Aggregation & Correlation • Room 1

Aggregation Policies

Aggregation Policies are ITSI's primary mechanism for reducing alert noise. Instead of generating a separate Notable Event for every KPI breach, aggregation policies group related events based on rules you define.

During a data center power event, hundreds of KPIs might breach simultaneously. An aggregation policy can group all events from the same data center into a single Notable Event, dramatically reducing noise.

Start with loose aggregation (group by service) and tighten over time as you learn your environment's event patterns.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

❤️❤️❤️

Question 1 of 2

What is the primary purpose of Aggregation Policies?

ASpeed up searches

BReduce alert noise by grouping related events into consolidated Notable Events

CEncrypt KPI data

DManage entity permissions