AIOps

 View Only
  • 1.  Use of network events for anomaly detection

    Posted Thu September 09, 2021 10:40 AM
    Edited by Danilo Luna Thu September 09, 2021 10:40 AM
    Hi. I would like to understand better what is the role of events in WatsonAIOps considering anomaly detection. Lets suppose we are a telecom company using WatsonAIOps. I would like to use my normal events (not problem events) to create a baseline for normal operation of the system, and later use this baseline to detect anomalies (the same way we do with logs). Is this use case foreseen? Are the events from the event manager used for this kind of detection?

    Thanks

    ------------------------------
    Danilo Luna
    ------------------------------


  • 2.  RE: Use of network events for anomaly detection

    IBM TechXchange Speaker
    Posted Thu September 09, 2021 12:07 PM
    Could you please help here, @Angus Jamieson​​

    ------------------------------
    Veeramani Nambi
    Offering Manager, GoToMarket - Communities
    ------------------------------



  • 3.  RE: Use of network events for anomaly detection

    IBM TechXchange Speaker
    Posted Thu September 09, 2021 12:39 PM

    Hi Danilo,

    As you know NOI has moved on a lot from OMNIBus and Impact and has many out of the box capabilities ,a few being Seasonal events, Temporal groups, Scope-based groups etc. All this function is also available in CP4WA Event Manager and can be used as you have been doing.

    Now imagine you are using AI Manager to detect, in near realtime, anomalous events in your application log files. Without using traditional event management a story will be created and if there are multiple log anomalies or affected components one or more may be created. Using topology we can reduce the number of incidents/stories created as we are able to group these into the same story when relevant. Now adding back your event data into this scenario we can also detect if the events seen are related to this same story and have those added and thus further reducing separate incidents.  So now the story has the relevant log anomalies, relevant events all pertaining to the relevant service. With ServiceNow integration we can open the relevant ticket(s), suggest the next best action to take to resolve this issue and more.


    I hope the above helps with your understanding of how things work today, and from our point of view we can take on board your use case which is not something currently available out of the box.



    ------------------------------
    Angus Jamieson
    IT Service Management Solutions Architect
    IBM
    Edinburgh
    ------------------------------



  • 4.  RE: Use of network events for anomaly detection

    Posted Fri September 10, 2021 06:07 AM
    Thanks Angus.

    I can easily apply the "WatsonAIOPs application model" for many customers types, but when we consider a telco, this gets a bit different. Telcos usually do not have logs for network devices per si. Also, what would be an application for a telco? In my understanding an application in WatsonAIOps is mainly a group of resources (discovered by ASM) that you want to monitor together. So, following this line, I would say that for a telco maybe "mobile 4G" or "mobile 5G" would be an application...or "Edge routers" another "application". Of course it depends on each customer, but as you can see, the concept of an application where "logs" and "events" are available gets blurry.

    If the events cannot be used for anomaly detection in those situations, I do not see many advantages on using AI Manager for telcos. Do you have experience with other telco customers where device logs are not commonly available and the AIManager was successfully used? Could you share some examples of such use cases?

    Thanks

    ------------------------------
    Danilo Luna
    ------------------------------



  • 5.  RE: Use of network events for anomaly detection

    Posted Thu September 30, 2021 02:20 PM

    Hi Danilo,

     

    Thank you for the use-case specifics. More than AI, it would be Metric Manager (formerly known as Predictive Insights – PI) is very much relevant here and provide great value when you use in context any KPIs associated to that network kit pertaining to 4G/5G/Edge Routers etc. There are couple of options for Telcos in IBM land i.e., you could either be using TNC-P or new acquisition addition SevOne, where the KPI data can be fed to PI via Kafka. Please note, currently the Out of the box integration only available for TNC-P – you can read more here, I would expect similar integration to be available for SevOne soon given its new addition to the solution suite.

    To answer your Q - the value that PI would provide is identification of granger causality between data coming in from TNC-P/SevOne and data coming in from other sources (e.g., Instana, etc) along with much richer set of anomaly detection algorithms.

    Btw, the slide#3 here may help answer how these components are outlined..hope that helps a bit.

    Best Regards,

    Krishna.



    ------------------------------
    Krishna Kodali
    Senior Software Engineer
    IBM
    NC
    -
    ------------------------------