Which of the following is the best use case for configuring a Multi-KPI Alert?

Which of the following is the best use case for configuring a Multi-KPI Alert?
A . Comparing content between two notable events.
B . Using machine learning to evaluate when data falls outside of an expected pattern.
C . Comparing anomaly detection between two KPIs.
D . Raising an alert when one or more KPIs indicate an outage is occurring.

View Answer

Answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/MKA

A multi-KPI alert is a type of correlation search that is based on defined trigger conditions for two or more KPIs. When trigger conditions occur simultaneously for each KPI, the search generates a notable event .

For example, you might create a multi-KPI alert based on two common KPIs: CPU load percent and web requests. A sudden simultaneous spike in both CPU load percent and web request KPIs might indicate a DDOS (Distributed Denial of Service) attack. Multi-KPI alerts can bring such trending behaviors to your attention early, so that you can take action to minimize any impact on performance. Multi-KPI alerts are useful for correlating the status of multiple KPIs across multiple services. They help you identify causal relationships, investigate root cause, and provide insights into behaviors across your infrastructure. The best use case for configuring a multi-KPI alert is to raise an alert when one or more KPIs indicate an outage is occurring, such as when the service health score drops below a certain threshold or when multiple KPIs have critical severity levels.

Reference: Create multi-KPI alerts in ITSI