The present invention relates generally to data monitoring systems and, more particularly, to methods, systems, and computer program products for providing intelligent monitoring services.
In current monitoring systems where a large number of metrics are monitored and the values stored persistently, a mechanism is needed to evaluate all of these metrics in real-time to alert to emerging changes from the normal behavior. Evaluating large amounts of data can be a daunting task, even when the data is graphically presented, as the quantity of the data represented in graphical form can overwhelm the reviewer of the data and important information may be visually “buried” in the graph.
One example application of monitoring large quantities of data includes, e.g., a system that measures transaction rates on a high volume of databases. Another application includes a system that measures heart rates for thousands of patients. Traditional monitoring methods use boundary alerting. Boundary alerting involves establishing pre-defined static values and using the pre-defined static values to establish a baseline of acceptable behavior. This may be implemented by defining alert rules specific to each metric after first determining what the norm is for the metric. Using the first example above, if the transaction rate exceeds 100 transactions per second (whereby the static value is 100), an alert may be generated. Using the second example above, if the heart rate goes higher than 120 beats per minute (bpm) or lower than 60 bpm (whereby the static value is represented by a maximum and minimum acceptable value), an alert may be generated. Boundary alerting oftentimes use artificially wide boundaries in order to prevent false alarms, which can result in a delayed alert.
What is needed, therefore, is way to efficiently monitor quantities of data and timely detect any anomalies.