Correlation in Canopsis

The correlation promises of monitoring tools are numerous. Effectiveness and relevance, however, do not always meet the expectations!
The Canopsis correlation, resulting from discussions with our customers and prospects, takes on new dimensions, and allows us to see more clearly.
Available in Canopsis (Pro Edition) since April 2020 !

The (kept) promise: because (way) too many alarms harm the alarm!

Drastically reduce the number of alarms in the operator’s tray by grouping them together.
But, it is not that easy…

Correlation in Canopsis, how does it work?

Canopsis offers a configurable alarm tray that centralizes and standardizes all the events produced by the information system: this is the « basic » collection function of any hypervision solution.
All alarms are displayed individually in an alarm tray.
New rules engines will group the alarms, thus becoming meta-alarms.

These management rules may relate to:

The component/resource relationship

Thenotion of time

Benchmarks

The rules are established from:

Existing links between components and resources in the repository (if it is available)

Rules pre-defined by the administrator

Users suggestions through a form

A bit more details about it

What makes life easier for IS administrators is the ability to set up several correlation solutions, as needed; and that’s smart!

The native parent-child link (component-resource):

If a resource is in an alarm state at the same time as the component on which it depends, then a meta-alarm concerning the component is created.

Groupings:

Time grouping:
If alarms appear within a predefined period of time, they will be grouped into a meta-alarm which will then concern a new entity.

Grouping by attributes:
If alarms with common attributes appear, they will be grouped into a meta-alarm.

Mix of grouping:
It is possible to apply both time and attribute rules..

Example n°1

Creates a global alarm if 80% of the monitored elements of the logistics perimeter trigger an alarm over a period of 1 hour.

Exemple n°2

Creates a global alarm if 5 elements of the payroll domain are in alarm during the last 5 minutes.

 

A good alarm is an identified alarm!

All meta-alarms and consequence alarms (parent-child) have an attribute to identify them and thus be filtered in an alarm tray.

Everything is an alarm!

A meta-alarm or a consequence alarm is identified as a« classic » Canopsis alarm.
Standard actions as well as mass actions apply to these (ex : if a meta-alarm is acknowledged, all the alarms which depend on it are also acknowledged, a single ticket is created).
In this case, it is possible to detect that an action has been taken due to a meta-alarm.

Correlation in the interface

The alarm groups appear in an alarm tray with an iconographic representation, specifically thought out and adapted!

Figure 1 – A meta-alarm located in the tray and its associated symbol

When the mouse pointer is hovered, an information note (tooltip) presents the rule that allowed the grouping as well as the number of consequence alarms.

Figure 2 – Tooltip

By default, without filter activated, only meta-alarms as well as regular alarms are displayed. Consequence alarms are “ hidden” behind their specific grouping.
One only presents the essentials and therefore fewer alarms are presented: Q.E.D!

Information and ergonomics

A specific button, available on meta-alarms and consequence alarms, gives quick access to grouping.
Clicking on the Tab presents in one case the consequence alarms and in the other, the cause alarms.
Canopsis’ philosophy of control tower and “ everything on hand ” is thus respected.
Grouping contents are paginated.

Figure 3 – Consequences

Operational assistance by Canopsis

After selecting a list of alarms, a “ Suggest grouping ” button is available.

Figure 4 – Suggest a grouping

A form “Request for justification of regrouping is then proposed”.
Once the form is being validated by the operator, the administrator is informed of the action and may decide to create an associated rule (1).
The operator’s suggestion is automatically sent to the administrator (2).

Figure 5 – “Grouping the alarms” modal window

 

Key points Weak points
Several possibilities for correlations
– Correlations require a repository that is often non-operational at the customer’s premises (essential prerequisite)
Quick reading of information All rules are not yet writtent ; they will arrive in the next versions.
Reduction in the number of visible alarms
User’s actions on grouping
Excellent integration dans l’interface

Conclusion

Canopsis correlation is certainly the best correlation tool for incident management.
Intuitive implementation, popular functionalities, and the possibility of changing the rules as and when it is used directly by users: learning the system assisted by the operator is a rich, pragmatic idea.
Canopsis correlation allows the solution to stand out clearly from other offers on the market.

Enquire now

Give us a call or fill in the form below and we will contact you. We endeavor to answer all inquiries within 24 hours on business days.