Trigger

Each trigger A set of one or more indicators that have been correlated based on certain relationships, such as time, metric type, application affected, location, or network device. is a set of one or more indicators An observed change in a specific metric stream that is recognized as being outside of an expected model. Indicators are correlated into triggers, and one or more triggers are grouped into incidents. that have been correlated based on certain relationships. A trigger can be the result of a manual action, also. Triggers are grouped into incidents A collection of one or more related triggers. Relationships that cause triggers to be combined into incidents include application, location, operating system, or a trigger by itself.. One or more indicators that are correlated constitute a detection One or more indicators that are correlated and may act as a trigger for incident creation or runbook execution. which may act as a trigger.

Relationships between indicators that constitute a basis for correlation include:

• Time (indicators occurring at approximately the same time)

• Metric A measurement or data point that is monitored and analyzed to detect anomalies and generate incidents. type (e.g.: RTT increase, drop increase, bandwidth exceeds 85%)

• Application An entity type representing software applications deployed in the customer environment that are monitored for performance and anomalies. affected

• Location An entity type representing physical or logical locations in the customer environment where entities are deployed and monitored.

• Network device

For example: “30 indicators are identified for slower-than-expected RTT for application Acme for 10 different endpoints at location: Vancouver”. The trigger contains all 30 indicators because of relationship “application” and relationship “location”.