A number of correlation techniques are currently available for identifying a root cause of an event in a network of linked entities. These include rule sequence, state transition, code-book and case based analysis. Each of these exhibits flaws that reduce the effectiveness and worth of the correlation process.
The correlation process may require precise and complete modelling of the physical network topology for a reasoned analysis of events. Any inaccuracies in the physical topology model arising from unavailable, stale, incomplete or incorrect information will undermine the accuracy of any analysis performed.
Moreover, the model used to depict the network structure may be rigid and unable to dynamically adapt to new information about network entity configuration and topology changes, creating inevitable errors in the correlation process when changes to the network occur.
The rules that guide the correlation process can be non-intuitive and make the analysis of the root cause event opaque and incomprehensible to human observers, which limits the trust that humans will place on the outcome of any analysis and restricts their ability to recognize why or where an outcome is inaccurate. This hinders the evolution of the correlation process in becoming a more consistent, accurate and complete process by restricting human interaction in the correlation process.
The context used for aggregating events under a common cause may be transient causing related events to be missed when they are delayed by communication lags and failures and arrive after the relevant correlation context has lapsed.
The overhead of the correlation process itself may enforce restrictions on the throughput of the events considered for correlation and the volume of events received for correlation may be attenuated by prior filtering and consolidation, which inevitably limit the information available to the correlation process and its accuracy.
The correlation model may recognize only narrow aspects of network functionality and associated operational activities and be unaware of all the information relevant to network status and performance. A partial view of the information relevant to a situation undermines the accuracy of the analysis performed around it.