Unified Analytics Key Metrics

Business Segment

A business portion or unit that drives unique action or functionality. For example, a high level Business Unit, Team, Group, or Organization.

Default fields for business segment include:

bp_v_business_segment

bp_group

bp_assignment_group

assignment_group

Business Category

A logical type of alert that can be connected to a meaningful function, service, or a recurring topic.

This can be a function like infra, networking, application, etc. Or, a more technical alert category such as latency, load, etc.

Default fields for business category include:

bp_v_business_category

bp_category

alert_category

Config Item

An aggregated field used to capture the relevant configuration item.

Default fields for config item includes:

application

bp_application

service

bp_service

bp_v_config_item

Custom fields along with the defaults can be set.

Actionable Incident

An incident that contains high-quality alerts enriched with both technical and business context.

Unified Analytics uses the following criteria to determine if an incident is actionable:

- Incident was explicitly defined as actionable using bp_v_actionable tag

- Incident was enriched with business context (using the bp_v_business_segment tag)

- Incident was acted upon

- Incident was not defined as noise (using the bp_v_alert_noise tag)

The default field for actionable incidents is bp_v_actionable

Incident Outliers

When calculating MTTx metrics, a small number of incidents with very large times can significantly skew the total numbers. This field is used to filter out these incidents and normalize the MTTx measurement.

By Default, Incident Outliers are excluded from specific calculations to provide more accurate results. You can use the BP Incident Outlier field to turn this on or off.

Incidents are set as an outlier if:

- The Assign time is over a day

- The Engage time is over a day

- The Resolution time is over a week

Mean Time to X (MTTx)

Mean Time to X (MTTx) measures the average time it takes to perform an action within BigPanda. MTTx metrics calculate the performance of your Incident Management team.

Mean Time to Assign (MTTA) - The average amount of time it takes the IT Ops team to assign the incident. In BigPanda, MTTA is calculated based on the time until the assign action is used.

The calculation for MTTA is (First assigned time - Start time)/60. First assigned time comes from the activity_type assigned, and the time is from the created_time field.

Mean Time to Engage (MTTE) - The average amount of time it takes the IT Ops team to engage in handling the incident. In BigPanda, this is measured by the time it takes to perform an action other than assign. Activities can include the activity_type comment, snooze, or share.

The calculation for MTTE is (First activity time - Start time)/60.

Mean Time to Fix (MTTF) - The average amount of time between engagement and resolution. In BigPanda, MTTF is automatically calculated from the time someone performs an action on the incident, to the resolution of the incident.

The calculation for MTTF is MTTR - MTTE - MTTA (when the action is earlier than the resolution time).

Mean Time to Resolve (MTTR) - The average amount of time it took to get back to service. MTTR looks at the repair of alert symptoms as opposed to the complete resolution of the incident. In BigPanda, it is calculated from when the first event was received, to the resolution of the last alert.

The calculation for MTTR is (End time - Start time)/60.

End time is the end_time from Raw Incidents and Start time is the start_time from Raw Incidents.

Mean Time Between Failures (MTBF)

The average amount of time between failures. MTBF measures issue recurrence, or the time between when an incident is resolved and when/how often it reoccurs.

MTTR Volatility

Measures the consistency in the time it takes to resolve incidents. MTTR Volatility is measured based on the ratio between average MTTR and the median.

Compression Ratio

The percent of alerts that were correlated and deduplicated into incidents.

Enrichment Hit Rate

The percent of alerts that were enriched in BigPanda.

BigPanda Workload

The number of resolved incidents multiplied by MTTR. Measures the impact of BigPanda on the overall team efficiency.

Quarter over Quarter (QoQ)

Quarter over Quarter (QoQ) is the change from the previous quarter to the last quarter in the timeframe.

If a timeframe has multiple quarters, the comparison will be from the last quarter in the timeframe to the previous one.

If a timeframe has only one quarter, the comparison will be between that quarter and the one before it.

Alert Status

The current status of the alert. Possible alert statuses include Ok, Critical, or Warning.

When alert status changes are counted, this includes the initial status. Changes to the OK or Resolved status are not counted.

Incident Closure

BP Incident Closure

Based on actions, incidents are categorized as:

Shared - The incident was manually shared

Auto Shared - The incident was AutoShared

Auto Resolved - The incident was resolved externally

Missed - The incident resolved itself without intervention, no action was taken on the incident

No Action - The incident was resolved manually in BigPanda with no other incident action taken

Resolved in BP - Action was taken on the incident, and the incident was resolved within BigPanda

Still Open - The incident is still open

Incident Outliers

BP Incident Closure

Incidents are set as an outlier if:

Assign time is over a day

Engage time is over a day

Resolution time is over a week

If an incident isn’t an outlier, the setting is Valid

Resolution Bucket

BP Incident Resolution Bucket

Resolution buckets include the following:

Still Open

Under 5 min

5 - 30 min

30 - 60 min

1 - 4 hours

4 - 24 hours

1 - 7 days

Over a week