Deduplication
BigPanda’s built-in deduplication process reduces noise by intelligently parsing incoming raw events. Also known as event deduping and event marshalling, this process eliminates redundant data to reduce noise and simplify incident investigation.
Exact duplicate matches add clutter to the system and are not actionable. If BigPanda receives two or more event payloads where the entire payload exactly matches, the event will be deduplicated and not shown in the UI. However, updates to existing alerts are merged rather than creating a brand new alert.
Events that have passed through the BigPanda deduplication process are considered deduped events.
The following three scenarios can occur if BigPanda receives two or more events with similar payloads.
| Scenario | Action |
|---|---|
| The event payload (including the application key, timestamp, and primary and secondary properties) exactly matches an event that was already received. | The event is dropped. |
The timestamp (or any other value in the event payload) has changed, but the status (ok/warning/critical) has not changed. | The event is merged with the previous event, updating the tag values from the new event. |
| The event payload status has changed from the previous event. | The event is added. |
Updated about 1 month ago