Forecast Policy
Overview
The Forecast Policy is designed to leverage historical data to forecast future values of a metric. By analyzing patterns and trends from the past 24 hours, this policy predicts the expected values and compares them with the actual values in real-time. If there is a significant deviation between the forecasted and actual values, an alert is triggered, enabling proactive investigation and response by IT teams.
Use-Case
The Forecast Policy finds practical application in various scenarios. Consider a scenario where a cloud-based application experiences fluctuating CPU utilization throughout the day. By applying the Forecast Policy, the system analyzes the historical CPU utilization data over the past 24 hours, taking into account factors such as time of day, day of the week, and any recurring patterns. It then generates a forecasted range of CPU utilization values for the upcoming hours.
In this use-case, if the actual CPU utilization deviates significantly from the forecasted range, it indicates a potential performance issue. The Forecast Policy promptly detects this anomaly and triggers an alert, allowing IT teams to proactively investigate and address the underlying problem, such as a resource bottleneck or an inefficient algorithm.
Forecast Policy Mechanism
The Forecast Policy works by leveraging statistical algorithms and machine learning techniques to analyze historical data and predict future values. The policy considers various factors, including trends, seasonality, and recurring patterns, to generate accurate forecasts.
To implement the Forecast Policy effectively, a minimum of 24 hours of historical data is required for a given metric. This data is used to train the forecasting model, which then generates the expected range of values for the upcoming hours. The policy continuously evaluates the actual metric values against the forecasted range at regular intervals, typically every 15 minutes.
During each evaluation, the Forecast Policy calculates the degree of deviation between the actual and forecasted values. If the deviation exceeds a predefined threshold, an alert is triggered, indicating a potential deviation from expected behavior. This enables IT teams to take proactive measures, such as optimizing resource allocation or investigating underlying issues, to ensure optimal system performance.
Navigation
Go to Menu, Select Settings 
. After that, Go to Policy Settings 
. Select Metric/Log/Flow policy. The list of the created policies is now displayed.
Click on 
to start creating a policy. From the panel on the left side of the screen, click on the Forecast tab to start creating a forecast policy. The screen to create a Forecast Policy is now displayed.
Configuring Forecast policy
Enter the following parameters to create forecast policy:
| Field | Description |
|---|---|
| Policy Name | Enter a unique name of the policy you want to create. |
| Tag | Enter a name to logically categorize the policy. You can quickly and easily identify a policy based on the tag assigned to it. This tag can be used later on to filter the policies as per your requirement. |
Set Conditions
| Field | Description |
|---|---|
| Select Counter | Select the metric for which you want to create the policy. Click on the dropdown to view the available options. |
| Monitor/Group/Everywhere | - Select Monitor if you want to create the policy for a single monitor. - Select Group if you want to create the policy for a group of monitors. In case you create the policy for a group, it is configured for all the monitors present in the group individually. - Select Everywhere if you want to create the policy for all the monitors created in the system. This option is selected by default. |
| Select Monitor/Select Group | Select the specific Monitor or Group for which you want to create the policy. This dropdown will show results based on the option you have selected in the previous option. Leave this field blank if you have selected 'Everywhere' in the previous option. |
Make sure that in case you select a specific monitor(s) in the previous selection, the monitor(s) has the metric for which you are creating the policy. In case you select Everywhere, the policy will be created for all the monitors in the system having the metric you have selcted.
| Auto Clear | Kindly enter the time in which you want the alert to be cleared irrespective of any other conditions. |
| Critical/Major/Warning | Kindly use these fields to set the criteria under which the alert will be triggered. Here, you can also decide the alert severity based on the conditions you set. |
Assumption Based Scenarios
Consider the conditions in the diagram below showing the forecast policy configuration.
During each evaluation, the Forecast Policy calculates the degree of deviation between the actual and forecasted values. If the deviation exceeds a predefined threshold, an alert is triggered, indicating a potential deviation from expected behavior.
As we can see here, if the actual value of the used memory bytes goes above 60% compared to the forecasted value , the alert will be triggered in the Critical status.
If the actual value of the used memory bytes goes above 40% compared to the baseline value, the alert will be triggered in the Major status.
If the actual value of the used memory bytes goes above 30% compared to the baseline value, the alert will be triggered in the Warning status.
Notify Team
| Field | Description |
|---|---|
| Notify | There are two ways you can populate this field: |
| If severity is | Select the severity level using individual checkboxes in the dropdown.You can select multiple, all, or a single option as per your requirement. You can also have different recipients notified at different severity levels. For instance, you can notify johndoe@motadata.com when severity level hits Critical and send an alert notification to janedoe@motadata.com when severity level is Major. |
| Play Sound | Activate this toggle to enable sound notifications when an alert is triggered. |
| If Severity is | Choose the severity level at which the sound notification should be triggered. This option becomes visible only when the Play Sound toggle is switched ON. |
| Renotification | Turning on the toggle will resend the alert at a specific interval defined by the user if the alert severity is not changed for the time specified. If turned off, Motadata AIOps will not renotify about the alert. |
| Renotify | Similar to Notify Team field, enter the username or email address of the recipient. Also choose a preset duration for renotification along with the severity level at which they system will renotify you if the alert severity is not changed. |
| Do not renotify if acknowledged | If the toggle is turned on, Motadata AIOps will not send a renotification to the recipient if they mark the alert as acknowledged. |
Take Action
| Field | Description |
|---|---|
| Action to be taken | Select a runbook from the dropdown to be executed when the alert is triggered. |
| When Severity is | You can use this option to map the action you selected in the previous step to status of the alert. This means that you can execute different runbooks based on the whether the alert is in the 'Down' state or 'Clear' state respectively. |
| Create New | Select this button to start creating a new runbook which you might want to assign to the policy you are creating. |
Select the Create Policy button to create the policy based on the details entered.
Select the Reset button to erase all the current field values, if required.