Automatic Incident Tag Enrichment
Automatic Enrichment allows you to define conditions to automatically calculate incident tag values.
Incident tags are key-value pairs that allow you to quickly see summary information for a particular incident rather than needing to review all of the related alerts. These tags add data sets to your incidents by adding contextual information, details, or other enrichment. To learn more about how Incident Tags work in BigPanda, please see the Incident Tags Documentation.
Incident Tags Automatic Enrichment uses formula calculations to add incident tag values to new and updated incidents. Each time an incident is updated, or a new incident is created, BigPanda will run the formula to automatically add relevant incident tags to the incident.
Relevant Permissions
Roles with the following permissions can access the Incident Enrichment Settings Page:
Role Name | Description |
---|---|
Incident Enrichment | View, create, and edit Incident Tags in BigPanda Settings. |
Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the Roles Management guide.
Configure Automatic Enrichment
Automatic Enrichment is created, configured, and managed on individual tags in the Incident Tags list. To learn more about configuring incident tags, please see the Manage Incident Enrichment documentation
To configure automatic enrichment:
- Navigate to Settings > Incident Enrichment
- From the list of incident tags, select the tag you'd like to automate, or select New Tag to create a new tag
- In the right pane, the tag details will include a list of any previously configured automatic enrichment
- Select the Pencil edit icon, or Edit Incident Tag to open the tag editor
- In the Automatic Enrichment section you will be able to edit any previously created Automatic Enrichments.
- To add a new Automatic Enrichment, select New Item
In the Automatic Enrichment field, you’ll have the option to set a Condition and Value.
Conditions are set using BigPanda Query language to establish specific triggers for the enrichment.
Conditions use the BigPanda Query Language (BPQL) filter to calculate which incidents the formula should apply to based on alert and incident data. The system will not run the value formula for any incidents that do not meet the specified criteria.
When using the operators
IN
andNOT IN
within the Condition field, quotation marks must be placed around the values.
Strict matching syntax cannot be used with incident tags.
Leave the Condition field blank to apply the Value formula to every new incident.
Enrichment rules run in order and stop when a value is applied. If the condition field is blank for an enrichment item, the system will apply that value and not run any following enrichment items.
To learn about using BPQL to filter incidents, see the BigPanda Query Language (BPQL) documentation.
The Value field determines what tag values will be applied to the triggering incident.
Automatic Enrichment Calculation Limit
You can add up to 25 automatic enrichment calculations to each incident tag. The system will search for the first automatic enrichment that meets the conditions and add that value to the incident.
Multi-value tags have the option to instead search for Any enrichment items that meet the condition and apply them in an array to the incident. Use the First/Any toggle at the top of Automatic Enrichment to change this setting.
Automatic Enrichment can be configured to apply a simple default value or to use a formula to add more complex tag data.
Default Values
Default Values apply a specific value or array to each new or updated incident. All incidents that meet the Condition formula will have this value added.
Default Values apply a specific value to each new or updated incident. All incidents that meet the Condition formula will have this exact value added to them.
For tags with the list type, tag values must match one or more of the items within the closed list.
Default values are configured differently for Priority, Text, and Multi-Value tags.
Priority
Priority tags use the level’s Order ID for automatic enrichment. Enter the Order ID of the desired Priority tag in the Value field.
For example, if you want every new incident that meets the Condition to get a default value of P1, mark 1000 in the Value field.
Free Text and Single-Value List
Text tags and Single-Value List tags are able to add any text string as the tag value. Enter the text string surrounded by quotation marks. Each string can support up to 400 characters.
For example, if you want every new incident that meets the Condition to get a default value of billing, enter “billing” in the Value field.
Multi-Value Text and List
Multi-value text and list tags add an array of values as the tag value. Enter the desired array, wrapped in brackets. Each text string of the array should be surrounded by quotation marks.
For example, if you want every new incident that meets the Condition to get a default value of both "billing" and "payment", enter [“billing”, “payment”] in the Value field.
If you have multiple Automatic Enrichments, select a method for the multi-value items to be calculated:
- First(default): The system will calculate each automatic enrichment in order until the incident meets a condition. The system will then add that value and will not continue to calculate the other enrichment calculations.
- Any: The system will calculate all automatic enrichments and add the values of all conditions met by the incident.
Enrichment Formulas
Formula enrichment uses a calculation to add incident specific information as the tag value. Formula calculations to add detail and context to new and updated incidents based on the functions and attributes of each qualifying incident and then apply the correct tag values based on that calculation.
BigPanda formulas are able to pull alert and incident metadata, and perform multi-factor functions in addition to standard mathematical operators.
BigPanda Values formulas use the updated BigPanda Formula Language for greater precision and detail in configuring your automatic enrichment. The BigPanda Formula Language allows you to use incident and alert data, functions such as Unique or Count, and logical operators to populate values from complex data. For more information on the BigPanda Formula Language, please see the BigPanda Formula Language (BPFL) documentation.
When composing enrichment formulas, ensure that your formula results will fit the necessary syntax of the Incident Tag Type:
- Priority: Configure your formula results so that the syntax returns an Order ID
- Free Text: The formula can be configured to return any text value
- Multi-value: The formula can be configured to return an array of values
The BigPanda Formula editor will match your formula to the tag type, even if the formula results are not formatted to return that specific data type. If you choose a Free Text type and enter a formula that results in an array, the array will be shown in the tag field as a text value.
Manage Automatic Enrichment Tags
Automatic Enrichment calculations can be edited or deleted from an Incident Tag at any time. However, incident tag values that have already been calculated according to this automatic enrichment will not be edited or deleted from existing incidents. If the incident is updated after the tag calculation has been changed, the new calculation will run and update the values.
To edit an Automatic Enrichment item:
- Navigate to the Incident Tag you’d like to edit on the Incident Tags page.
- Select the Pencil icon or the Edit Incident Tag button.
- Make changes as needed.
- Select Update Tag.
To delete an Automatic Enrichment item:
- Navigate to the Incident Tag you’d like to edit on the Incident Tags page.
- Select the Pencil icon or Edit Incident Tag button.
- Select the Trash icon next to the item you wish to delete.
- Select Delete to confirm.
- Select Update Tag.
Manual Editing
Even if automatic enrichment is configured, you can manually edit an incident tag once it has been added or assigned to an Incident.
If you have modified an incident tag value to a different value, the formula no longer calculates the automatic enrichment values. However, if you deleted the value, the formula calculates it again when an incident is created or updated.
For example, if you manually deleted the value “billing” from the tag named "affected services," when the incident is updated, the formula recalculates and returns “billing.” If you manually changed the value “billing” to “payment,” the value will not be recalculated.
Next Steps
Take the Incident Tags and Automatic Incident Triage
Learn more about Manage Incident Enrichment
Dig into Incidents in BigPanda
Learn more about Navigating the Settings Menu
Updated 6 months ago