Alert Enrichment

Success of AIOps relies on the quality of data fed to the algorithms. SmartOps AIOps offers custom enrichment capabilities to assure AIOps success. Enrichment is the process of adding supplementary contextual details to alerts so that the alert has more context and is easy to interpret. The more you improve the quality and richness of alert data, you can deliver more effective and accurate correlation. This facilitates faster incident resolution.

AIOps captures information as alerts from the network monitoring tools. In certain situations, it may be possible to add more information than contained in the raw alert data. In such cases, you can use alert enrichment.

Key features of Enrichment

Improves the accuracy for alert clustering and correlation
Improves the readability of alerts
Helps in better investigation and analysis of the situation

Helps in fast and easy resolution of the incidents

SmartOps AIOps enrich alerts by:

Combining information contained in device inventory along with the alert information. (Refer: Alert enrichment from device inventory)
For specific customers, adding their own custom information to the alerts in addition to the standard AIOps fields. (Refer: Custom fields in alert)
Providing the capability to use an external API for the enrichment of alerts. (Refer: Custom alert enrichment API)
Customers might have additional lookup/mapping files which can provide context to an alert. Ability to use such files to enrich alerts will help improve correlation and context for resolution.

Click on the video thumbnail below to watch a brief overview.

Alert enrichment from Device Inventory

Device inventory is a directory where all the devices managed by the IT operations tool is listed. AIOps accepts device inventory data as a file that can be uploaded by the user. This data includes names of devices and related information.

Alert comes to AIOps with a standard set of fields. If the Node Name of the incoming alert matches with that of a device in the device inventory, rest of the device details will be added to the alert details. Admin can create policies and rules based on the standard fields as well as the enriched fields.

AIOps combines the information contained in device inventory upload file with the alert information to provide better contextual information to alerts. This enables better correlation and event handling.

Custom fields in alert

AIOps enables customers to add custom fields/additional fields to their alerts in addition to the standard set of AIOps fields. They can use it for bringing in alerts to AIOps from sources which has more information than the standard fields. This will enable to add more details of alerts .

AIOps provides the API addFieldToIndex for the admin user to add custom fields to the alert. During alert ingestion, AIOPS will pick up the custom fields defined, along with the standard fields, as per the field mapping.

The custom field will not display in the application if the fields are only defined but there are no values.

Custom alert enrichment API

AIOps provides the option to configure an external alert enrichment API.

If you configure this external API, it will be invoked after the device inventory based enrichment and before correlation.

Add the API under the ITOPSReferenceData with referenceType="extIntegrations" and alertFormatAPI="URL for API" as a reference value.