Greg Druffel • Managing Solution ArchitectIf you’re reading this, perhaps you’re trying to figure out if Artificial Intelligence for IT Operations (AIOps) could help your company, or maybe you’re just brushing up on the latest IT lingo with a black coffee or latte in your hand. Either way, you will come away with some real-life examples of how AIOps can — more than humanly possible — help IT teams improve the efficiency and lower costs of their IT operations.
AIOps: Anomaly Detection for Better Troubleshooting
Today's complex IT environments make monitoring very noisy, with frequent or irrelevant alerts crowding out the most important ones. Anomaly detection uses machine learning algorithms to identify patterns and trends in data and detect deviations from normal behavior. This means monitoring can more easily adapt to seasonal or cyclical variation without manual tuning to avoid false positives or negatives.
A significant advantage of anomaly detection is that it can help you discover unknown or hidden issues you may not have anticipated or defined thresholds for, enabling proactive action before users are impacted.
Example
A retail business implements AIOps for more proactive troubleshooting. Normal operational baselines are built, accounting for spikes in ordering patterns during seasonal changes.
One day, AIOps detects an increase in average response time for a crucial ordering application, indicating a spike in demand outside the expectations for the time of year. Happily, stakeholders identify the likely cause as the introduction of a new line of unexpectedly and wildly popular products – they’re riding the latest TikTok fad!
Since AIOps is trained in handling an increase in usage corresponding to seasonal changes, it recommends an automation to create new instances of the application so that ordering processes are not impacted. Based on knowledge of the organization’s topology, AIOps also provides operators with details of this remediation for cohort devices and applications so they can proactively ensure the unexpected spike will be handled smoothly.
AIOps: Event Correlation to Lower Alert Fatigue
Even the most dedicated system or network administrator will learn to tune out alerts if too many have turned out to be false alarms.
AIOps uses machine learning algorithms to analyze the alerts from different sources and find the patterns and dependencies among them. It then groups related alerts based on common attributes, such as time, location, source, or type, and filters out irrelevant or false alerts based on predefined thresholds. Then, natural language processing generates meaningful incidents that describe the issues’ nature, severity, and impact.
Example
A healthcare organization has a cloud-based electronic health record (EHR) system monitored by various tools for performance, availability, security, and compliance. However, many of the alerts are redundant or irrelevant.
AIOps helps their IT team:
- Group the alerts – for example, if the EHR system experiences a network outage that affects multiple servers and applications, AIOps groups all the alerts related to the network outage into one incident.
- Filter out irrelevant alerts, such as those expected due to routine maintenance or testing activities for the EHR system.
- Prioritize incidents based on their urgency, importance, or business impact. If the EHR system has some incidents that affect patient safety or privacy, such as data loss or breach, AIOps prioritizes these incidents and assigns them a critical status.
By using AIOps to group related alerts using event correlation, the healthcare organization successfully reduces alert fatigue and improves incident management for their EHR system.
AIOps: Faster and More Accurate Root Cause Analysis (RCA)
Getting to the root cause of a performance issue can take up a lot of time, especially when teams are siloed and have limited visibility into the complete picture.
AIOps augment teams’ abilities to find the source of an issue and collaborate to speed up Mean Time to Resolution (MTTR). By leveraging AIOps to detect the pattern of impact from an event, operators can use events and their root causes as modeled “fingerprints” within the time series data and logs, speeding up AIOps’ ability to recognize and resolve incidents.
Example
A government organization implements AIOps, hoping to reduce the number of and increase the quality of generated service desk tickets:
- Monitoring tools pick up a recurring CPU spike on a server at 2 AM every morning.
- AIOps generates a ticket each time, but after checking for signs of the spike an hour later, closes the ticket with no known cause.
- During Problem Management processes, an operator notes the recurring tickets and creates an automation to query the device as soon as the CPU spike is detected, taking a snapshot of running processes.
- The operator identifies the pattern; an antivirus process runs daily on the server at 2 AM.
- The operator trains AIOps that, before creating a CPU spike ticket for the server, it should check to see if it’s just the antivirus process running.
- This remediation is suggested to operators when other incidents match the fingerprint.
By enabling operators to investigate further and improve the quality of the tickets, AIOps helps them eliminate unnecessary tickets. This noise reduction ensures issues that need remediation will not get lost in a sea of meaningless alerts. For example, the overnight CPU spike could have been caused by a problematic SQL server process for which an operator would need to look at tweaking SQL server settings or look for a problem with a database.
Get a Handle on Your IT Operations
In our five-part AIOps series, we’ve explained what it is, how it works (part 1 and part 2), and offered advice on how to go beyond the hype to get its full advantages (hint: it’s all about the proper integration of toolsets with your IT systems). Finally, we’ve concluded with some real-world examples of its benefits.
To optimize IT operations, your IT team needs to understand the big picture by correlating metrics, events, and logs and then connecting the dots to figure out solutions. AIOps gives them automation and advanced tools to help them achieve that.
Partner with a provider with real-world experience, like Compucom, and go beyond the buzzword to truly effective AIOps.
In this series:
- The Big Deal About AIOps
- How AIOps Works: Tame Big Data and Get to the Crux of the Matter
- How AIOps Works: Continually Smarter & More Effective IT Operations
- AIOps: Going Beyond the Buzzword
