cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Service activity alarm

erenedo
Organizer

Hello,

Could anyone explain me what this alarm does? I thought this alarm notices when new traffic for a software service is detected.

But I created a DMI to know how much traffic is captured right now and I see there was traffic before this alarm was raised.

Thanks.

Elena.

2 REPLIES 2

Babar_Qayyum
Leader

Hello Elena,

This is for the detection of new service activity which means there was a traffic for the software service and after that no traffic was detected e.g.


  • Traffic volume for the last 10 days
    For the selected software service, this charts traffic volume over the last 10 days (relatively long-term behavior of the service).
  • Bandwidth usage for the selected 24h period
    For the selected software service, this charts client and server bandwidth usage over the last day (relatively short-term behavior of the service).

Review the below link for better understanding.

https://www.dynatrace.com/support/doc/dcrum/cas-an...

Regards,

Babar

Jacek_Janowicz
Dynatrace Pro
Dynatrace Pro

Hi Elena

The main
goal of service activity alerts is to inform customer, that new service
recently started to be active in environment monitored by DC RUM. Similarly,
there are so called inactivity alerts, which inform customer that service which
was previously present in his environment, is not active anymore. In other
words, SAC (Service Activity Changes) are supposed to point out that something
new happened or something recently changed in the environment.

Additionally,
with SAC reports workflow we’d like to help customers to handle such changes,
to get the time context (Is this service completely new? Or perhaps it was previously
seen two weeks ago?) as well as server context (Is service marked as new
running on new, previously unknown server? Or maybe we can see new, unexpected
activity on our main server with multiple other, important services?). Of
course, further analysis of activity events with standard DC RUM explorers
reports is also available. Everything for purpose of making decision what to do
with new services (Monitor it as user defined software service? Investigate further
or inform another department? Ignore the change?) easier.

Regarding your
doubt, about traffic seen on DMI reports before triggering alert: SAC mechanism
consider service as an active when there is at least 5 minutes long time period
during which total bandwidth usage for the service is over 64Kbits/s. This
threshold has been introduced to avoid so called false alerts, indicating really
small amounts of traffic. Of course, value of the threshold is configurable.

This is obviously tip of an iceberg, we can go deeper into details if you like. However,
as a starting point I would strongly recommend not only to take a look at documentation
mentioned previously by Babar, but mainly to check an excellent webinar “Using
Service Activity Changes to understand my environment”: https://university.dynatrace.com/education/dcrum/...

My colleague, @Mike H. presents the feature, use cases, reports workflows, so
I strongly believe that you will find lot of answers in this material. Of course, I’ll
be happy to answer any further questions related to SAC, so in case of
doubts don’t hesitate to ask me.

Best
Regards,

Jacek