AI Analytics Page

The AI Analytics page provides a breakdown of incidents by severity and category, allowing you to focus on incidents of interest, for which they can view details. For any given incident, you can view the severity, client impact, root cause, and recommendations, as well as the events, anomalies, data, or problems that were used to identify the incident.

AI Analytics Page

The AI Analytics page consists of different sections which are described as follows:

The AI Analytics page contains a number of components:

  • Network Filter menu
  • Date and Time filter
  • Network Node Details tile
  • Severity Filter tile
  • Incident Timeline
  • Incident List table
  • Incident Details
  • Network Impact tile
  • Insights
  • Incident Info tile

Network Filter Menu

Click the Network menu to select a network node within the circle packing representation. By default, Network is selected, which displays a circle packing view of all the systems in the network. A network node can be a cluster, domain, zone, AP group, or access point in the network. After selecting a node, click X to close the circle packing representation.

Nodes on the Network

Date and Time Filter

The date and time filter is used to plot the date and time for a specific time period, including such as Today, Last 24 hours, Last 7 days, or Last Month.Use the Custom option to select the dates and times for a specific customized time period.

Custom Mode

Click Apply to save the specified date and time filters and update the AI Analytics page.

Network Node Details

The Network Node Details tile displays the name of the selected node from the Network Filter menu as a header.

For example, the following figure shows the Density network node and its attributes (Type, APs, and Clients).

Density Network Node
The following table lists the various network nodes and their attributes.
Table 1. Network Nodes and Attributes
Node Attributes
Cluster
  • Type: SZ Cluster
  • Firmware
  • Cluster: Cluster Name
  • SZ Type: SZ104, SZ124, viz.-E, viz.-H, SZ300
Domain
  • Type: Domain
  • Zone Count
  • AP Count
  • Client Count
  • Cluster
Zone
  • Type: Zone
  • Firmware: Zone firmware
  • AP Count
  • Client Count
  • Cluster
AP Group
  • Type: AP Group
  • Zone Firmware
  • AP Count
  • Client Count
AP
  • Type Access point
  • AP Firmware
  • AP Name
  • Model
  • MAC Address
  • IP Address
  • Client
Client
  • Type: Client
  • MAC Address
  • Last IP Address
  • OS Type
  • Hostname
  • Username

Severity Filter

The severity filter tallies the total number of incidents on the network node, and lists the number of incidents by severity.
Severity Filter

Incident Timeline

The Incident Timeline is a graphical representation of the number of new clients connecting to the network (the light gray line), the number of clients actively connected to the network (the dark gray line) and the number of clients affected by the network incidents (the blue area in the chart).

Incident Timeline

Pausing the pointer at any instance on the timeline displays an information box that shows the number of new clients, impacted clients, and connected clients. You can modify the information displayed in the information box by selecting the New Clients, Impacted Clients, and Connected Clients check boxes.

Note: On computers running Windows, press Ctrl and rotate the wheel button to zoom in and zoom out of the Incident Timeline.

Incidents List Table

The Incidents List table offers a summary of each incident.
Incidents List Table
Each incident is made up of a number of attributes. Under each attribute is a search field to limit the incident list based on the search criteria. Click the right arrow button to view more information about other incidents that contribute to the selected incident and information about the parent incident to which the selected incident contributes.
Table 2. Attributes of the Incidents List Table

Attribute

Description

Severity

The severity of an incident ranges from P1 to P4; P1 being the highest priority and P4 the lowest. The severity of an incident is determined by the client impact, duration, and other factors. You can see the severity score when you hover the mouse over the number. The severity score of the incident takes into account the scope of the incident, duration of the incident, and the severity of the incident; giving equal consideration to all the mentioned parameters to arrive at the severity score.

Date

The date and time when the incident started.

Duration

The measure of how long the incident lasted.

Description

A short description of the incident. Pausing the pointer over the description displays more information about the incident.

Category

The type of incident, for example: Connection, Performance, and Infrastructure.

