Indicator

An indicatorClosed An observed change in a specific metric stream that is recognized as being outside of an expected model. Indicators are correlated into triggers, and one or more triggers are grouped into incidents. is an observed change in a specific metricClosed A measurement or data point that is monitored and analyzed to detect anomalies and generate incidents. stream that is recognized as being outside of an expected model in one or more of these ways:

  • Relative to immediate prior history

  • Relative to configured thresholds

  • Relative to long term, seasonally adjusted prior history

  • As a significant change in absolute magnitude

  • Due to an explicit notification, such as device down or service unreachable

Indicators are correlated into triggersClosed A set of one or more indicators that have been correlated based on certain relationships, such as time, metric type, application affected, location, or network device., and one or more triggers are grouped into incidentsClosed A collection of one or more related triggers. Relationships that cause triggers to be combined into incidents include application, location, operating system, or a trigger by itself.. An incident is based on a primary indicator associated with the primary entityClosed Things deployed in the customer environment that are needed to run the business, such as applications, devices, interfaces, and locations. used for an associated runbookClosed An automated workflow that executes a series of steps or tasks in response to a triggered event, such as the detection of anomalous behavior generating an incident, a lifecycle event, or a manually executed runbook.. Riverbed IQ Ops also uses other criteria to determine if there is any commonality or relationship among other detectedClosed One or more indicators that are correlated and may act as a trigger for incident creation or runbook execution. anomaliesClosed An unexpected event or measurement that does not match the expected model.. Indicators that correlate across these criteria are associated with the incident as correlating indicators , providing additional data to the incident.