HackaSCOM winner: Predicted thresholds MP using Machine Learning 

Nathan Foreman

HackaSCOM again delivered some impressive results – new management packs (MP) for the community created in just 24 hours. Nathan Foreman and Anders Ӧberg went head-to-head, each creating a different MP, to wow the judges and solve a community need. 

Nathan Foreman was declared the triumphant winner for the second year running. This time, Nathan created a management pack that uses machine learning to predict when a threshold will be hit, based on past data from manually set thresholds. 

Let’s dive in to see more details.  

How the management pack was built 

Nathan started the presentation with an impressive (and slightly intimidating) screenshot defining singular spectrum analysis (SSA) – the method used by machine learning within the MP. He used ML.NET and C# to build the management pack. But you fortunately don’t need to understand how the ML works to understand the power of the MP. Although the background is complex, the use is very simple.  

This MP would be great for predicting when you’re about to run out of a resource, like CPU, so you can take action before you find yourself with problems.  

So, we moved on to the executable in SCOM and the UI that lets you see the background working.

Using the wizard

First, you need to select your SCOM Object Class, then the SCOM Performance Rules, then the Entity or Instance. You’d only need to select the instance once then SCOM will run it.

Then, you’ll be served with historical readings on the left – it’ll take up to 10,000 rows from your data warehouse. This example shows readings from the 28th-30th of November.

On the right, the SSA forecasting then provides predictions for the 30th of November to the 4th of December using the historical information.

The configurations on the right in the wizard are used, along with data from the data warehouse, to train the forecasting model. This allows you to see, with a 95% confidence rate, the predicted value with its upper and lower bounds.

If you are observing a disk with slow or minimal fluctuations, you will get tight predictions. However, if your disk has huge fluctuations in a short period, you will see that the predicted upper and lower bounds will be much larger because of the unpredictable nature of the fluctuations.

In the future

Future developments for the MP could be to add importance to the warnings. For example, if a metric isn’t volatile, the warning would become of high importance as it’s more accurate. Plus, as the engine is ML.NET, a Microsoft engine, prediction could be built into SCOM itself in the future.

Get the MP

The code is now available on GitHub so you can download it and play with yourself to use in your SCOM environment.