The primary and secondary properties are key fields used for normalization, deduplication and correlation of events in BigPanda.
To eliminate redundant data and reduce noise, BigPanda creates an incident identifier for each incoming event. By default, this identifier is created using the primary and secondary properties. These two properties are important through the whole BigPanda pipeline.
- Primary and Secondary properties are key data fields that drive correlation, event normalization, and deduplication. See the Open Integration Manager documentation for more information.
- During correlation, BigPanda uses both properties to identify which events are part of the same alert.
- In the UI, when there is no correlation pattern for the incident, BigPanda uses the primary property to construct the title and the secondary property to construct the subtitle of an incident.
- As an incident progresses, the primary and secondary properties are key to ensuring that an incident’s severity, scope, and status are updated to match the ongoing outage.
"primary_property"="tag_name" is not specified, the primary property will be defined as one of the following:
device. Some integrations may allow you to customize which field a tool uses as the primary property. See the integration-specific instructions for details on primary property field defaults and customization.
BigPanda cannot receive events without a primary property. The secondary property is optional. If the event does not contain a value for the secondary property, BigPanda uses only the primary property to process the event.
primary_property is a reserved system word within BigPanda and cannot be changed or redefined for use in custom enrichment. When sending primary_property fields to BigPanda ensure that primary_property is lowercase only. See Tag Naming for more information.
Updated 3 months ago