Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    Models

    Last updated on 20 March, 2024

    Dexda identifies hidden patterns within the text features of alert data and analyzes and dynamically manages their correlation. This correlation of data is configured through models. Models let you specifically target business scenarios for which you want to generate actionable insights to be managed in your workflow.

    Correlation logic of a model specifies:

    • A filter controlling which alerts should be analyzed with the model. For example, only alerts relating to Cisco Meraki Wireless Access Points.
    • One or more group by fields for computing textural similarity together with correlation sensitivity levels.
    • The required minimum density (number of alerts) which must exhibit the same feature to form a cluster.

    Dexda’s ML processor forwards alerts for analysis when there is a change in the alert status such as:

    • There is a new alert.
    • Change in alert’s:
      • State
      • Escalation
      • Severity
      • Timeout
      • First or last event timestamp

    When running multiple models, if an alert is matched with multiple clusters then it is matched based on the following criteria:

    • The number of alerts in the potential cluster.
    • The highest average similarity between all the alerts.
    • A cluster already exists.
    • The greater number of model groups by fields (overall models).
    • The greater number of models that have matched.

    Through models, you can control the number of generated insights, and ensure that they are actionable. Models enable you to specifically target business scenarios for which you want to generate actionable insights to be managed in your workflow.

    Correlation in a model allows you to assemble processes into logical units. For example, you can have two groups:

    • one for correlation by resource (CI, configuration item): a matching correlation score has to be 100% (1), meaning that the resource has to be identical to fulfil the grouping criteria.
    • one for correlation by description: a matching correlation score of 80% (0.8) matching is enough.

    Parameters in the grouping drop-down are fields that are available for alerts. You can choose from any core or enriched field for the alert. For more information on available fields, see About Filters.

    Evaluating Performance of a Model

    Dexda supports multi-tenant processing. This allows the logical separation of instances into separate domains where a single instance can support multiple organizations.

    The tenant.identifier property is set on the resource in LogicMonitor. It is automatically passed to Dexda with the event, and mapped to the Tenant ID field of the event record in Dexda. The tenant here is usually an MSP customer on a resource or resource group dedicated to a customer. For more information, see Grouping Alerts by Tenants.

    In This Article