Welcome to the next installment in our “Understanding BMC BPPM Analytics” series. Up to this point we’ve covered allot of the key components involved with the BPPM Analytics structures, but we’re not done. We are moving forward to the next item on the list, the BMC BPPM Intelligent Threshold.
So far we’ve provided a video talking about what BPPM Analytics is, and the technical components it is comprised of. After that we went into the BPPM Baseline components explaining their history and structures showing you the 5 User Specific BPPM Baselines you can choose from to create BPPM Signature Thresholds.
The tools and information provided so far are meant help you move forward and away from those unwanted false alerts. In order to fully utilize these advanced monitoring tools, you must understand the sub components. Here is what you should know so far:
- What a KPI is and how it’s involved with BPPM Analytics and BPPM Baselines
- What a BPPM Baseline is and what it is made of
- What sets a BPPM Baseline apart from an Absolute Threshold
- How you can use an BPPM Baseline’s upper and lower range to spot abnormal behavior
- What the 5 types of user specific BPPM Baselines are
Now we are going to take you one step further and show you how to create and use a BPPM Intelligent Threshold. Here is what we will cover in this installment.
- What makes an BPPM Intelligent Threshold different from the other thresholds
- How to create and use a BPPM Intelligent Threshold using BPPM Baselines
- Explain how a BPPM Intelligent Threshold can help you further limit false alerts
If you want to know what a BPPM Intelligent Threshold is and how to set it up and use it, welcome to your definitive guide to achieve that goal in minutes!
Lets get started.
What makes an BPPM Intelligent Threshold, Intelligent?
Why is the BPPM Intelligent Threshold considered “Intelligent”? What sets it apart from a Signature Threshold or an Absolute Threshold?
It’s important that you are able to understand the differences and it’s imperative that you be able to put them to work, intelligently. No pun intended! So lets talk about the two components involved with a BPPM Intelligent Threshold. We’ve already talked about each of them.
The BPPM Signature Threshold and the Absolute Threshold.
In our “Understanding BPPM Analytics” video I explained that a Signature Threshold was simply a BPPM Baseline with an active threshold setting tied to it. Meaning that if you take a BPPM Baseline such as the Hourly, Daily or Weekly core baselines, and use an upper or lower event threshold, you have a Signature Threshold. All a Signature Threshold is an active BPPM Baseline with a threshold. Lets look at a baseline example first, and then to an absolute threshold.
Here is an example of the “All Baselines” upper and lower thresholds for a monitored KPI “Total Processor Utilization (CPU)”.
If BPPM sees the real-time monitoring data go outside of the upper or lower baseline ranges for this parameter that would be a baseline deviation. Using a BPPM Signature Threshold against those upper and/or lower thresholds would result in an event/alert. The benefit here is simply that the Signature Thresholds are constructed from the Baseline’s historical information and baselines are dynamic. They are not static. They move up and down as historical information is brought into BPPM Analytics for processing. Lastly there are different types of baselines for different types of monitoring needs. Now lets look at a BPPM Absolute Threshold example.
Here is an example of three static BPPM Absolute Thresholds for the same parameter using the Minor, Major and Critical alert settings.
In this example, you see the traditional form of Absolute Thresholds. It is displaying the following static range settings:
- >= 40% is the Minor Threshold
- >= 60% is the Major Threshold
- >= 90% is the Critical Threshold
Here is how these absolute thresholds look from within BPPM console.
Both of these threshold types (Signature and Absolute) are independent of each other. You can setup a BPPM Signature Threshold to operate independently of a BPPM Absolute Threshold. Using both independently however would result in the generation of separate events, and that is not useful. One of the key objectives with monitoring is to generate fewer, more informative and accurate events. That is what a BPPM Intelligent Threshold allows.
To make a static/absolute threshold more “intelligent”, you associate it with a historical baseline and use both. When you do this it will ONLY alert if both thresholds are violated. There will be some absolute thresholds in your environment that you may feel are proven and reliable. Getting rid of a proven, functional threshold is not intelligent. Taking an absolute threshold that works well, combining it with a dynamic baseline, and it works even better. Making it smarter, and dynamic, instead of static, is Intelligent!
Combining an Absolute Threshold with a Historical BPPM Baseline
With BPPM you combine these two independent thresholds into a single, BPPM Intelligent Threshold. When you create a BPPM Intelligent Threshold you only generate an alert/event when BOTH ranges are deviated.
Lets use our CPU example from above and it’s absolute thresholds of >=40% (Minor), >=60% (Major) and >=90% (Critical). If the CPU goes above any of those absolute levels it will generate an alert regardless of the history for the parameter. It is a very simple alert structure.
Looking at the “All Baselines” upper threshold level for the same parameter, we see the historical range specified as just under 50%. In order to generate an event using this dynamic baseline, the value has to go over this upper range as it moves over time. The difference is this value will change as the CPU utilization goes up and down over time. This would be a BPPM Signature Threshold.
NOTE: We covered the five user specific BPPM Baselines here. If you aren’t sure what the “All Baseline” is, or is consisted of, take a minute and check that out.
So the upper “All Baselines” range is just under 50%, and the Minor Absolute Threshold for Minor is >= 40%. We will focus on only this Minor range for now, to keep this simple.
This “All Baseline” Upper range means that this system has a historical tendency to run over 40% allot. This would result in many false alerts if you only rely on the Minor Absolute Threshold, and we want to GET RID OF FALSE ALERTS. This is where the intelligence comes into play.
Because we know that this server has a historical tendency to run above 40% CPU Utilization (All Baselines Upper Range), you either have to get rid of the Minor setting (>=40% CPU Util), or tie it to the baseline. By combining it with the All Baselines Upper Range, you are creating a condition that must be as follows.
