Unified Assurance Event Root-Cause Analysis (RCA) Connector
Overview
The Unified Assurance Event Root-Cause Analysis (RCA) Connector is primarily concerned with relationships and it monitors the event stream while leveraging an existing network hierarchy defined in the graph database to determine where an issue started and suppress downstream device alerts.
For example, assume a router is connected to two switches, which then have servers connected to the switches. If the router goes down, alerts will be generated for all of the devices in the network that are unreachable, but the connector will suppress the downstream device events while keeping the router event the same.
Root-Cause Analysis (RCA) Connector
-
The connector requires that a hierarchy of relationships for devices be defined in the graph database. Refer to the graph database section for an example on how to define a device relationship model. Graph Database and Topology
-
Enable the default Service, unless a specific configuration option is needed.
Default Service
| Field | Value |
|---|---|
| Package Name | coreProcessing-app |
| Service Name | Event Root Cause Analysis (RCA) |
| Service Program | bin/core/processing/RCAConnectord |
| Service Arguments | |
| Service Description | Root Cause Analysis (RCA), custom processing and analysis of event data |
| Failover Type | Standalone (Supported: Standalone, Primary/Backup) |
| Status | Disabled |
| Privileged | (Checked) |
Default Configuration
| Name | Value | Possible Values | Notes |
|---|---|---|---|
| BaseRules | processing/event/rca/base.rules | Text, 255 characters | Relative path to Base Rules. |
| BranchDir | core/default | Text, 255 characters | Relative path to Rules directory. |
| IncludeRules | processing/event/rca/base.includes | Text, 255 characters | Relative path to Include Rules. |
| LoadRules | processing/event/rca/base.load | Text, 255 characters | Relative path to Load Rules |
| LogFile | logs/EventRCAConnector.log | Text, 255 characters | Relative path to Log File. |
| LogLevel | ERROR | OFF, FATAL, ERROR, WARN, INFO, DEBUG | Logging level used by application. |
| PollTime | 60 | Integer | Interval in seconds in which the connector polls for possible events to be processed. |
| SelectSQLFile | processing/event/rca/events.sql | Text, 255 characters | Relative path to SQL file containing database query. |
| ShardID | 1 | Integer | Events Database shard to use. 0 to read from all shards |
| EdgeTypeID | Integer | Optional - Combobox of available Edge Types. Directed graph link type to use when determining parent devices. Requires Topology Perspective Stitcher job (using the Topology Database Stitcher application) to have been run. Should be either "HasPrimaryPerspective" or "HasSecondaryPerspective". |
Rules
This connector uses the Unified Assurance standard rules architecture. The rules are written in Perl syntax. Refer to the following guides for details on rules creation:
Tokens
The connector exposes the following tokens for rules processing.
| Token | Description |
|---|---|
| $EventRow | Resulting data from query. Use $EventRow->{'FieldName'} to access the "FieldName" data. Each row contains the reserved data field ShardID which is the ShardID it was read from. |
| $EventDBHandles | Database handle hash containing open connections for all configured shards keyed by shardID. ShardID is available from the event e.g. $EventDBHandles->{ $EventRow->{ShardID} } to get the database connection for the event's shard. Passed into rules functions to update the event, etc. |
| $AppConfig | Hash reference to the application configuration name-value pairs that were configured. (i.e. use $AppConfig->{'Host'} to retrieve the set value for 'Host'.) |
| $CustomHash | Custom key, value cache available across all rules. Contents commonly defined in Load Rules then used in Base or other rules. NOTE: This variable is a shared object and any additional sub hashes or arrays must be shared before use or it will cause the error: "Invalid value for shared scalar". Instantiate the sub hash/array using '&share({})' e.g. $CustomHash->{SubObject} = &share({}); |
| $StorageHash | Internal cache used as the StorageHash option when calling rules functions such as FindDeviceID(). NOTE: The structure of this cache is subject to change! Not recommended for custom global storage or manual manipulation; use $CustomHash. |
| $RulesDBH | Unified Assurance Database Handle. Used by rules function to lookup information, create and update records, etc. |
Administration Details
The following list shows the technical details needed for advanced administration of the application:
-
Package - eventRCA-app
-
Synopsis -
./RCAConnectord [OPTIONS] -
Options:
-c, --AppConfigID N Application Config ID (Job ID) -?, -h, --Help Print usage and exit -
Threaded - Single Threaded