Skip to main content

Alert Correlation

Motadata AIOps incorporates an intelligent alert correlation module that prevents the system from bombarding administrators with numerous alerts when multiple devices are affected by a common issue. This feature is particularly useful when dealing with interconnected devices such as switches, firewalls, and their associated devices.

Understanding Alert Correlation

Consider a scenario where a policy is created for multiple devices linked to a specific switch or firewall. If the switch or firewall goes down, it will cause all the connected devices to become unreachable, triggering alerts for each individual device. However, flooding the administrator with multiple alerts for the same underlying issue can be overwhelming and counterproductive.

Motadata AIOps addresses this challenge by implementing alert correlation. When correlated alerts are detected, the system intelligently combines them into a single alert, providing a consolidated view of the problem. Instead of receiving multiple alerts for each affected device, administrators receive a single comprehensive alert that captures the overall impact of the issue.

Benefits of Alert Correlation

The alert correlation feature offers several benefits, including:

  • Simplified Alert Management: By consolidating related alerts, administrators can quickly grasp the overall situation without being overwhelmed by a flood of individual alerts. This enables efficient troubleshooting and reduces the time required to identify and address the root cause.

  • Streamlined Communication: Instead of dealing with separate alerts for each affected device, administrators can focus on one consolidated alert. This facilitates better communication and collaboration among team members, as they can collectively analyze and respond to the issue.

  • Improved Incident Resolution: Alert correlation enhances incident resolution by providing a holistic view of the problem. Administrators can gain better insights into the affected devices, their dependencies, and the underlying issue. This enables them to take appropriate actions and resolve the incident efficiently.

  • Reduced Alert Fatigue: By avoiding the barrage of redundant alerts, alert correlation prevents alert fatigue among administrators. It helps maintain a cleaner and more manageable alert stream, ensuring that critical alerts are not overlooked or disregarded due to excessive noise.

Implementing Alert Correlation

Motadata AIOps applies the alert correlation module to alerts generated for servers, virtual stack devices, and network devices. When these alerts are correlated, the system intelligently identifies the affected devices and consolidates the information into a single alert. This ensures that administrators receive only relevant and actionable alerts, minimizing unnecessary disruptions.

To illustrate the concept of alert correlation, let's consider a practical scenario. Suppose a policy is created to monitor a group of devices connected to a specific switch. If the switch goes down, all the devices that are connected become unreachable. Instead of overloading the administrator with individual alerts for each affected device, Motadata AIOps correlates the alerts and generates a single consolidated alert for the parent device (the switch) with relevant details and impact analysis.

Go to Menu, Select Alerts . The alert screen is now displayed.

Click on the Correlated policies section on the alert screen. Once you click on the Correlated policies section, a screen showing all the coorelated alerts will be shown.

The above screen shows the consolidated alert for the parent monitor affecting all the other monitors for which the alert is raised.

As shown above, you can drill-down on the correlated alert to view the details of all the alerts that have been consolidated into that particular correlated alert

Motadata AIOps' alert correlation feature helps reduce alert overload by intelligently consolidating related alerts into a single comprehensive notification. By implementing this module, administrators can efficiently manage alerts, improve incident resolution, and alleviate alert fatigue. The system intelligently analyzes interconnected devices and ensures that relevant information is presented in a concise and actionable manner, enhancing the overall monitoring and troubleshooting experience.