Documentation is now available for the Fall 2020 Update release!

Alert Correlation Training File

Describes how to use a training file for alert correlation policy.

Leave Feedback

Introduction

The alert correlation training file is a CSV (comma-separated values) file that provides input data for machine learning to understand alert patterns and drive alert correlation.

The data is saved in a table structured format. The training file is generally a text file containing information separated by commas to determine the alert patterns.

Downloading a sample training file

The sample, downloadable training file contains sample metric names. Alerts triggered in a sequence (as provided in the training file) are correlated.

To download a sample training file:

  1. From All Clients, select the client.
  2. Go to Setup > Alerts > Alert Correlation.
  3. From the ALERT CORRELATION POLICIES page, click +.
  4. From the Policy Definition section, click Download an example file.
    The sample training file should now be downloaded.

Creating a training file

A training file can be created or modified from the sample training file.

To create a training file:

  1. Open a new spreadsheet.
  2. Enter the metric names.
    Alerts triggered in a sequence as provided in the training file are correlated.
  3. Save the training file as CSV UTF-8 (Comma delimited).
Sample Alert Correlation

Sample Alert Correlation

Using a wild card

A wild card character asterisk (*) is used when the exact metric name is unknown or when there are a large nummber of metric sequences and permutations. A wild card card acts as a placeholder that represents any value or an empty character string.

For example, an IT administrator wants to correlate the following alerts:
vmware.vcenter.alarm.HostEsxCosSwapAlarm, vmware.vcenter.alarm.HostLicenseEditionNotAllowed, vmware.vcenter.alarm.HostMemoryUsageAlarm, vmware.vcenter.alarm.HostVendorProviderRegistrationAlarm

Listing all these metric sequences and all its permutations might be a tedious task. Therefore, the IT administrator lists one partial sequence with asterisks like vmware.vcenter.alarm.*, vmware.vcenter.alarm.* in the training file.

The following screenshot of sample alert correlation training file that uses wild cards to specify sequences.

Using Wild Card in Alert Correlation Training File

Using Wild Card in Alert Correlation Training File