Four key techniques of Cognitive Operations

Forrester recently published the report: “Vendor Landscape: Cognitive Operations”, defined as the “AI version of IT ops management and application performance management.” While cognitive ops solutions can help IT manage increasingly complex and dynamic environments with less effort, Forrester says, “the power of Cognitive Operations depends on the technology within.”

As a pioneer in the use of artificial intelligence in IT operations, having launched our AI-powered platform over three years ago, we couldn’t agree more.

Why we can support all aspects of cognitive ops, while others can’t

When we designed our platform, we realized that traditional approaches would no longer work for managing modern, dynamic, web-scale applications. The complexity, scale and rate of change is simply more than humans can keep up with using traditional tools.

This blog discusses four of the fundamental changes in approach that we identified were needed, and purpose-built the Dynatrace platform around this foundation.

Full stack monitoring

For AI-powered analysis, everything starts with data. The better the data, the better the insights.

Many Cognitive Ops platforms don’t provide any data themselves. Instead, they rely on events and time-series inputs from various monitoring sources. There are two problems with this approach.

First, the data is siloed and lacks transactional context. Most monitoring tools still focus on a particular domain, and those that do cover multiple domains still treat them as individual silos of data. Cognitive Ops platforms may ingest and attempt to correlate all this data, but the data sources are still fundamentally disconnected without the proper semantics.

The second problem is the sampling approach used by most monitoring tools. Just like you wouldn’t rely on one scan every ten seconds for a self-driving car, it’s not enough for self-driving IT either. Fidelity of the data is essential.

That’s why full stack is core to our approach. When we say full stack, we mean:

  • Seeing every transaction
  • across the vertical stack, i.e. user to app to infrastructure – even within containers and log files
  • across every topology tier regardless of technology stack, end-to-end
  • in context with deep code-level visibility
  • automatically, by deploying a single agent
Dynatrace delivers full stack monitoring with a single agent

Real-time dependency and change detection

Understanding, in real-time, how everything in your environment is connected is fundamental for effectively leveraging AI. Without it, your AI engine can only provide insights based on correlation, which is fraught with problems. More on that in a bit.

Traditional approaches to instrumentation are laborious and require significant time to understand the relationships between components. I recently visited a large financial services company that relied on discovery products and custom scripting to learn their application dependencies. It updated on a weekly basis, and was out of date the moment the mapping process was complete. With the advent of DevOps and CI/CD this is simply too long – you can’t keep up with daily and hourly application and infrastructure changes.

That’s why we took a fundamentally different approach with Dynatrace. Our OneAgent installs at the host level, discovers every process on the host, automatically defines virtual and physical relationships, and detects changes in real-time at the granularity of individual transaction flows. Our AI engine relies on this topology map, called Smartscape, to analyze dependencies in real-time so we can go beyond correlation and get to true causation.

Dynatrace Smartscape maps relationships in real time

Intelligent anomaly and pattern detection

Most monitoring tools rely on baselines and thresholds that are derived from simple averages and standard deviations using sampled metrics. While some might believe this is better than no visibility, this approach results in a high number of false positives and missed issues when applied at scale.

With Dynatrace, we take a more sophisticated, multidimensional approach to automatic baselining. To determine baselines, we consider unique factors like user actions, service methods, geolocation, and browser operating system types. Then we use different algorithms to analyze performance for specific behaviors for every discrete transaction like application and service response time, error rates and load. These smart baselines automatically learn behavior to cope with dynamic changes, and eliminate the error-prone results of generic baselines (e.g. real-time errors need to be analyzed differently than seasonal load).

The net result is a much more accurate and intelligent view of what’s working well and what’s not that doesn’t require manual configuration and adapts to changing patterns.

Dynatrace multidimensional baselining approach

Domain specific AI-powered causation

Without these building blocks, you can’t get to causation. And that’s really the name of the game, isn’t it? When something goes wrong, you want to immediately know the root cause.

Other Cognitive Ops solutions rely on correlation. They ingest data from different sources and look for anomalies that occur around the same time, then assume that the two things are related.

But that leads to all sorts of false conclusions. There are many examples of this, my favorite being the correlation between Nicolas Cage movies and people drowning in pools. If only we could stop Nicolas Cage from making movies, think how many lives could be spared!

Image credit:

Dynatrace, on the other hand, relies on a deterministic AI causation engine. As input we use not only metrics, but also anomalies and violations, actual dependencies, event sequence, natural events like code deploys, and we even incorporate expert knowledge from our own experience.

Our AI algorithms then deliver a weighted graph of all incidents that are part of the same problem and the specific incident that is causing the overall problem. This means we replace hundreds of alerts with a single problem notification pointing to the exact cause.

We even present it back in a problem evolution viewer that you can use to replay the problem to see how it evolved over time, identify which failed services calls or infrastructure health issues led to the failure of other service calls and ultimately led to the problem that affected your customers’ experience.

Realize the benefits of cognitive ops today

Forrester describes four benefits of cognitive ops:

  • Reduce the effort of owners of performance and availability
  • React and resolve problems faster
  • Predict and prevent problems before they affect the customer
  • Give meaning relative to the business impact

Dynatrace can deliver on all of these benefits today thanks to the four key capabilities outlined here. Try it for yourself – I’m confident you’ll agree.