You can create alert prediction policies from the Alert Prediction Policies page.
To create an alert prediction policy, go to Setup > Alerts > Alert Prediction.
- Select a client for the alert prediction policy in the Select Client list.
- Click Create New or + Add, depending on whether you have any existing alert prediction policies.
Define policy name, client, and mode
Enter a Name for the alert prediction policy.
Ensure you have the correct client selected.
Toggle the Mode button to turn the prediction policy ON or OFF.
Go to Setup > Alerts > Alert Prediction to change the mode later.
Specify filter criteria
Narrow the prediction to a subset of alerts by filtering the alerts using specific attributes. Leave the filter in the default OFF state to process all alerts.
Set Apply Filter Criteria to ON, which presents options for specifying filter rules and attributes.
Use the Match toggle to select how to apply alert prediction rules that match filter rules:
- Any: Apply alert prediction to an alert that matches any of the rules.
- All: Apply alert prediction to only alerts that match all of the defined rules.
For each rule, define the following rule properties you want to apply to alerts:
Rule Property Description attribute type Select the attribute type to narrow the attribute list to one of the following types:
- Native Attributes: Select from the list of native attributes.
- Resource Custom Attributes: Select from the list of custom, user-defined attributes.
attribute Select an attribute to filter on from the attribute list. The list of available attributes depends on which attribute type you chose. predicate/regex
Specify a predicate or regex to apply to the filter:
- Not Contains
- Not Equals
- Starts with
- Ends with
predicate/regex value Specify the predicate or regex value to be matched against the attribute value.
Click the plus icon to define additional filters.
Define the alert prediction seasonality timeframe
Seasonality is a time-based trend where regularly occurring alerts might be daily, weekly, monthly, or less frequent. An example of a daily, seasonal event would be a VM that shuts down every night at 11:00 PM to save money. The shut down would create a server-down alert every night around 11:00 PM.
The seasonality timeframe specifies the period of data used to analyze seasonality patterns.
- For alerts that occur daily, 7 or 10 days is a sufficient seasonality timeframe to establish seasonality patterns.
- For alerts that occur weekly or monthly, a longer seasonality timeframe is required to provide enough data to establish seasonality patterns.
The seasonality timeframe is evaluated every 30 days after ML takes place. For example, if you select 10 days for the seasonality timeframe, the last 10 days of data are analyzed every 30 days.
Only seasonal alerts that are Closed are processed for seasonality patterns. For example, if the Alert state is Ok and its status is not Closed it is not processed as seasonal.
Select one of the following values to set the seasonality timeframe:
- 7 Days
- 10 Days
- 30 Days
- 60 Days
- 90 Days
The seasonality timeframe is the time required before machine learning starts analyzing the alert data for patterns. If you select 7 days, the policy needs 7 days of alert data before seasonality results emerge.
If you are editing the prediction policy and change the seasonality time frame, it will trigger a new seasonality analysis period.
Toggle the Generate prediction alerts for new patterns found button to have the policy generate prediction alerts for new patterns.
If Generate prediction alerts for new patterns found is OFF, you can still manually create alerts for predicted alerts on the Alert Prediction page.
Save the alert prediction policy
When you finish defining the prediction policy, click Save to store the policy definition and view the list of saved policies.
Later, you can navigate to Setup > Alerts > Alert Prediction to view the list of saved definitions.