In today's world, a network deployment may include thousands of network devices, such as routers, switches, and other networking devices. Each device in such a network may generate alerts regarding the status of the device (e.g., network alerts, etc.), resulting in a large amount of alerts generated by the network. A network manager may attempt to analyze each and every alert, to determine the root cause of network alerts and diagnose network problems.
The relationships between network devices can cause network alerts to be interrelated. In other words, a change in the behavior of one network device may affect the behavior of any number of other devices in the network. For example, failure of one network device can affect the functioning of other network devices, thus producing alerts across the set of affected devices. In many cases, however, the root cause of a set of alerts (e.g., failure of a single network device) may not be readily apparent upon initial inspection of the alerts. One of the main challenges in administering a network of devices, therefore, is to rapidly determine the root cause of a set of related alerts, so that corrective measures can be taken.