AIOps

Expand all | Collapse all

Use of network events for anomaly detection

  • 1.  Use of network events for anomaly detection

    Posted 16 days ago
    Edited by Danilo Luna 16 days ago
    Hi. I would like to understand better what is the role of events in WatsonAIOps considering anomaly detection. Lets suppose we are a telecom company using WatsonAIOps. I would like to use my normal events (not problem events) to create a baseline for normal operation of the system, and later use this baseline to detect anomalies (the same way we do with logs). Is this use case foreseen? Are the events from the event manager used for this kind of detection?

    Thanks

    ------------------------------
    Danilo Luna
    ------------------------------


  • 2.  RE: Use of network events for anomaly detection

    Posted 16 days ago
    Could you please help here, @Angus Jamieson​​

    ------------------------------
    Veeramani Nambi
    Offering Manager, GoToMarket - Communities
    ------------------------------



  • 3.  RE: Use of network events for anomaly detection

    User Group Leader
    Posted 16 days ago

    Hi Danilo,

    As you know NOI has moved on a lot from OMNIBus and Impact and has many out of the box capabilities ,a few being Seasonal events, Temporal groups, Scope-based groups etc. All this function is also available in CP4WA Event Manager and can be used as you have been doing.

    Now imagine you are using AI Manager to detect, in near realtime, anomalous events in your application log files. Without using traditional event management a story will be created and if there are multiple log anomalies or affected components one or more may be created. Using topology we can reduce the number of incidents/stories created as we are able to group these into the same story when relevant. Now adding back your event data into this scenario we can also detect if the events seen are related to this same story and have those added and thus further reducing separate incidents.  So now the story has the relevant log anomalies, relevant events all pertaining to the relevant service. With ServiceNow integration we can open the relevant ticket(s), suggest the next best action to take to resolve this issue and more.


    I hope the above helps with your understanding of how things work today, and from our point of view we can take on board your use case which is not something currently available out of the box.



    ------------------------------
    Angus Jamieson
    IT Service Management Solutions Architect
    IBM
    Edinburgh
    ------------------------------



  • 4.  RE: Use of network events for anomaly detection

    Posted 15 days ago
    Thanks Angus.

    I can easily apply the "WatsonAIOPs application model" for many customers types, but when we consider a telco, this gets a bit different. Telcos usually do not have logs for network devices per si. Also, what would be an application for a telco? In my understanding an application in WatsonAIOps is mainly a group of resources (discovered by ASM) that you want to monitor together. So, following this line, I would say that for a telco maybe "mobile 4G" or "mobile 5G" would be an application...or "Edge routers" another "application". Of course it depends on each customer, but as you can see, the concept of an application where "logs" and "events" are available gets blurry.

    If the events cannot be used for anomaly detection in those situations, I do not see many advantages on using AI Manager for telcos. Do you have experience with other telco customers where device logs are not commonly available and the AIManager was successfully used? Could you share some examples of such use cases?

    Thanks

    ------------------------------
    Danilo Luna
    ------------------------------