LogicMonitor seeks to disrupt AI landscape with $800M strategic investment at $2.4B valuation to revolutionize data centers.

Learn More

Models

Last updated on 02 September, 2024

Edwin AI identifies hidden patterns within the text features of alert data and analyzes and dynamically manages their correlation. This correlation of data is configured through models. Models let you specifically target business scenarios for which you want to generate actionable insights to be managed in your workflow.

Correlation logic of a model specifies:

  • A filter controlling which alerts should be analyzed with the model. For example, only alerts relating to Cisco Meraki Wireless Access Points.
  • One or more group by fields for computing textural similarity together with correlation sensitivity levels.
  • The required minimum density (number of alerts) which must exhibit the same feature to form a cluster.

Edwin AI’s ML processor forwards alerts for analysis when there is a change in the alert status such as:

  • There is a new alert.
  • Change in alert’s:
    • State
    • Escalation
    • Severity
    • Timeout
    • First or last event timestamp

When running multiple models, if an alert is matched with multiple clusters then it is matched based on the following criteria:

  • The number of alerts in the potential cluster.
  • The highest average similarity between all the alerts.
  • A cluster already exists.
  • The greater number of model groups by fields (overall models).
  • The greater number of models that have matched.

Through models, you can control the number of generated insights, and ensure that they are actionable. Models enable you to specifically target business scenarios for which you want to generate actionable insights to be managed in your workflow.

Correlation in a model allows you to assemble processes into logical units. For example, you can have two groups:

  • one for correlation by resource (CI, configuration item): a matching correlation score has to be 100% (1), meaning that the resource has to be identical to fulfil the grouping criteria.
  • one for correlation by description: a matching correlation score of 80% (0.8) matching is enough.

Parameters in the grouping drop-down are fields that are available for alerts. You can choose from any core or enriched field for the alert. For more information on available fields, see About Filters.

Evaluating Performance of a Model

Edwin AI supports multi-tenant processing. This allows the logical separation of instances into separate domains where a single instance can support multiple organizations.

The tenant.identifier property is set on the resource in LogicMonitor. It is automatically passed to Edwin AI with the event, and mapped to the Tenant ID field of the event record in Edwin AI. The tenant here is usually an MSP customer on a resource or resource group dedicated to a customer. For more information, see Grouping Alerts by Tenants.

In This Article