IF “the incoming raw data value” is >= 40% AND IS ALSO above the All Baselines Upper Range, THEN and ONLY THEN, generate an alert. Both of those conditions MUST be true to alert. So if the monitoring see the CPU go over 40%, but under the baseline, it’s not considered an alert condition. The Baseline is the key component.
If the All Baselines Upper Range changes over time, which it will because it’s essentially a moving average of sorts, a spike in CPU would need to go over that dynamic historical range in order to alert. If the system gets more and more usage over time, and the normal CPU utilization grows slowly, the baseline will grow making it harder to go above the upper range. Remember staying within a normal usage range is not an alert condition. Going outside of the normal range IS!
That is what makes it’s intelligent. BPPM is constantly learning and aware of the historical parameter history while also looking the absolute threshold.
Every situation is relative. Having this Intelligent Threshold ability will come into play as one more mechanism to help prevent false alerts, and that is the big objective. To only alert when something is truly displaying “Abnormal Behavior”. Using both of these thresholds can assist in doing exactly that. Now lets create one, and show you how to put it into place.
Creating the BPPM Intelligent Threshold
Lets look at where this is done from within BPPM. There are two quick locations I like to use for setting up all of my thresholds. I’ll show both methods below.
First you will need to know how to get into BPPM and navigate to the parameter you want to work with. One way is to locate the server or component under “Devices” and browse to the parameter you want to set, like in the example of a Windows server below.
Here is a view of a monitored Windows server’s list of parameters. I’m going to work only with the “Health At A Glance” parameter set.
From here I will show you the two quickest methods I use to get to a specific parameter’s threshold settings.
Method 1 – Locate the parameter and on the same line, click on the blue wrench located at the right hand side. Then select “Thresholds”.
Method 2 – When looking at the actual graph for the parameter already, select the “Attributes and Indicators” tab, shown below.
BPPM Attributes and Indicators Tab
From this screen you will have a view like this. This will show you all of the parameters associated with the parameter set. The view above shows a few things. First, in the upper left, you can see I’m on the “Health At A Glance” for the server BPPMSRVR. I have selected the “Total Processor Utilization” parameter shown at the lower right, using the toggle box. To get to the threshold settings, again you have the wrench located in the upper right.
BPPM Attribute and Indicators with Parameters
Select the wrench and you have the same menu options as before. Here is the view when you select “Thresholds”. You have the option of creating the different types of Threshold. It appears something is missing. Right? There is no option for “Intelligent Threshold”.
BPPM Attributes and Indicators with All Thresholds
In order to create an Intelligent Threshold, you must select one of these two Absolute threshold types:
- Absolute Global Threshold (Applies to EVERY location of this parameter)
- Absolute Instance Threshold (Applied to only THIS location of the parameter)
To set an Intelligent Threshold that would apply this parameter on all servers, you would select “Absolute Global Threshold”. To create an Intelligent Threshold for the specific parameter you are looking at on your BPPM console, so that it only applies against it, select “Absolute Instance Threshold”.
Global = All and Everywhere
Instance = Specific and Individual
Lets go into the “Absolute Global Threshold” and setup our Intelligent Threshold.
After selecting “Absolute Global Threshold” you should see something that looks like the single pane below. Within that pane are two areas involved with Intelligent Thresholds.
BPPM Absolute and Signature Threshold Settings
The first section is associated with the settings for your Absolute Thresholds. You make an Absolute Threshold an Intelligent Threshold by incorporating a Baseline, which is the area on the right.
This is where you are able to select one of the five user specific BPPM Baselines, or the BPPM Auto Baseline. Clicking on the “Outside Baseline” column drop-down allows you to tie whichever baseline you feel works best, to become an intelligent threshold. Remember from my last post, that each of the five user specific baselines have different monitoring views and are used in either very granular or very high level observations.
Here is a view of the “Outside Baseline” drop down.
Selecting the “Not Enabled” will ensure only the “Absolute Threshold” will be in place using no BPPM Baseline. You can view each of these baselines on the historical parameter graph like I discussed in the last post. Once you select anything other than the “Not Enabled” you have created a BPPM Intelligent Threshold. Simple as that! It’s just a little hidden.
Here is the view of the final “BPPM Intelligent Threshold” using the Absolute Threshold settings from our first example shown above, tied to the same “All Baselines”, combined into one threshold.
Looking at BPPM Intelligent Threshold on the BPPM Graph
Now lets look at the final graph along with the components of the BPPM Intelligent Threshold, and see how the alerts would occur.
In order for the Minor Threshold to generate an event now, the value of the real-time monitoring data has to be over the minor threshold of 40% AND be over the Upper Baseline value. Anything below both will NOT ALERT, because it’s within the normal operating ranges for this system. If the value is above the Absolute Threshold of 40% and over the All Baseline value, the Intelligent Threshold will trigger and generate an event. You’ve combined both into a single BPPM Intelligent Threshold, and engage the most advance monitor available today.
Welcome to the future of monitoring, using REAL Intelligent Thresholds!
We’ve just removed the possibility of a false alert from occurring. As the Baseline grows or shrinks the threshold becomes more intelligent. The final thing to remember here is this. You still have to determine which BPPM Baseline will work best. In the example above I used the “All Baselines” and this is the furthest, least dynamic baseline available. You could use this procedure against the Hourly, Daily, Weekly, Hourly and Daily as well.
The beauty around this is that you can still use those absolute thresholds that you have absolute trust in, bring them forward and modernize them.
If you feel like you are missing some understandings around items such as Key Performance Indicators (KPI) or what a BMC BPPM Baseline is, be sure to check out our prior posts and videos.
Understanding BMC BPPM Analytics (Video)
What is a BMC BPPM Baseline Part 1
What is a BMC BPPM Baseline Part 2
Thanks for your time, and have a GREAT Day!