Breach Predictor and Adaptive Rules

This page has been deprecated. It may contain information that is out of date. Please see Gateway section of Geneos Home Page.

Intended Audience Copied

This document is a reference guide and is aimed at all users of the Geneos monitoring system. It is expected that readers will have some familiarity with the Geneos product or have read the relevant “getting started” guides.

Introduction Copied

The document describes the time series driven features introduced in Gateway2. These comprise Time Series, Breach Prediction and Adaptive Rules. The features described in this document are only available in Gateway 2 version 2011.2 or later.

Time Series Copied

Time Series model a day’s worth of data and are read by the gateway from a user defined database. These models can then be used as part of Adaptive Rules and Breach Prediction functionality. Time series are configured inside data sets. Data sets represent a placeholder for different kinds of data collected by the gateway. Currently, they have only time series as a type. Full details of the configuration options for this are found in the Time Series section.

Breach Prediction Copied

A breach is defined as reaching or crossing a maximum tolerable threshold value for any entity or configurable variable in the gateway. Intra-day Threshold Breach Prediction or simply Breach Prediction as it is often called is a feature that allows the user to do breach prediction calculation for any particular or set of variables. This prediction is done based on the model data supplied by the user and logged to the database. As the name suggests, Intra-day Breach Prediction currently does the prediction based on only one day’s worth of data. The user can use the predicted information in a rule to be alerted well in advance if a breach will occur, so that he/she can take appropriate steps. This feature is available by configuring a Gateway plugin sampler. Full details of the configuration options for this are found in the Breach Prediction section.

Adaptive Rules Copied

Adaptive Rules allow Time Series to be used in rule calculations. This means that rules can be “adaptive” based on prior knowledge of the daily variations in the data it is applied to.

Examples include a moving threshold during the day to deal with spikes of traffic at known intervals or ensuring that a value stays within a safe zone during the day. Full details of the configuration options for this are found in the Adaptive Rules section.

Time Series Copied

Basic Configuration Copied

To create a time Series, select the Data sets from the left-hand side in GSE and click on New Time Series.

Time series data is stored in the geneos database in two optional tables. The table names are time_series_user_table and time_series_data_user_table. The schema for these tables is available in the gateway resources directory provided as part of the gateway bundle.

The time_series_user_table stores a set of names and unique IDs. The names are used to map the names of the time series defined in the gateway setup to the IDs used in the time_series_data_user_table. Both name and time_series_id should be unique in this table.

The time_series_data_user_table stores the time series data. There are 3 values per row;

The data is read from the database at gateway start time and at the reload time defined in the setup. It is up to an external process to maintain and update the timeseries tables. This can be controlled using the gateway scheduled command.

adaptive-rules0

Data Sets Copied

Data Sets are a placeholder for different kinds of data collected by the gateway. Currently, they have only time series as a type.

Mandatory: No

timeSeries Copied

Time Series model a day’s worth of data uploaded from the database. The model values can then be used as part of Adaptive Rules and Breach Prediction functionality.

Mandatory: No

timeSeries > name Copied

The name specifies a name that the user wants to identify each time series with.

Mandatory: Yes

timeSeries > description Copied

The description specifies additional information about the time series. One can enter multi-line comments in the description field.

Mandatory: No

timeSeries > external Copied

This specifies the database external settings.

timeSeries > external > reloadTime Copied

The reload time specifies the time of the day that data should be uploaded from the database every day. For this, the time series name should corresponds to one of the database tables configured by the user.

Mandatory: No (Default value is the current time during time series creation).

Breach Prediction Copied

Configuration View Copied

Once created, the Gateway-breachPredictor Plug-in has an empty predictor. A predictor is a logical grouping of data view cells for which breach prediction is to be done. One can create as many predictors as one wants to. The Breach Predictor Gateway Plugin must have at least one predictor configured.

Clicking on ‘Add new’ link presents the configuration options for a predictor. Every predictor presents a Name, a Target, a Threshold value, a Prediction Function to be selected and a Time Series that one wished to use as a model value for the breach prediction calculation.

The rest of the settings for the Breach Predictor Gateway Plugin remain same as any other Gateway Plugin.

adaptive-rules1

Predictor Settings Copied

The settings below define the Gateway-breachPredictor Plugin predictor.

predictors > predictor Copied

A Breach Predictor Gateway Plugin predictor is a logical grouping of the Gateway Data View cells for which one wishes to do breach prediction calculation. One can create one or more predictors for the Breach Predictor plugin.

Mandatory: Yes (at least one predictor must be configured per breach predictor gateway plugin)

predictors > predictor > name Copied

The name specifies a name that the user wants to identify each predictor with. Each predictor name should be unique across a breach predictor gateway plugin. The name must not be empty else it will appear as a validation error in the GSE.

Mandatory: Yes

predictors > predictor > target Copied

Specifies an xpath name or the data items that this predictor applies to. See Xpaths User Guide for more information on xpaths.

Mandatory: Yes

predictors > predictor > threshold Copied

Specifies a threshold value that is to be used for breach prediction calculation. The threshold value must be a valid double value otherwise the predictor will be ignored. The threshold is used as an upper limit value for breach prediction calculation. Currently, there is no way to provide a lower limit threshold value for breach prediction calculation within a particular range. The threshold can be a positive or negative value.

