As we have seen in the previous articless, the treatment of false positives in the supervision is essential. Indeed, the absence of treatment drastically increases the operating cost of the IS through unnecessary and costly interventions.
ServiceNav, as a monitoring solutionIn order to avoid false positive results, the company proposes different ways to avoid false positives, in particular through a correct setting of the supervision: thresholds and additional controls.
But where to start?
A recurring question that comes up when configuring the monitoring and when dealing with false positives is: where to start?
In reality, there are 2 types of false positives if no work has been done:
- Those who are always on alert or critical and do not change their status.
- It is often a problem of thresholds. For example, the number of users connected to an MS SQL database is always between 100 and 250 with a critical threshold of 30. In this case: the thresholds must be adjusted.
- Those that "bumble", meaning that their status changes from OK to not OK (Alert, Critical or Unknown) several times a day.
- This may be a problem of thresholds, but more likely it is a problem of additional controls not being put in place.
How to identify the elements to be treated?
For the first caseWith the elements permanently in non-OK, the technical operation of ServiceNav and its filters is the best place to work.
By looking for all the non-OK and non-acknowledged items and asking about each of them, I check the metrics tab, I look at the history, ...
- Real problem? I take it into account, I open a ticket thanks to the integration ticketing (the item will be acknowledged) and the RUN team will take care of it
- False positives? I modify the thresholds
For the second caseThere are also tools in ServiceNav, such as the report "Summary of operating information".
An Excel file that outputs for the 7, 30 or 90 days of your choice, for each item the number of passages in each status and the time for each status.
Here is an example over 7 days: (we have sorted the column "Number of critical visits in descending order")
We can see very quickly that by processing the first 10 lines (i.e. 10 equipment or services out of the 1315 in the file), we will reduce the number of alerts by more than 50% (386 out of the 736 in the file).
The ROI is therefore immediate!
In conclusion
The interest in handling false positives in supervision is a must. ServiceNav offers tools and methods to optimize the treatment, consultants trained in these tools to help you if necessary.
What's next?
For ServiceNav, the treatment of false positives from supervision remains a priority and the entire BigData stack deployed since the version 4.0 will bring even more intelligence to the product and in the coming months will propose automatic threshold adjustments or make proposals for additional controls.