Sub-Category

Connection incidents consist of the following categories:

  • Association
  • User Authentication
  • DHCP
  • EAP
  • RADIUS
  • Time to Connect

Performance incidents consist of the following categories:

  • RSSI
  • Memory
  • Coverage

Infrastructure incidents consist of the following categories:

  • VLAN Mismatch
  • Service Availability
  • Network

Client Impact

The percentage of clients impacted by the incident.

Impacted Clients

The number of clients impacted by the incident.

Type

The type of incident that occurred. You can view this by selecting the options from the drop-down menu. Options include SZ Cluster, Domain, Zone, AP Group and Access Point.

Scope

The area of the network in which the incident was detected. Pausing the pointer over the scope displays the entire path of the network node.

Details

Clicking the Details icon displays the Incident details page to find more details about the incident such as impacted areas, root cause, and recommendations.

Incident Details Page

The header of the Incident details page displays the severity level of a selected incident and the description of the incident.

Incident Details Page
You can also fix the thresholds for health parameters using the Set Threshold option to validate the health of your network. Clicking Set Threshold takes you to the Health page where you can set the threshold for a parameter. For instance, if you set the threshold for the Time to Connect (TTC) parameter as 2 seconds, the TTC graph displays the number of connections that are able to connect to the network within 2 seconds. It also displays the average time to connect to the network in general, and the total connections attempting to connect to the network. Every time a new threshold is set, the graph trends simultaneously change as the computing changes. Similarly, thresholds can be set for various parameters to evaluate network health such as ROSSI, AP Capacity, AP Service Uptime, AP-to-SZ Service Latency, and Cluster Latency. The threshold will apply to the incident related to the metric.

The Tell us about this incident! option allows users to provide feedback about how useful the incident information is based on their production environment. In general, an incident is assigned a severity based on various factors but as a user you can also provide feedback as to what severity best fits the incident.

You can mute or unmute an incident via the setting icon in the Incident table or from the Incident page. When an incident is muted, it is hidden in the user interface and notifications via email and webhook are also muted.
Incident Feedback Option

Network Impact Tile

The Network Impact tile consists of various donut charts that represent the areas of the network that were impacted by the incident. Each incident type and subtype has a different set of network impact donut charts, but it is common to see WLANs, Client OS Types, AP Models, Radio Bands, and Reason Codes, which all help to explain some of the common questions: who is impacted, which devices are contributing, what are the reason codes, and more. Every donut chart is divided into donut charts of different colors. If you pause the pointer over any portion of the donut chart, an information box displays the impacted area of the incident and the clients affected by this the incident. Beneath each donut chart is a summary line Two donut charts are shown by default. You can click the right arrow and left arrow to navigate to other donut charts, or click Radio, WLAN, Client Manufacturers, or Reason to access a specific donut chart.