Mandatory: No

Default: 0.0

predictors > predictor > predictionFunction Copied

The prediction function specifies which prediction function is to be used for prediction calculation. The drop down provides 2 values.

Mandatory: No

Default: Linear

Value Effect
linear Linear function is used for breach prediction calculation
percentage Percentage based function is used for breach prediction calculation

predictors > predictor > predictionFunction > linear Copied

Linear based prediction is one where the predicted values of the cell will follow a graph which simulates the slope (or gradient of the actual cell values).

Example: If the current value of cell is 5.00, the current time is 9:00 and actual values are as given in second row below, then the predicted values of the cell will be as given in third row below.

With a threshold value specified as 25.00 the breach will be predicted to occur at 11:00, in 2 hours’ time.

Time of Actual Value 9.00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00
Actual Values -10.00 0.00 10.00 20.00 30.00 40.00 30.00 20.00 10.00
Predicted Values 5.00 15.00 25.00 35.00 45.00 55.00 45.00 35.00 25.00

predictors > predictor > predictionFunction > percentage Copied

Percentage based prediction is one in which prediction is based on the percentage difference between the actual value and current value of the cell. The prediction cannot be done if the current value of cell is zero.

Example 1: If the current value of cell is 20.00, the current time is 9:00 and the actual values are as given in second row below, then the predicted values of the cell will be as given in third row below.

With a threshold value specified as 100.00 the breach will be predicted to occur at 13:00, in 4 hours time.

Example 2: If the current value of cell is -15.00, the current time is 9:00 and actual values are as given below in second row, then the predicted values of the cell will be as given below in third row.

With a threshold value specified as 20.00 the breach will be predicted to occur at 16:00, in 7 hours time.

Time of Actual Value 9.00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00
Actual Values 10.00 20.00 30.00 40.00 50.00 60.00 70.00 80.00 90.00
Predicted Values 20.00 40.00 60.00 80.00 100.00 120.00 140.00 160.00 180.00
Time of Actual Value 9.00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00
Actual Values -30.00 -20.00 -10.00 0.00 10.00 20.00 30.00 40.00 70.00
Predicted Values -15.00 -10.00 -5.00 0.00 5.00 10.00 15.00 20.00 35.00

predictors > predictor > timeSeries Copied

Specifies a time series that is created in the data sets. The drop down shows a list of all the time series that have been created in the data sets.

If the user does not select any time series, then the corresponding rows in the Breach Predictor Data View state that the time series is non-existent and no prediction is done. The prediction is done only if the time series is valid and has data points updated from the database.

Mandatory: Yes

Data View Copied

Upon configuring a valid breach predictor gateway plugin, a data view appears for the plugin. The data view displays as many rows as the total number of data view cells that have been configured through xpaths in all the predictors for that breach predictor gateway plugin.

Row variables (Single row per data item):

Table 1 Breach Predictor Data View Row Variables Description

Variable Name Description
Id Unique identifier for this cell. Prepends Predictor name for identifying which predictor it belongs to.
componentType The directory component type of this dataitem. One of gateway, probe, managedEntity, sampler, dataView, cell.
probe The probe for this dataitem.
managedEntity The managed entity for this dataitem.
sampler The sampler for this dataitem.
dataview The dataview for this dataitem.
cell The cell for this dataitem.
type The configured type for this dataitem.
currentValue The value for this dataitem (in double)
thresholdValue Threshold value provided in the predictor
timeSeries Name of the time series used as a model value for breach prediction calculation.
timeToBreach The predicted time to Breach. Blank in case the cell value is not expected to breach or if the prediction cannot be done.
timeOfBreach The predicted time of Breach. Blank in case the cell value is not expected to breach or if the prediction cannot be done.
description
Information about the breach (One of Breached, Will Breach, No Data, No Prediction or Error: Non-existent Time Series).

No Data will appear if there are no values in the model time series or the current time is beyond the range of time for which the model values are present.

No prediction will appear if the prediction function is percentage-based, and the current value of cell is zero. In which case breach prediction cannot be done.

Adaptive Rules Copied

Introduction Copied

The term Adaptive Rules refers to the ability to refer the current value of a time series from rule logic.

adaptive-rules2

The following shows a rule referring to a time series defined as “maxCpu”. According to the rule logic, if the value of the rule target goes above the value of the time series at that point in time then severity is set to critical.

A time series will typically be created using historical data pertaining to certain managed variables. In the above example, the time series “maxCpu” might have been created using historical data gathered on the rule target itself. Hence in effect the rule is comparing the current behaviour of the value to its historical behaviour. See the Time Series section for more information about creating a time series.

Multiple Time Series Copied

A rule can typically refer to multiple time series.

adaptive-rules3

In the above example high and low thresholds for both warning and critical severity have been defined as time series. Typically such time series would have been generated by running different functions on the same historical data.

["Geneos"] ["Geneos > Gateway"] ["Technical Reference"] "1"

Was this topic helpful?