Vivit Blog
Blog Home All Blogs

The DNA of APM – Event to Incident Flow

Posted By Larry Dragich, Director EAS, Auto Club Group / AAA Michigan, Thursday, July 12, 2012

This article is the corollary to "The Anatomy of APM” which outlines four foundational elements of a successful APM strategy: Top Down Monitoring, Bottom Up Monitoring, Reporting, and Incident Management. Here I provide a deeper context on how the event-to-incident flow is structured.

It is the correlation of events and the amalgamation of metrics that bring value to the business by way of dashboards and trending reports, and it’s in the way the business interprets the accuracy of those metrics that determines the success of the implementation. If an event occurs and no one sees it, believes it, or takes action on it, APM’s value can be severely diminished and you run the risk of owning "shelfware.”

Overall, as events are detected and consumed by the system, it is the automation that is the lifeblood of an APM solution, ensuring the pulse of the incident flow is a steady one. The goal is to show a conceptual view of how events flow through the environment and eventually become incidents. At a high level, the Trouble Ticket Interface (TTI) will correlate the events into alerts, and alerts into incidents which then become tickets, enabling the Operations team to begin working toward resolution.

The event flow moves from the outside in, and then from the center to the right. Here is how it’s managed:

• The outside blue circles represent the monitoring toolsets that collect information directly from the Infrastructure and the critical applications.

• The inner green (teal) circles represent the toolsets the Enterprise Systems Management (ESM) team manages, and is where most of the critical application thresholds are set.

• The dark brown circles are logical connection points depicting how the events are collected as they flow through the system – Once the events hit this connection point they go to 3 output queues.

• The Red circles on the right are the Incident Output queues for each event after it has been tracked and correlated.

The transformation between event-to-incident is the critical junction where APM and ITIL come together to provide tangible value back to the business. So if you only take one thing away from this picture, it would be the importance of managing the strategic intent of the output queues, because this is the key for managing action, going red to green, and trending.


I’m suggesting that it is not necessarily the number of features or technical stamina of each monitoring tool to process large volumes of data that will make an APM implementation successful; it’s the choices you make in how you put them together to manage the event-to-incident flow that determines your success. Timeliness and accuracy in this area will help you gain credibility and confidence with each of your constituents and business partners you support.

Related Links:

For a high-level view of a much broader technology space, refer to slide show on which describes "The Anatomy of APM- Webcast” in more context.

APM and MoM – Symbiotic Solution Sets

The Anatomy of APM

Prioritizing Gartner's APM Model

You can contact me on LinkedIn.

Tags:  APM  Application Performance Management 

Share |
PermalinkComments (2)

End User APM Experience Blog

Posted By Larry Dragich, Director EAS, Auto Club Group / AAA Michigan., Wednesday, May 30, 2012
APM and MoM–

Symbiotic Solution Sets

Maximum productivity can be achieved more efficiently through event correlation, system automation and predictive analysis. Making that a reality however, requires consideration on how to manage the integration touch points from multiple toolsets and openness to the intrinsic value that this integration can provide.

A focus on integration techniques, and not necessarily the monitoring technologies themselves, may be a better use of time to achieve a state of harmony within the event to incident flow. When rolling out an Application Performance Management (APM) solution, selection of your Manager of Managers (MoM) and how it will support the overall solution is critical.

The assumption underpinning MoM is that the time to market and technical accuracy can be achieved more readily by allowing the Subject Matter Experts (SME’s) to select their own tools sets and not worry so much about controlling every monitoring tool on the periphery. This encourages timely configuration and ownership of the SME’s individual systems making fine tuning the alerting levels into MoM much easier.

Provisioning tools are typically most effective with monitoring and low level alerting in their specific domain as long as you control the integration touch points into MoM. Three options for integration are:

  • Bridge Connector (sometimes called a vendor bridge)

  • Agent Protocols (agents communication from server to MoM)

  • SNMP Traps / Gets (network node communications)

As you begin, start by identifying the dual purpose toolsets (i.e. provisioning and monitoring), that are in the organization and incorporate them as part of the APM solution. Standardize and work on building a repeatable process to get the alerts into MoM. This will include a number of steps from configuring templates and policies, to managing event flows, to standardizing on trap definitions, (e.g. loading MIBS, defining OIDS, etc.).

Once you allow for diverse toolsets for low level monitoring and begin receiving actionable alerts into a central collection point, you can then focus on event correlation and get further along in providing metrics back to the business. This will help you gain credibility and confidence and will build trust with each business unit that you partner with.


The role of MoM is to collect, assimilate, and correlate all of the events in the Infrastructure, and automate the incident flow. Tying MoM in with Availability Management, Event Management, and Incident Management provides a critical junction where APM and ITIL come together to provide tangible value back to the business.

For a high-level view of a much broader technology space refer to slide show on which describes the "The Anatomy of APM - webcast” in more context.

If you have questions on the approach and what you should focus on first with APM, see "Prioritizing Gartner’s APM Model” in APM Digest, for insight on some best practices from the field.

You can contact me on LinkedIn.

Tags:  APM  Applications Performance Management  MoM 

Share |
PermalinkComments (0)

Contact Us

Vivit Worldwide
P.O. Box 18510
Boulder, CO 80308



Vivit's mission is to serve
the Micro Focus User
Community through
Advocacy, Community,
and Education.