Observability and AIOps: The complete closed-loop automation for incident management

By – Saurabh Dhunna

(Engineer – AI/ML | Digitate)

Dr. Maitreya Natu

By – Mohd Anas Rasheed

(Product Marketing Manager | Digitate)

Imagine that on a critical business day, suddenly key applications or microservices become unavailable. The result will be a huge monetary loss to the organization. Downtime is expensive – over $1 million for a single hour as reported by 44% of large and mid-size enterprises, according to the ITIC 2021 – hourly cost of downtime survey.

In the world of IT operations and service management, identifying potential issues is just the tip of the iceberg. Resolving these issues seamlessly, before they even become a potential risk to business services, is the key to thriving in the highly competitive environment.

Growth of AIOps – From a buzzword to a “must-have”

Today, IT systems create thousands of events per second. Having humans monitor all these would be prohibitively expensive, and yet they still would not react quickly enough. This paved the way to the practice of implementing Artificial Intelligence (AI) for IT operations, popularly known as AIOps. It helps in separating events with a business impact (from the noise) and resolving them autonomously. So, in the future, managing IT operations without AIOps will be challenging because of the rapid growth in data volumes and the rate of change.

A modern-day AIOps platform detects anomalies, suppresses noise with correlation/de-duplication, helps in triaging and performing root cause analyses (RCA), and suggests/applies fixes. In fact, AIOps platforms that enable such capabilities are being rapidly adopted in all industries. AIOps market is estimated to grow at 15% annually between 2020 and 2025, with an estimated market size between $900 million and $1.5 billion in 2020, according to the latest Gartner report

Combined strength of full-stack Observability and AIOps

To stay profitable, an enterprise must maintain uninterrupted business processes so it’s always worried about the performance and availability of the applications that run those processes. To do so, the IT command center teams should be able to measure the inner state of these applications based on the data generated by them, such as logs, metrics, and traces – also known as Observability.

The full-stack Observability is defined by the MELT capabilities – Metrics, Events, Logs, and Traces.

Image: Observability and AIOps can help in closed-loop incident management automation


Metrics can indicate “what” is wrong with the system. They provide a holistic overview of the behavior and health of the systems. They are the raw material used by the monitoring system to construct a complete view of the entire environment, automate responses to changes, and alert users if necessary. Metrics are the core values used to understand historical trends, correlate various factors, and measure changes in performance, consumption, and error rates.

Logs help in answering “why” is the problem occurring. Log aggregation consists of compiling, organizing, and indexing log files to facilitate management, retrieval, and analysis. Although a separate process from monitoring, aggregated logs may be used together with the monitoring system to identify causes and investigate failures.

Traces help in answering “where” is the problem. They trace the path of the transactions, end-to-end. Thus, they help in figuring out where the application is getting stuck or what components are triggering the problem.

And finally, Events. This capability is mainly responsible for noise suppression – focusing on the alerts that matter, ignoring unimportant alerts; and auto resolution – applying fixes to issues autonomously based on knowledge and experiences.

If you have full-stack Observability data (MELT), it can be fed into an AIOps platform to correlate the events and identify/resolve issues using AI/ML. This eliminates the pain points and lessens the burden on IT command center. By achieving full-stack Observability, you are hitting the core of the problem. Then, you can bring in AIOps to help you achieve your ultimate business goals – reduced cost, enhanced efficiency and productivity, and improved customer experience.

Introducing ignioTM Observe – An add-on module of ignioTM AIOps

Now imagine a solution that not only monitors the performance of the application, but also performs intelligent automation as a part of AIOps. A platform that builds on the tribal knowledge of the IT teams and their existing traditional tools.

ignioTM AIOPs with the new ignioTM Observe module have been launched as a part of the Dragon Release. ignio Observe with ignio AIOps plays a key role in the conversion of logs data into distinct patterns thanks to its data mining capability and then resolves the anomalies detected by triggering events and auto-fix seamlessly.

To enhance user experience (UX) with improved application availability, Observe mines millions of log lines to find distinct patterns for the blueprinted applications. These log lines can be extracted from the log files of 3-tier application architecture (application, web, and database servers) or any hosted microservice. It monitors log files for the selected patterns and presents metrics data in a format that allows for quick, intuitive interpretation through graphs and charts.

Once it identifies a selected pattern in the log files of the target server where its agents are deployed, it raises events that are sent to ignioTM IT Event Management for auto-remediation, completing the closed-loop automation of incident management.

Summarizing – full-stack Observability with AIOps

Although Observability and AIOps can work standalone, they complement each other to form a holistic incident management solution. AIOps needs data Observability to get visibility into operations data, while Observability depends on AI to prioritize and auto-resolve since the amount of data collected is massive. An efficient Observability – AIOps solution enables an organization to link the performance of its applications to its operational results by isolating and resolving errors before they hamper the end user experience and also decrease the mean-time-to-detect (MTTD) and mean-time-to-resolution (MTTR).

Related posts

Leave a Reply