Fusing information from tickets and alerts to improve the incident resolution process
Date
2018-01-18
Authors
Salah, Saeed
Maciá-Fernández, Gabriel
Díaz-Verdejo, Jesús E.
Journal Title
Journal ISSN
Volume Title
Publisher
Elsevier B.V.
Abstract
In the context of network incident monitoring, alerts are useful notifications that provide IT management staff
with information about incidents. They are usually triggered in an automatic manner by network equipment and
monitoring systems, thus containing only technical information available to the systems that are generating
them. On the other hand, ticketing systems play a different role in this context. Tickets represent the business
point of view of incidents. They are usually generated by human intervention and contain enriched semantic
information about ongoing and past incidents. In this article, our main hypothesis is that incorporating tickets
information into the alert correlation process will be beneficial to the incident resolution life-cycle in terms of
accuracy, timing, and overall incident’s description. We propose a methodology to validate this hypothesis and
suggest a solution to the main challenges that appear. The proposed correlation approach is based on the time
alignment of the events (alerts and tickets) that affect common elements in the network. For this we use real alert
and ticket datasets obtained from a large telecommunications network. The results have shown that using ticket
information enhances the incident resolution process, mainly by reducing and aggregating a higher percentage
of alerts compared with standard alert correlation systems that only use alerts as the main source of information.
Finally, we also show the applicability and usability of this model by applying it to a case study where we
analyze the performance of the management staff.
Description
Keywords
Quality of service , Data analysis , Network management systems , Alert correlation , Ticket-alert correlation
Citation
TY - JOUR AU - Salah, Saeed AU - Maciá-Fernández, Gabriel AU - Díaz-Verdejo, Jesús PY - 2018/01/17 SP - T1 - Fusing Information from Tickets and Alerts to Improve the Incident Resolution Process VL - 45 DO - 10.1016/j.inffus.2018.01.011 JO - Information Fusion ER -