Alert correlation is a process of grouping related alerts into a single, high-level incident. BigPanda uses pattern recognition to automatically process the data generated by your monitoring systems and to dynamically cluster alerts into meaningful, actionable incidents. BigPanda provides default correlation patterns as well as the option to tailor patterns to your organization.
BigPanda ingests the raw event data from monitoring systems such as Nagios, CloudWatch, and systems integrated via the Alerts API. The data is normalized into standard tags and enriched with configuration information, operational categories and other custom tags. Then, the BigPanda alert correlation engine merges the events into alerts and clusters the alerts into high-level, actionable incidents by evaluating the properties against patterns in:
- Topology - The host, host group, service, application, cloud, or other infrastructure element that emits the alerts. Alerts are more likely to be related when they come from the same area in your infrastructure.
- Time - The rate at which related alerts occur. Alerts occurring around the same time are more likely to be related than alerts occurring far apart.
- Context - The type of alerts. Some alert types imply a relationship between them, while others don’t.
As new alerts are received, BigPanda evaluates all matching patterns, and determines whether to update an existing incident or create a new incident. With this powerful algorithm, BigPanda can effectively and accurately correlate alerts to dramatically reduce your monitoring noise by as much as 90 – 99% in some environments. Correlations occur in under 100ms so you see updates in real time for maximum visibility into critical problems.
You can customize correlation patterns to tailor alert correlation to the specifics of your infrastructure. Learn more about customizing alert correlation in the Managing Correlation Patterns documentation.
Understanding how BigPanda determines which events are correlated into an alert and which alerts are grouped together into incidents can help you configure and use BigPanda more effectively. Particularly if you are using the Alerts Rest API to develop a custom integration or the correlation editor to modify a correlation pattern. Learn more about the way BigPanda correlates alerts together in the Alert Correlation Logic documentation.
Updated 5 months ago