Event management is a technology for making sense of a large number of events and pinpointing a few ones that are really important. AggreGate servers processes billions of events received from diverse sources and generated within the system, but only few of them are manually analyzed by system operators and administrators.
Event management is a complex task involving multiple stages:
- Event filtering. At this stage, events that don't match specific criteria (source, severity, domain-specific rules) are being filtered out from processing chains and business views.
- Event aggregation. Aggregation, also called event deduplication or reduction, allows the system to minimize the overall number of processed events by joining instances that appear to be similar according to user-selected criteria.
- Event masking. Masking means ignoring events that come from sources depending on system elements that are deemed to be failed.
- Event correlation. Correlation engine finds simple relations between similar events, usually one of them marking an outset of a certain process or state, and the second one marking its termination.
- Root cause analysis. This is the most complex stage of event management process. It involves analyzing relations between events and their environment followed by finding a cause of each event.
- Event enrichment. Enrichment process is similar to automatic acknowledgement that assumes pulling external information and attaching it to every event instance. For example, an alert event may be enriched with a Service Desk trouble ticket number.