Monitoring of complex IT environments generates massive amounts of data from sources like networks, applications, infrastructure, cloud instances, and storage. Many enterprises end up having more data and alerts than useful. Dexda features intelligently group together alerts that share one or more areas of commonality.
Dexda reduces alert noise by de-duplicating events, and correlating, grouping and prioritizing alerts into insights, reducing noise with up to 90-95% efficiency. With this automatic collation, IT professionals have fewer issues to manage and can identify and act quickly on tickets.
Architecture and Features
Dexda is an event-driven system where events collected from monitored sources are observed changes to the normal behaviour of a system, environment, process, or workflow. Events from different source formats are normalised and restructured into a homogeneous form. Every incoming event triggers the “events to alerts” flow. Through machine learning and model correlation, alert are clustered and insights are genereated from these.
Dashboards are central in Dexda as a starting point from where you can quickly get a situation overview. Dashboards visualize data using charts of different types.
- Understanding charts, see About Charts.
- Adding charts to dashboards, see Creating Dashboards.
- Working with dashboards, see Using Dashboards.
Insights are based on alerts, which in turn are based on events from monitored sources, automatically grouped together by machine learning applications. An insight is a record that a collection of alerts has been grouped. Insights are displayed in dashboards, and can be further investigated through inspection views. Insights can be acted upon, either automatically, or manually.
Rules control the execution of associated actions through Action Groups, manual or automated. Rules in Dexda apply filter logic and execute configured actions for matching event, alert, and insight records. Using rules you can automate workflows across machine learning created insights, and build manual exception handling to identify and escalate issues.
Processes in Dexda involve a set of actions to accomplish a specific goal. An action is a pre-configured capability to for example update an alert, or create an incident in ServiceNow. Actions are always associated with an Action Group. Actions can be run automatically or manually (interactively) depending on the source.
- Understanding actions, see About Action Groups.
- Working with action groups, see Creating Action Groups.
The generation of insights is based on machine learning to group collected alerts into clusters. Using a set of specialized algorithms, Dexda identifies hidden patterns within the text features of alert data. Dexda analyses the alerts to dynamically manage their clustering. This grouping into clusters is controlled by correlation models. A model contains one or more groups where each group defines a correlation similarity level that has to be achieved.
Dexda has a common filter component that lets you define a query filter in a consistent way across functionality like charts, rules and action groups. Through queries you can build advanced filters and aggregations to limit results when creating actionable insights. Filters can include data from fields from events, alerts, and insight sources.
Integration with an IT ticketing systems is crucial for IT professionals to get notified about issues, and be able to investigate an resolve them. An out-of-the-box integration with ServiceNow lets IT professionals enrich events with features from ServiceNow, and generate actionable quality insights to be pushed to ServiceNow’s incident module.