes

Defining an event type plays an important role in AEC. It is required so that machine learning can find events of the same type and correlate them with other events. In the past, EAC was using event type indicators (ETIs) to determine the event type. Starting from Operations Bridge 2020.08, you can use other event attributes instead (if, in your view, they determine an event type better):

  1. Use a custom attribute named "Event type CA", which you can:
    1. Set at the source of the event (e.g. in the policy)
    2. Calculate and set in an Event Processing Interface (EPI) script
  2. Use any defined custom attribute (if a custom attribute already exists that can be used for the event type). In this case, you need to configure its name in the forwarding script.
  3. Use a custom calculation (if multiple event properties or parts of them should be evaluated). In this case, you need to define a method in the forwarding script.

For more information on the event types and the details on how to set values for custom attributes, see About the Event Type and Automatic Event Correlation and Set the Event Type for Automatic Event Correlation.

Best Practice documentation

We have recently complemented our existing documentation by adding best practices describing how to combine the available correlation techniques:

  • Topology-Based Event Correlation (TBEC)
  • Stream-Based Event correlation (SBEC)
  • Automated Event Correlation (AEC)

so that that they complement each other and are used to their best advantage. For more information, see Best practices to use multiple event correlation techniques.

Events

To get more information on this release and how customers are using Operations Bridge, we are happy to announce the following events:

See all the Micro Focus events worldwide.

Please read all our news on the Operations Bridge blog.

Have technical questions about Operations Bridge? Visit the Ops Bridge User Discussion Forum.

Keep up with the latest Tips & Info about Operations Bridge.

Do you have an Idea or Product Enhancement Request about Operations Bridge? Submit it in the Ops Bridge Idea Exchange.

We’d love to hear your thoughts on this blog. Comment below.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.