Note: This feature is currently in Public Beta and available to all customers in Pro and Enterprise plans
TABLE OF CONTENTS
- The challenge: Alert floods creating noise and increasing MTTR
- The solution: Attach alerts to relevant open incidents instead of creating new ones
- Automated Grouping grows more perceptive with time
- The Process: How to use Automated Grouping
Automated Grouping uses Freddy Machine Learning algorithm to build contextually rich incidents while simultaneously reducing noise.
The challenge: Alert floods creating noise and increasing MTTR
Typically, monitoring tools continuously generate notifications of all kinds. Not all of them are actionable because they could include:
Notifications that lack context in the form of resource or application information
Incidents created from such alerts – even when grouped based on resource and metric – lack sufficient context. Moreover, multiple incidents related to a common issue create noise, divert agent efforts, and make it time-consuming to identify the root cause leading to an increase in the Mean Time To Resolve (MTTR).
The solution: Attach alerts to relevant open incidents instead of creating new ones
Automated Grouping employs Freshservice’s proprietary Machine Learning algorithm, Freddy, to study incoming alerts from disparate resources and attach them to related open incidents. If there is no relevant open incident, Freddy creates a new incident.
This connection is based on alert co-occurrence patterns in an organization’s digital infrastructure. Freddy studies historical alert data to find the patterns of alerts that could be clubbed together to refer to a common issue in the past. These patterns are then applied to fresh alerts while correlating them with open incidents.
Automated Grouping grows more perceptive with time
Freddy Machine Learning algorithm is pre-loaded with innate intelligence. However, each organization has a unique digital setup, which the algorithm needs to attune itself to. That is why users might need to train Freddy initially by manually attaching an alert to an open incident and establishing a correlation. Similarly, an incorrect correlation can be pointed out by manually detaching a Freddy-attached alert from an incident.
This continuous learning builds Freddy’s repository of alert and incident patterns unique to an organization. The algorithm then uses these patterns to suppress unimportant alerts, group together notifications that are indicative of an issue, and attach incoming alerts to open incidents.
When suitably trained, Freddy reduces noise up to 50% and makes incidents contextually richer. Such incidents provide a real-time picture of an issue, making it easier for the NOC and DevOps teams to make fast and effective decisions.
The Process: How to use Automated Grouping
Scroll down to Alert Rules in the IT Operations Management section on the Admin page.
Select the second tab – Alert automation settings.
For Automated Grouping to function, Freddy requires a minimum number of alerts and resources. If you meet the criteria, you’ll need to enable Automated Grouping. Thereafter, you’ll start noticing Freddy attached alerts in the alerts pane.
If your account does not qualify, you’ll have to wait until the numbers add up. Freshservice will notify you as and when there are sufficient alerts and resources to make use of this feature.
Step 4 (Optional)
Noticed an alert on the alerts list page that should be associated with an open incident? First, select the alert and then select Associate Incident.
A side pane will display the open incidents from which you could choose the incident to associate the alert with. Select the right incident and click on Associate. You could also create a new incident for the alert from the same side pane.
Step 5 (Optional)
Noticed an alert incorrectly attached to an incident by Freddy? Select the ‘-’ symbol to detach the alert from the incident.
A pop-up will prompt you to confirm your decision. If you simply want to detach the alert from the incident and not attach it to any other incident, select Detach Alert.
But if you want to attach that alert to another incident, select Associate Incident. A side pane will display the list of open incidents for you to choose from. If you want, you can also create a completely new incident.