Within the ITSI Alert and Episode Storm Activity saved episode view, IT operations teams can see heads up metrics about incoming alerts via the customized episode view dashboard. The ITSI Alert and Episode Monitoring aggregation policy was built to provide a rich triage experience for active Alert Storms as seen in the image below. When these KPIs rise to high and critical status, as seen in the image below, the system proactively identifies and alerts the IT operations team about an active Alert Storm via the action rules of a new aggregation policy called ITSI Alert and Episode Monitoring. The Alert Storm Detection and Episode Storm Detection KPIs are solely responsible for the detection of alert and episode storms. An included ITSI Episode Analytics Template supports greater customization of the ITSI Event Analytics service tree.Īlert and Episode Storm Activity Detection The service also splits episodes by several key fields to help operations teams quickly identify what values may be contributing to the episode volume. It changes to critical status when the volume of newly-created episodes rises significantly higher than historical baselines, or when the number of open critical episodes rises significantly higher than historical baselines. This service tracks newly-created and open episodes. An included ITSI Alert Analytics Template supports greater customization of the ITSI Event Analytics service tree.
The service also splits incoming alerts by several key fields to help operations teams quickly identify what values may be contributing to the incoming alert volume. This service tracks incoming alerts and changes to critical status when the volume of incoming alerts rises significantly higher than historical baselines. This is the parent service of the other two services and serves as the top-level node of the alert and episode monitoring service tree. The purpose of each service is described below: For instance, in the image above, we are viewing which alert signatures are contributing to the increase in alerts, and we can clearly see that the “Automation Agent Status” check has risen suddenly and is producing a large volume of the incoming alerts. This helps users to quickly triage what may be causing the elevated alert levels. As incoming alert volumes and episode creations rise, the other KPIs within the service tree allow you to slice and dice these increased volumes across several key dimensions. The content pack now ships with a prebuilt service tree which proactively monitors incoming alert volumes as well as episode creation volumes giving you at-a-glance visibility into the overall health of systems being monitored. Read on to learn more about the key enhancements and features we’ve created in this version of the Content Pack for ITSI Monitoring and Alerting. During an alert storm, what types of alerts are the major contributors to the sudden increase in alert volume?.Which hosts, checks, KPIs and services are contributing to the highest volumes of alerts and episodes?.Is the volume of incoming alerts higher, lower or the same as what I typically see?.This new version provides unparalleled analytics about these new alerts and episodes to provide IT operations teams intelligent and comprehensive visibility to help answer challenging questions such as: The 1.7 release of the Splunk App for Content Packs comes with a slew of new awesomeness for the Content Pack for ITSI Monitoring and Alerting designed to bolster your IT operations team’s visibility and AIOps posture! Previous versions of the content pack focused on making it easy for you to create and group Notable Events from ITSI Services and third-party monitoring tools.
0 kommentar(er)
