JUCS - Journal of Universal Computer Science 27(11): 1152-1173, doi: 10.3897/jucs.76608
Incident Management for Explainable and Automated Root Cause Analysis in Cloud Data Centers
expand article infoArnak Poghosyan, Ashot N. Harutyunyan, Naira Grigoryan, Nicholas Kushmerick§
‡ VMware, Yerevan, Armenia§ VMware, Seattle, United States of America
Open Access
Abstract

Effective root cause analysis (RCA) of performance issues in modern cloud environ- ments remains a hard problem. Traditional RCA tracks complex issues by their signatures known as problem incidents. Common approaches to incident discovery rely mainly on expertise of users who define environment-specific set of alerts and  target detection of problems through their occurrence in the monitoring system. Adequately modeling of all possible problem patterns for nowadays extremely sophisticated data center applications is a very complex task. It may result in alert/event storms including large numbers of non-indicative precautions. Thus, the crucial task for the incident-based RCA is reduction of redundant recommendations by prioritizing those events subject to importance/impact criteria or by deriving their meaningful groupings into separable situations. In this paper, we consider automation of incident discovery based on rule induction algorithms that retrieve conditions directly from monitoring datasets without consuming the sys- tem events. Rule-learning algorithms are very flexible and powerful for many regression and classification problems, with high-level explainability. Since annotated or labeled data sets are mostly unavailable in this area of technology, we discuss data self-labelling principles which allow transforming originally unsupervised learning tasks into classification problems with further application of rule induction methods to incident detection.

Keywords
data center management, performance incidents, anomaly detection, root cause anal- ysis, machine learning, rule induction, RIPPER, JRip