Analytics & Threshold Configuration

  1. Navigate to the Analytics & Threshold Configuration Page:

    1. Click the Launchpad button ⁝⁝⁝.

    2. Click AI Ops > Analytics & Incidents.

    3. In the Management page, click the Hamburger Icon, then click Analytics & Threshold Configuration.

This page lets you view and configure the settings that determine when and how Riverbed IQ Ops recognizes network behavior as indicatorsClosed An observed change in a specific metric stream that is recognized as being outside of an expected model. Indicators are correlated into triggers, and one or more triggers are grouped into incidents.. Indicators are the fundamental building blocks of incidentsClosed A collection of one or more related triggers. Relationships that cause triggers to be combined into incidents include application, location, operating system, or a trigger by itself..

A policy controls how the Riverbed IQ Ops data pipeline creates indicators, and therefore incidents. Upon installation, IQ Ops has built-in policies configured according to best practices for monitoring networks and which measurementsClosed A measurement or data point that is monitored and analyzed to detect anomalies and generate incidents. are raised as an incident. You can override some policies with user-configurable settings. A single policy applies a rule to a measurement on a network entityClosed Things deployed in the customer environment that are needed to run the business, such as applications, devices, interfaces, and locations..

Analytics algorithms overview

Analytics uses several algorithms. Some support user-configurable parameters and others do not. For details, see Analytics algorithms overview.

N of M parameters

N of M parameters restrict when an algorithm produces an indicator based on how many of the last M observations were anomalous. For an explanation and example, see N of M parameters.

Devices, interfaces, and applications

The page is organized into four sections (Network devices, Network interfaces, Applications, and Application activities), each with a set of metrics you can enable, disable, or configure. For the full list of metrics by section, see Analytics configuration sections.

Aternity health event metrics

The Unique Critical Health Events and Unique Major Health Events metrics use baseline-based detection on Aternity health event data. For how they work and how to investigate related incidents, see Aternity health event metrics.

Edit a static threshold value

Static thresholds let you set the value and measurement count (including N of M) at which an indicator is generated. For steps and field details, see Edit a static threshold value.

Configure baseline settings

Baseline algorithms learn seasonal variation and create indicators when observed values deviate from the expected value. For the dialog options and how they affect indicator creation, see Configure baseline settings.

Configure dynamic threshold settings

Dynamic threshold uses statistical analysis of metric history to produce an expected value every 15 minutes. For the configuration options, see Configure dynamic threshold settings.

Configure bounded dynamic threshold settings

Bounded dynamic threshold applies to metrics with a bounded range (for example, 0–100%). For the configuration options, see Configure bounded dynamic threshold settings.