Instana: Why are there different Event Types?

As Orb Data helps their customers plan migrations from ITM6 to Instana one of the first questions is on events and the comparative terminology. This blog will try and compare the two technologies.


For ITM6, monitoring is defined using a “Situation”. The situation definition includes a condition that is periodically evaluated against attributes (metrics) collected by a specific ITM Agent type. The condition is evaluated on “Managed Systems” (agent instances) identified within the Situation. Each ITM6 Agent type ships with multiple default Situations to identify common issues for the specific monitored resource.

If the condition defined within a Situation evaluates to “TRUE” on a specific Managed System, then a “Situation Event” is generated and exposed via the “Situation Event Console”. Optionally, the Situation may be configured to forward event data to an external event management system via EIF (Event Integration Facility), for example to Netcool/OMNIbus. Situation Events, and their associated EIF Events, can be assigned a severity of Fatal, Critical, Minor, Warning, Harmless, Informational, Unknown.

The below diagram is a basic representation of the flow.

ITM6 Situation Event Logic


Instana has a more granular event structure, defining three event types:

  • Change: An event that indicates an environment change, for example, a configuration change, server start/stop or deployment.
  • Issue: An event that indicates an unhealthy state for a service, application or infrastructure component, for example an incorrect number of Kubernetes replica sets, a rapid drop of calls to a service or a high system load.
  • Incident: An incident indicates the breach of a KPI on an edge service or a critical infrastructure issue. An Incident indicates that user experience or service is, or will very shortly, be degraded. Related issues and changes are correlated to the incident to provide context and aid root cause analysis.

Instana Incident

“Built-in” and “Custom” event definitions are available from the Dashboard option Settings >> Events. Evaluation of the Event condition can be restricted based on a defined “Application Perspective” or  using a “Dynamic Focus Query”. If the Event condition evaluates to “TRUE”, an Issue, and optionally an Incident, is generated. Instana only has two available severities for Issues/Incidents, Critical and Warning.

An “Alert” can be defined to forward incidents, issues or changes via an “Alert Channel” to an external application, for example to IBM Watson AIOps, Email addresses or a chat application. An Alert Channel defines the specific details for the target application. An Alert selects a subset of the events to forward to one or more Alert Channel.

Instana Alert Definition

The below diagram demonstrates the relationship between the logical components and instances.

Instana Event to Alert


This is a slight simplification, but the table below provides a rough comparison of the Instana and ITM6 terminology around “events”.

Instana ITM6 Terminology

For more background on the IBM purchase of Instana see the blog IBM have acquired Instana: How significant is the purchase?


Visits: 587

Comments are closed.