Indicator

An indicator is an observed change in a specific metric stream that is recognized as being outside of an expected model in one or more of these ways:

• Relative to immediate prior history

• Relative to configured thresholds

• Relative to long term, seasonally adjusted prior history

• As a significant change in absolute magnitude

• Due to an explicit notification, such as device down or service unreachable

Indicators are correlated into triggers, and one or more triggers are grouped into incidents. An incident is based on a primary indicator associated with the primary entity used for an associated runbook. Riverbed IQ also uses other criteria to determine if there is any commonality or relationship among other detected anomalies. Indicators that correlate across these criteria are associated with the incident as correlating indicators, providing additional data to the incident.