Network Impact Tile
Table 3. Attributes of Network Impact Table
Incident Type Donut Charts Chart Elements
User Authentication
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios.
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Client Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
.
  • Authentication Failure Ratio: A time series chart that shows the failure ratio over time. The chart includes data for 6 hours before and 6 hours after (if available) the incident.
  • Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • Failure counts: A time series chart with three types of raw failure counts: Authentication Failures, Authentication Attempts, and Total Failures, which includes the total of all types of connection failures (authentication, association, EAP, DHCP, and so on) that were observed during this period.
EAP
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios.
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Client Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
  • EAP Failure Ratio: A time series chart that shows the failure ratio over time. The chart includes data for 6 hours before and 6 hours after (if available) the incident.
  • Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • Failure counts: A time series chart with three types of raw failure counts: EAP Failures, EAP Attempts, and Total Failures, which includes the total of all types of connection failures (authentication, association, EAP, DHCP, and so on) that were observed during this period.
Association
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios.
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Client Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
  • Configuration Change: chart with drop-down table displaying configuration changes that are relevant to the specific incident.
  • Association Failure Ratio: A time series chart that shows the failure ratio over time. The chart includes data for 6 hours before and 6 hours after (if available) the incident.
  • Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • Failure counts: A time series chart with three types of raw failure counts: Association Failures, Association Attempts, and Total Failures, which includes the total of all types of connection failures (authentication, association, EAP, DHCP, and so on) that were observed during this period.
DHCP
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios.
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Clients Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
  • Configuration Change: chart with drop-down table displaying configuration changes that are relevant to the specific incident.
  • DHCP Failure Ratio: A time series chart that shows the failure ratio over time. The chart includes data for 6 hours before and 6 hours after (if available) the incident.
  • Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • Failure counts: A time series chart with three types of raw failure counts: DHCP Failures, DHCP Attempts, and Total Failures, which includes the total of all types of connection failures (authentication, association, EAP, DHCP, and so on) that were observed during this period.
RADIUS
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios.
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Client Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
  • Configuration Change: chart with drop-down table displaying configuration changes that are relevant to the specific incident.
  • Radius Failure Ratio: A time series chart that shows the failure ratio over time. The chart includes data for 6 hours before and 6 hours after (if available) the incident.
  • Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • Failure counts: A time series chart with three types of raw failure counts: RADIUS Failures, RADIUS Attempts, and Total Failures, which includes the total of all types of connection failures (authentication, association, EAP, DHCP, and so on.) that were observed during this period.
Time to Connect
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios.
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Client Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
  • Configuration Change: chart with drop-down table displaying configuration changes that are relevant to the specific incident.
  • Time to Connect Failure Ratio: A time series chart that shows the failure ratio over time. The chart includes data for 6 hours before and 6 hours after (if available) the incident.
  • Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • Time to Connect (By stage): A time series chart that displays the time to connect based on various stages of the connection such as authentication, association, EAP, Radius, and DHCP. Pause the pointer over the graph for more information.
RSSI
  • Radio: The distribution of impacted clients who connected to 5 GHz and 2.4 GHz radios
  • WLAN: The different WLANs to which the impacted clients are connected.
  • Client Manufactures: The distribution of device manufacturers.
  • Reason: The breakdown of various failure reasons experienced by the impacted clients.
  • Configuration Change: chart with drop-down table displaying configuration changes that are relevant to the specific incident.
  • RSSI Quality by Clients: Three types of time series data: a line for new clients, a line for connected clients, and an area chart for impacted clients.
  • RSSI Distribution: The RSSI distribution over a period of time.
Network Latency
  • Ping Latency: Average time, in milliseconds, for the controller nodes to transmit and receive the packets. Maximum, average, and minimum latency trends are plotted on the graph.
  • Controller-1: CPU, memory and input-output usage of the controller node over time is displayed.
  • Controller-2: CPU, memory and input-output usage of the other controller node over time is displayed.
Reboot
  • AP Model: distribution of impacted AP models.
  • AP Firmware: distribution of impacted AP versions.
  • Reason by AP: distribution of reasons for failure that caused the AP reboot.
  • Reason by Event: distribution of reasons for failure that caused the AP reboot and triggered related events.
  • Reboot by System: a time series chart that displays the number reboot events.
  • Connected Clients: a time series chart that displays the number of clients connected at that point in time.
  • Rebooted APs: a time series chart that displays the number of APs that were rebooted at a point in time.
SmartZone CPU overload insight
  • SZ Applications: distribution of CPU usage by individual SmartZone applications.
  • SZ Applications Group: distribution of CPU usage by individual SmartZone application groups.
  • Normalized CPU Usage: a time series chart that displays the CPU usage in percentage.
  • Memory and I/O Usage: a time series chart that displays the memory and I/O usage in percentage. You can select the check-box to displays only one or both of the usage metrics.
  • CPU Usage by Application Groups: a time series chart that displays the CPU usage in percentage, for the various SmartZone application groups. You can select the check-box to displays only one or more of the usage metrics.
High AP-controller connection failures
  • AP Model: displays the percentage of failure that impacted various AP models
  • AP Firmware: displays the number of failures that impacted various AP firmware versions
  • Event Type: displays the percentage of failures that were caused by various events
  • Reason: lists the reasons that caused the incident
  • AP-Controller Disconnections: a time series chart that displays the number of disconnections between the AP and controller over time.
  • Event Count: a time series chart that displays the total event count for the following events: Heartbeat Lost, Connection Lost, Reboot By System, and Reboot By User. When an event is generated for the above mentioned conditions, it is plotted in this graph. You can select the check-box to displays only one or more of the events.
Channel Distribution
  • AP Distribution by Channel: heatmap that displays the AP count over time, across channels.
  • Rogue Distribution by Channel: a time series chart that displays the number of rogue APs across channels.
VLAN Mismatch
  • Impacted Switch: displays the number of switches impacted by VLAN mismatch
  • Impacted VLANs: displays the number of VLANs that are missing

