What’s New With The Latest EZalert Update by OpsLogix?

What’s New With The Latest EZalert Update by OpsLogix?

OpsLogix is happy to announce the latest update of the EZalert solution, version 2. It does a lot more than just closing alerts, in comparison to the first release of the solution.

So What’s New With EZalert?

EZalert is a tool that uses machine learning to help you manage your SCOM environment in a more efficient and effective way, it helps you filter out noisy alerts and lower the total cost of ownership.

When starting out with EZalert, you will have to start “training” EZalert to handle new incoming alerts. By setting the resolution state on new incoming alerts EZalert “learns” what resolution state you would like to set for the same or similar alerts when a new alert is generated.

Eventually, with enough training, EZalert will start predicting with an increasingly higher accuracy what resolution state to set for an alert. When you are confident that EZalert predicts the resolution state for incoming alerts accurately, you can turn on auto apply and EZalert will automatically apply the predicted resolution state to the new incoming alerts in real-time. Not only is it possible to let EZalert set the resolution state on new incoming alerts, but you can also attach a PowerShell script (and use properties of the alert as parameters) to a specific resolution state as an action.

 

Watch The Demo Here

QuickStart Guide

Mandatory
  1.  Configure your resolution states based on where your alerts should be transferred to. This could be different groups within your IT-organization that should work with the alerts.
  2. Train your model with all incoming alerts to match your desired resolution state. Consider closing alerts (255) that you might use for reporting purpose that doesn’t require immediate attention to the cleanup noise.
  3. Don’t train simple alerts with too many entries when the confidence level is high. This will only slow down the training and consume more memory.
  4. Enable auto-apply. We recommend a confidence level above 85% in order to get good results. This will also ensure that alerts that don’t match won’t be forwarded to a trained resolution state.
  5. Use the low confidence filter to find the alerts that need more training and train them until they reach the configured confidence level.
Optional
  1. Pre-actions to set Custom fields for example Management Pack, Operated By – used by the machine learning algorithm.
  2. Post actions Custom fields for a statistical purpose on what resolution state was applied.
VIDEO: AI For IT-Operations: How To Classify, Train & Escalate Alerts From SCOM

VIDEO: AI For IT-Operations: How To Classify, Train & Escalate Alerts From SCOM

WHAT’S IT ALL ABOUT?

The evergrowing amount of devices to be monitored in combination with high availability requirements makes it more urgent to review internal processes.

Introducing machine learned automation involves short-handed removal of manual processes that can be performed by a machine according to predetermined consistent routines.

In this webinar you will get an introduction and real world scenario how to:

  • Use pre-actions to classify and enrich your alert data
  • Train a machine learning model
  • Escalate to different channels depending on the predicted destination
  • Integration to ServiceNow with a bi-directional connector
  • Tag and analyze your escalated alerts
How To Train EZalert For Optimal SCOM Alert Automation

How To Train EZalert For Optimal SCOM Alert Automation

In this post, we’ll show you how to start training EZalert in order for the machine learning software to learn your SCOM alert handling behavior for optimal automation.

When EZalert has been freshly installed and is untrained, its default behavior is to ignore all alerts in Operations Manager. Because EZalert is untrained it is unable to predict what state you would assign to a SCOM alert, so the default “Suggested State” on the “Training” tab is “Unable to predict” as shown below.

 

 

 

 

 

 

 

 

Training an Alert State

On the training tab, all the active alerts in Operations Manager are listed. To start training EZalert right-click the alert and then from the context menu click “Train State as” and then click the state you would usually assign to the alert for example “Closed”. After doing so an “apply States” dialog box appears. This box enables you to apply the training state in operations manager immediately, setting the state of the alert to “Closed” if “yes” is clicked. If you click “no”, the alert will remain unchanged in operations manager while EZalert is being trained.

 

 

 

 

 

 

 

 

 

 

You can also train EZalert to apply other resolutions states to the open SCOM alerts in Operations Manager. To do this, you do not select closed as we previously did. Instead, you select a different state from the “Train State As” context menu, for example, “Resolved”.

Assigning the resolution state “New” will cause EZalert to leave a particular new incoming alert in the resolution state “New”. Assigning this state might seem counterintuitive at first, but EZalert needs to be trained to know which Alerts should be left open and remain in the “New” resolution state.

Once you have started training EZalert, you will notice that new incoming alerts will have a suggested state. If the suggested state for a particular alert is not the state you would have expected, you can go through the same cycle and assign the desired state for that particular alert. Do this by using the context menu again.

Please note that during a training cycle the suggested resolution state is never applied to the incoming alerts, this is only done when we set “Enable Auto Apply” on the “Settings” tab.

After the training cycle, assuming you are satisfied that the suggested state for the alert is correct, you can set EZalert to automatic by clicking the settings tab, selecting the “Enable Auto Apply” checkbox and clicking Apply.

Retraining a SCOM Alert

After “Enable Auto Apply” has been set in the “Settings” tab, the “Training” tab will be disabled. You can click on the history tab in order to keep an eye on what state EZalert is automatically applying to the new alerts that are coming in. In the history tab, a log is kept for the state that is applied to each alert. If EZalert learned the wrong behavior and applied the wrong state to an alert, it can be corrected. To do this select the alert with the wrong state, right click it and set the correct state by selecting “Retrain State As”. When you repeat this cycle, EZalert will learn and become increasingly accurate over time.

 

 

 

 

 

 

 

 

 

Watch the how to use EZalert video to learn how to manage your SCOM alerts more easily!

Also, make sure to read the following blog by MVP Tao Yang