One of the features of AOS-CX NAE introduced in 10.1 is Baselining! This is a feature that allows an NAE agent to create and adjust thresholds dynamically, by learning from the data as it happens.
This is especially useful for setting conditions to alerts that have different anomalous values over time, or for those thresholds that you are not quite sure to set at.
Here is a high level explanation as to how Baselining works, describing the learning process, the smoothing calculations, and how to implement it into your own Network Analytics Engine scripts!
In this graph, you can see the timeline of how Baselining interacts with what an agent is monitoring. When first enabling the agent, the baselining feature takes some time to learn from the traffic flow to set the initial baseline values. After that initial learning period, the baseline feature calculates the High threshold and Low threshold. The High Threshold is what is used to identify anomalous traffic to trigger an alert. The Low threshold is what is used to clear the alert, when the traffic gets back to a normal/expected state. Towards the far right of the graph, you can see that the thresholds have learned from the higher traffic rate and adjusted the thresholds accordingly.
In order to add Baselining to your script, you simply need to add 2 lines: One for setting the algorithm, and one for the baselining object creation. I’ve highlighted the two lines in this code snippet
The first line I’ve highlighted defines the algorithm to be used to calculate the baseline, with a parameter for the continuous learning window, which is the time slices the algorithm takes to update the baseline calculation.
The second line I’ve highlighted creates the baseline, with the parameters of which monitor to set the baseline against, which algorithm to use (specified in what I’ve described above), the title displayed on the graph of the agent, the multiplier for the high threshold (usually whats the anomalous traffic), the multiplier for the low threshold (usually the reset to “normal” status), and the initial learning time it takes to calculate the baseline.
That’s all it takes to add a baseline to your NAE script! Feel free to post any questions or comments. Thanks!