Viewing inference
OpsRamp processes the incoming alerts and subjects the alerts to correlation based on patterns specified in the policies. An inference is created with a unique ID. You can track the inference details from the alerts browser page.
To view inference on alerts:
- From All Clients, select a client.
- From the drop-down options, select Alerts and click on the required Inference ID.
The Alert details page is displayed with the following tabs:
- Alerts History
- Correlated Alerts
- Incidents
- Details: Displays details of the inference.
- Any update on the inference appears in the Comments section.
- Resource information of the first correlated alert is dislayed in the Device Information page.
- The incident created for an inference appears on the Details page.
- Incident information is displayed on the Incident ID.
- Correlated alerts information is displays in the incident’s description in the Comments section.
The following list of correlated alert details is provided in the incident’s description:
- Alert ID
- Alert Subject
- Alert Created Time
- Impacted Resources
- Alert Description
The following are the tabs that appear on the Incident page:
- Resources tab: Displays the list of all resources of correlated alerts.
- Alerts tab: Displays the list of correlated alerts attached to the Incident.
- Correlated Alerts tab: Displays alerts correlated with the parent alert.
- Incidents tab: Displays the details of incidents attached to an Inference.
- Matched Escalate Alert Policies: Click Escalate Alerts on the top header of the incident details page.
You can view the escalate alert policies that match the alert and policy that created the incident automatically.
Viewing inference statistics
Inference Stats widget displays the statistics of Inferences generated within a Partner/Client.
The widget comprises of the following information:
- Total Events: Refers to the total number of events generated.
- Total Alerts: Refers to the total number of alerts created after ingestion in OpsRamp.
- Total Inferences: Refers to the total number of Inferences generated.
- Total Correlated Alerts: Refers to the total number of alerts correlated.
- Volume Optimized: Refers to the percentage of reduction in alerts volume due to alert correlation.
Removing alerts from an inference
You can remove alerts from an Inference. The alerts can be removed from either the Quick view window or the Alert Details page.
For example, if you do not want an alert to be correlated, you can remove an alert from the Inference. The removed alert then appears on the alerts browser as an individual alert.
Important
If an Inference has two correlated alerts, removing one correlated alert makes both the alerts as individual alerts and the Inference is automatically correlated.To remove alerts from the quick view:
- On the Alerts Browser page, provide the alert ID in the search box.
The alert is displayed on the Browser page along with the number of correlated alerts. - Click on the number adjacent to the alert subject.
- Select the required alert and then click Remove.The alert is removed from the Inference. A comment appears in the Details tab as shown in the below screenshot.
Creating an inference stats widget
To create an inference Stats widget:
- Go to All Clients, select a client.
- Go to Dashboard > +Add Widget page.
- From OTHER PREDEFINED WIDGET section, click Inference Stats.
- Configure the following parameters:
- Time Range: Filter for Inferences triggered within a certain time span.
- Default time span is Last 4 hours.
- Refresh every: Refers to the time frequency at which the Widget should refresh and display the recent data.
- Default refresh time is 5 minutes.
- Inference Stats: Refers to the mode of Inferences that must be included in the Widget
- Select Enabled policies only to view the statistics of Enabled (ON mode) Inferences.
If you select this mode, then the total number of Inferences and the total number of correlated alerts created from the Enabled correlation policies appear on the Widget. In this widget, the volume optimization is based on Inferences and correlated alerts created from the Enabled correlation policies. - Select Enabled and Observed policies to view statistics of Enabled and Observed Inferences. If you select this mode, then the total number of Inferences and the total number of correlated alerts created from both the Enabled and Observed correlation policies appear on the Widget. In this Widget, the volume optimization is based on the Inferences and Correlated alerts created from both the Enabled and Observed correlation policies.
- Select Enabled policies only to view the statistics of Enabled (ON mode) Inferences.
- Widget Title: Refers to the name of a Widget
- Select the Chart Style and click Save.
Inference Stats widget is created and appears on the Dashboard.