DEV Community

Da
Da

Posted on • Originally published at sensaka.com

Why Must AIOps Move from Processing Alerts to Understanding Business Service Relationships?

The alerts have been processed, but the business problem remains

A critical business system begins responding slowly, and the monitoring environment immediately generates a large number of alerts. Application server CPU usage rises, database connections increase, storage latency fluctuates, containers restart, and network ports report packet loss.

A conventional alert platform can deduplicate, compress, classify, assign, and notify. However, it may still struggle to answer the most important questions: How are these alerts related? Which abnormal condition is closest to the root cause? Which business service is affected?

Faster alert processing reduces the manual effort required to review and categorize notifications, but it does not automatically create an understanding of the production environment.

A business system depends on applications, databases, middleware, virtual machines, containers, servers, storage, and networks. When one component becomes abnormal, alerts propagate through these dependencies.

Root cause analysis requires a reliable map of service relationships. Without it, AI sees a collection of signals occurring at similar times. It cannot easily determine the direction of failure propagation or evaluate the actual business impact.

Why traditional AIOps remains centered on alerts

Early AIOps platforms generally began with event management. They collected alerts from different monitoring systems and used rules, statistical models, or machine learning to deduplicate, reduce noise, group events, and assign priorities.

These capabilities help control alert volume. Repeated notifications from the same device can be merged, rapidly fluctuating alerts can be suppressed, and events generated during a maintenance window can be filtered.

However, similar alerts do not necessarily have a causal relationship.

Two alerts may occur at the same time while belonging to unrelated incidents. Another alert may appear after the original failure but receive a higher severity rating. Analysis based mainly on text, timestamps, and historical cooccurrence can mistake correlation for causation.

Some platforms rely on the CMDB for resource relationships. However, CMDB data often becomes outdated as applications move, databases fail over, containers are recreated, and hardware configurations change.

There is also a risk of excessive relationship detail. Organizations sometimes attempt to record every IP address, port, process, and communication connection in a knowledge graph. The project then becomes difficult to maintain.

Incident analysis usually needs a clear service dependency chain. An application service depends on a database service, and the database service depends on storage. Trying to model every possible technical detail can make the system more complex without improving investigation speed.

When reliable service relationships are missing, even a large language model may be limited to summarizing alert text, generating generic troubleshooting suggestions, or repeating knowledge base content. It cannot reason confidently across the actual dependency chain.

How Sensaka builds AIOps around business services

Sensaka combines DCOS, iDCOS, and SmartBSM to connect hardware facts, software resource relationships, and business service dependencies.

Sensaka DCOS covers physical infrastructure such as servers, storage, network devices, security equipment, and environmental systems. It provides device and component level status that operating system monitoring may miss, including disks, memory modules, power supplies, fans, ports, temperature, and power consumption.

Sensaka iDCOS manages operating systems, virtual machines, databases, middleware, containers, Kubernetes, and cloud resources. It also manages configuration items and their dependencies.

This helps the platform understand where an application runs, which database it uses, which middleware services support it, and which physical resources are underneath the software environment.

Sensaka SmartBSM organizes business systems, application services, technical components, and business processes at a higher level. Companies can create business topologies, assign health indicators and importance levels, identify responsible teams, and map infrastructure alerts to specific business objects.

Consider an incident in which storage latency slows a database. The database problem causes an order service to time out, which prevents users from completing a submission.

SmartBSM can present the impact path as storage service, database service, order service, and business process. Multiple technical alerts can be organized into one business incident, giving operations teams a likely cause, propagation path, and impact scope.

The relationship map also gives AI a foundation for reasoning. AI can combine current alerts, resource status, recent changes, historical cases, and service dependencies. It can generate several possible explanations and investigate different dependency paths.

Knowledge bases and historical resolution records add further context. Validated troubleshooting procedures can become standardized operational workflows.

Actions involving restarts, failovers, or configuration changes can remain subject to human approval, increasing efficiency while maintaining control over production systems.

Why Sensaka starts with service relationships

The first difference is coverage across both business services and physical infrastructure.

Many AIOps products focus primarily on logs, metrics, traces, and cloud native environments. Sensaka also uses DCOS to incorporate physical components and data center environmental information.

The second difference is relationship granularity. Root cause analysis requires clear service dependencies and business impact, while engineers still need the ability to investigate individual devices and components.

Companies can begin with critical business services instead of first building an enormous relationship graph containing every IP address and port.

The third difference is the ability to use existing CMDB and monitoring investments. Current data can provide initial relationships and operational signals. Sensaka iDCOS continually governs resource relationships, while Sensaka SmartBSM organizes the information around business services.

Existing monitoring platforms can continue performing their specialized roles.

The fourth difference is verifiable analysis. Engineers can see which alerts, resource relationships, recent changes, and historical cases informed the conclusion. They can also inspect the potential propagation path through the business topology.

This makes AI assisted analysis easier for production operations teams to evaluate and trust.

The next stage of AIOps must help organizations understand how an abnormal condition travels through a service chain and which customers or business processes are ultimately affected.

Alert processing is the entry point. Service relationships provide the foundation for root cause analysis, impact assessment, and controlled automated remediation.

Top comments (0)