The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Computer system technicians prefer to detect and begin resolving incidents in which system operations are failing or performing poorly before end-users of the system contact them with complaints. To that end, organizations often invest in monitoring software that is capable of collecting hundreds of distinct measurements. An organization may devote human resources to periodically reviewing the measurements and conducting further investigation into measurements that indicate a current or potential future incident.
One problem that arises when using such monitoring software on a large complex system that may experience a large number of independent problems is that alerts are generated for issues that do not require attention. Such false positive alerts waste precious time as technicians diagnose non-problems, and false positive alerts obscure the alerts that do represent critical problems.