Incident identifies incorrect VLAN configurations between switches and wired devices due to which data transmission could be impaired.

  • Configuration Change: chart with drop-down table displaying configuration changes that are relevant to the specific incident.
  • The Impacted Switches table displays detailed information about the switch name, MAC address, mismatched VLANs, mismatched ports, and mismatched device information where the VLAN mismatch occurred.

    Mismatched VLAN numbers are highlighted red.

Memory Utilization Incident identifies memory leaks within the switch. The time series chart displays high memory utilization by a switch against the threshold set. Pause the pointer over the graph to determine the switch memory used against the threshold set, at a time.

The Detected Time identifies when the memory leak happened and based on the threshold set, a Projected Time is calculated and plotted on the graph. Projected time is predicted; it is the time by when the switch will run out of available memory. Contact RUCKUS Support for assistance.

You can select the check-box to displays only Memory Used or Threshold graphs.
PoE Power
  • Impacted Switch: displays the number of switches impacted by the denial of PoE power
  • Impacted PoE port: displays the number of PoE ports that are impacted by the denial of PoE power.
The Impacted Switches table displays detailed information about the switch (name, MAC address, port) for which PoE power was denied.
AP PoE Underpowered
  • AP Model: displays the percentage of failure due to insufficient PoE power that impacted an AP model
  • AP Firmware: displays the percentage of failure due to insufficient PoE power that impacted an AP firmware version
  • AP POE impact: displays the number of APs impacted at a time, due to insufficient power available on the PoE port
  • Impacted AP: displays the list of APs impacted by failure due to insufficient PoE power within the network
AP Ethernet Auto-negotiation
  • AP Model: displays the percentage of failure due to Ethernet WAN link mismatch that impacted an AP model
  • AP Firmware: displays the percentage of failure due to Ethernet WAN link mismatch that impacted an AP firmware version
  • APs WAN Throughput Impact: displays the number of APs impacted at a time, due to Ethernet WAN link mismatch
  • Impacted AP: displays the list of APs impacted by failure due to Ethernet WAN link mismatch within the network
SZ Cluster Time Incidents: a time series chart that shows when the controller cluster sends data with an incorrect timestamp.

Insights Tile

The Insight tile of the Incident Details page provides a summary of the root cause and recommended action for the incident. The root cause varies based on the incident type, impacted area, data events, and reason codes.

Insights Tile

Incident Info Tile

The Incident Info tile lets you know the client impact count, the category and sub-category of the incident, the type, scope, duration, and date and time of the incident.. To explore more about the impacted clients, click Client Impact Count.

Incident Info Tile

Click view details for more information about the impacted clients. The Impacted Clients page displays the user name, host name, client MAC address, SSID, and manufacturer of the client. To troubleshoot the client, click the Client Troubleshooting icon () to generate the client details report, click the Client Details icon () on the Impacted Clients page. You can search for impacted clients by the client MAC address and manufacturer.

Clients page