.. _admin_guide_disuption_queue: Disruption Queue ================ .. admonition:: About the disruption queue concept in TrackMe - The disruption queue is a feature available for **all components** and all types of entities, this feature was made available in TrackMe 2.1.18. - This feature allows you to define a period of time in seconds that must be spent before an entity anomaly is considered. - The **minimal disruption period** is therefore a period of **continuous time** of disruption before we allow an entity to transition to an **alerting state**. (red) - During this intermediate state, the entity transitions to a **blue state**. - Once the **disruption period is over**, and if the anomaly persisted, the entity transitions to a **red state**. - The disruption queue can be leveraged to avoid or reduce the risk of **false positives**, with short life-time anomalies. Setting up the disruption queue at the level of the Virtual Tenant (entities discovery) --------------------------------------------------------------------------------------- The disruption queue can be configured at the level of the Virtual Tenant, this will apply to all entities discovered in this Virtual Tenant. .. hint:: **About setting up the disruption queue at the level of the Virtual Tenant:** - If defined at the level of the Virtual Tenant, this disruption queue will be defined for all existing entities and entities to be discovered. - A given entity can still be updated to have a different disruption queue configuration, this will override the Virtual Tenant configuration. .. image:: img_v2/admin_guide_disuption_queue/disruption_queue_virtual_tenant_configuration01.png :alt: disruption_queue_virtual_tenant_configuration01.png :align: center :width: 1200px :class: with-border .. image:: img_v2/admin_guide_disuption_queue/disruption_queue_virtual_tenant_configuration02.png :alt: disruption_queue_virtual_tenant_configuration02.png :align: center :width: 1200px :class: with-border Setting up the disruption queue on a per entity basis ----------------------------------------------------- The disruption queue can be configured on a per entity basis through the TrackMe UI and the entity configuration page. .. hint:: **Entity level has precedence over Virtual Tenant level:** - If defined at the level of the entity, this disuption queue will override the Virtual Tenant configuration. - If no configuration is defined at the level of the entity, the Virtual Tenant configuration will be used. (if configured) .. image:: img_v2/admin_guide_disuption_queue/disruption_queue_entity_configuration01.png :alt: disruption_queue_entity_configuration01.png :align: center :width: 1200px :class: with-border Flex Object specific: setting up the disruption queue at the level of the Flex Object tracker --------------------------------------------------------------------------------------------- Especially for the Flex Object component (splk-flx), you can define a default disruption queue for entities associated with this tracker: .. image:: img_v2/admin_guide_disuption_queue/disruption_queue_flex_object_tracker_configuration01.png :alt: disruption_queue_flex_object_tracker_configuration01.png :align: center :width: 1200px :class: with-border How does the disruption queue work? ----------------------------------- This is quite simple, the disruption queue is counter which starts when an entity is meant to be in alerting state (red): .. image:: img_v2/admin_guide_disuption_queue/disruption_queue_how_it_works01.png :alt: disruption_queue_how_it_works01.png :align: center :width: 1200px :class: with-border The entity has transitioned to a blue state: .. image:: img_v2/admin_guide_disuption_queue/disruption_queue_how_it_works02.png :alt: disruption_queue_how_it_works02.png :align: center :width: 1200px :class: with-border Once this counter reaches the minimal disruption period, the entity will transition to red if the anomaly persists: .. image:: img_v2/admin_guide_disuption_queue/disruption_queue_how_it_works03.png :alt: disruption_queue_how_it_works03.png :align: center :width: 1200px :class: with-border .. image:: img_v2/admin_guide_disuption_queue/disruption_queue_how_it_works04.png :alt: disruption_queue_how_it_works04.png :align: center :width: 1200px :class: with-border