AIOps on IBM Z - Group home

Context-driven anomaly detection driven by topology view

  

Contributions from: Patrick Chan, Sunil Mishra and Andrew Bowker

Introduction

Business applications involve many components that go across computer systems and middleware.  With these complex architectures, analyzing IT operation events in silo is no longer acceptable.  To identify related events, IT operation monitoring tools need to automatically discover the middleware, and their relationship within the IT infrastructure.

The IBM Z Anomaly Analytics with Watson (zAA) product provides anomaly detection on key performance indicators (KPIs) and log messages.  In the latest release, v5.1.0.7, it added the “topology service” feature that discovers the middleware running on z/OS and the topological relationship between the middleware and maps the anomaly events to the topology. 

By mapping anomaly events to the topology, it’s expected that the user can visualize:

  • Scope of the anomalous activity as related to middleware
  • Interpret the potential impact of middleware or business applications that are not currently abnormal but could become abnormal in the future

Through the topology service and the user interface, users can identify multiple middleware of interest.   Then, the user can drill down into that middleware for correlation and comparison analysis.

Topology Service and User Interface


In the topology example above:

  • Each CICS Region, DB2 Subsystem, IMS Subsystem, MQ Subsystem are represented as a node in the topology.
  • Each node in the topology can have 3 statuses:
    • Red icon indicates high anomaly is detected for the node.
    • Green icon indicates normal anomaly for the node.
    • Node without the header are nodes that has been discovered but are not configured to be analyzed by zAA.
  • The two CICS regions, CICST11A and CICST11B, are in the same cluster, and it’s denoted by a link between the two nodes. CICST11C and CICST11D are in another cluster.
  • DCC1 have a transactional relationship with CICST11A, CICST11B, CICST11C and CICST11D.

Here is a step-by-step scenario on how the topology service can help you:

  1. The support desk received user complains about timeout of their banking transactions.
  2. The support team log onto the IBM Z Anomaly Analytics (IZAA) user interface and go to the Topology View.
  3. Based on the topology, support team quickly identify the nodes with high anomaly. The support team engages the subject matter experts (SME) responsible for the one or more middleware for further investigation.
  4. From the topology view, the SMEs launch the Subsystem Scorecards belongs to the one or more middleware for correlation and comparison. Furthermore, the SMEs investigate the individual KPIs and identify the next step.

The topology view provides a holistic view to the IT Environment, and the linkage between different middleware.  The topology view will assist the support professional to find the needle in the haystack, understand impact, and identify specific area to focus on. 

Watch the topology Demo Video: HERE

Summary

 After reading this blog, I hope it’s clear on how Topology Service can help monitor your IT environment.  The Topology Service in IBM Z Anomaly Analytics with Watson is one of the monitoring technologies needed for a resilient IT environment.   For more information about IBM Z Anomaly Analytics with Watson, visit the product page here.