Fusing Information from Tickets and Alerts to Improve the Incident Resolution Process
Identificadores
URI: http://hdl.handle.net/10481/55283Metadatos
Mostrar el registro completo del ítemMateria
Quality of Service (QoS) data analysis Network Management Systems Alert Correlation Ticket-Alert Correlation
Fecha
2018Resumen
In the context of network incident monitoring, alerts are useful notifications
that provide IT management staff with information about incidents. They are
usually triggered in an automatic manner by network equipment and monitoring systems, thus containing only technical information available to the systems
that are generating them. On the other hand, ticketing systems play a different
role in this context. Tickets represent the business point of view of incidents.
They are usually generated by human intervention and contain enriched semantic information about ongoing and past incidents. In this article, our main
hypothesis is that incorporating tickets information into the alert correlation
process will be beneficial to the incident resolution life-cycle in terms of accuracy, timing, and overall incident’s description. We propose a methodology to
validate this hypothesis and suggest a solution to the main challenges that appear. The proposed correlation approach is based on the time alignment of the
events (alerts and tickets) that affect common elements in the network. For this
we use real alert and ticket datasets obtained from a large telecommunications
network. The results have shown that using ticket information enhances the
incident resolution process, mainly by reducing and aggregating a higher percentage of alerts compared with standard alert correlation systems that only use
alerts as the main source of information. Finally, we also show the applicability
and usability of this model by applying it to a case study where we analyze the
performance of the management staff.