Analytics & Threshold Configuration page
Click Administration > Analytics & Threshold Configuration in the Navigator pane to display the Analytics & Threshold Configuration page. This page enables you to view and configure the settings that control when and how Riverbed IQ recognizes network behavior that constitutes an indicator, the fundamental building block of an incident.
A policy controls how the Riverbed IQ data pipeline creates indicators, and, therefore, incidents. Upon installation, IQ has a number of built-in policies in place that are configured according to best practices for monitoring networks and which measurements merit being called to your attention in the form of an incident. What merits being called to your attention is a subjective, user/network-defined decision, so IQ provides the ability to override some policies with user-configurable settings. A single policy applies a rule to a measurement on a network entity.
The Analytics & Threshold Configuration page comprises three sections: Devices, Interfaces, and Applications. In each section, there is a set of relevant metrics that can be enabled/disabled, and, in the case of thresholds, configured:
Network Devices
-
Device Status [Status Change]
-
Device Uptime [Uptime Reset]
Network Interfaces
-
Interface Status [Status Change]
-
In Packet Drops Rate [Baselining]
-
In Packet Error Rate [Baselining]
-
In Utilization [Baselining]
-
In Utilization [Threshold]
-
Out Packet Drops Rate [Threshold]
-
Out Packet Error Rate [Threshold]
-
Out Utilization [Baselining]
-
Out Utilization [Threshold]
Application + Location (i.e., application “MS-Exchange” in location “Branch Office Denver”)
-
Activity Network Time [Dynamic Threshold]
-
% Failed Connections [Threshold]
-
MOS [Threshold]
-
Page Load Network Time [Dynamic Threshold]
-
% Total Retrans [Threshold]
-
Throughput (VoIP) [Baselining]
-
User Response Time [Baselining]
IQ has several types of rule for determining whether a measurement on a network entity is worthy of attention or not. Violations of these rules create indicators, which are then correlated into incidents. In addition to the configuration options listed for each type of rule, there are some options that can be configured on every rule.
Rule Type | Description | Configuration Options |
---|---|---|
Change |
Detects a change in the measurement, for example the status of an interface going from “OK” to “Down”. This is used in interface and device status rules. |
OK value — A change back to this value will not create an indicator. For example, an interface with status “admin down” that goes back to “OK” will not create an indicator or incident. |
Always Increasing |
Tracks a measurement and makes sure its value is always increasing. This is used to track Device Uptime measurements. |
Not configurable. |
Threshold |
This looks for measurements above a certain value or below a certain value. For example, indicating on applications with a MOS score of < 3.5, or on interfaces with an inbound utilization of > 80%. |
|
Baseline |
This uses machine learning techniques to characterize the measurement being tracked over time. If the measurement deviates excessively from what is considered normal, an indicator is created. |
The noise floor and the upper/lower % change can be applied together. The setting providing the maximum deviation from normal is used to determine whether the rule has been violated. |
Dynamic Threshold |
This uses machine learning and statistical techniques to characterize the measurement being tracked over time. If the measurement deviates excessively from what is considered normal, an indicator is created. |
The noise floor and the percentile can be applied together, like the baseline rule; also like the baseline rule, the maxiumum deviation from normal is used. |
Editing a Static Threshold Value
To edit a static threshold value, click Edit to open the Edit Static Threshold dialog box.
Specify the value at which to generate an indicator from this threshold and the number of measurements to use. You can create an indicator based on a single measurement of the metric, for some number of consecutive measurements, or for N out of M measurements. For example, specifying “2 out of 3” means that the rule must violate for 2 of the last 3 measurements for an indicator to be created. N and M default to 1. M has a maximum value of 10. N must be <= M. If M > 1, N must be > 1 also.