ARCANNA Explained Part III – User Feedback

In the previous two articles of this series we saw how ARCANNA reduces noise through event clustering as well as determine the probable root cause of an issue.

Let’s recap what are the three modules of ARCANNA that play an important role in the final output:

  • Clustering the events
  • Probable root cause determination
  • User-provided feedback

In this article we will take a closer look at the last of these 3 modules: user-provided feedback.

What do we mean through user-provided feedback

Machine learning has three main parts: writing the algorithm, testing the algorithm and, most importantly, improving the algorithm.

By going through this cycle the algorithm “learns” based on previous iterations which results were correct and which weren’t and this helps it improve its success percentage. Usually this is done by the algorithm itself by taking the results and implementing them within the model with good and bad.

For ARCANNA we chose to give users the ability to tell the model exactly which results were correct and which weren’t.

How it works

As events get analyzed and ARCANNA makes decisions regarding which events are the most probable to be the root cause, those results are presented to the user. The user analyzes the events presented and further investigates the issue by using those events as the starting point.

During the investigation process the user will discover that some events which ARCANNA found as probable root causes are actually symptoms of the problem and not the actual cause. The user can now go back to the ARCANNA machine learning job and mark that particular event as a symptom. Similarly, when the root cause of the issue is discovered  the user can mark that particular event as the root cause in the ARCANNA machine learning job.

Once the root cause is determined and indicated in the machine learning job together with the symptom events, all the information is sent back into the Elastic Stack in a dedicated index. This allows for further analysis of the issue as well as creating a knowledge database which can be used for optimizations and improvements.

Why give users the ability to influence the algorithm?

In the machine learning cycle (building the machine learning, testing it and improving it) probably the most critical aspect is improving the algorithm, which is done based on feedback on the results of the machine learning job. Thus, by giving users the ability to indicate which result is correct and which is a symptom, the control over the training process and over  improving the algorithm is in the hands of the engineers which interact with the infrastructure the most.

Similarly, user feedback enables ARCANNA to adapt to any organization’s IT environment no matter the size and complexity. This is because in the situation when the determined root cause was not the actual cause or was influenced by another event, that particular event can be flagged as the root cause. Through this ARCANNA adapts to your IT environment’s particularities and allows users to fine tune the machine learning job at a very granular level.

For more information on ARCANNA visit this page or check this video from Elastic{ON} New York 2019.