Reporting Data Tables
Analytics reporting data tables are used for report metrics and data relationships.
Unified Analytics
With improved visualizations and customizable options, Unified Analytics can help you see the metrics you need to monitor and improve your IT Operations.
See the Unified Analytics documentation for more information on features and improvements.
BigPanda Reporting will be deprecated following the migration to Unified Analytics.
BigPanda Analytics uses a transformed data table for report metrics and data relationships. This data table may have been adjusted to fit the custom tags of your organization.
Sisense Data Tables Relationships
Table Joins
Tables join using specific table fields
| Local Table | Column | Foreign Table | Column | Relation Type |
|---|---|---|---|---|
| Incidents (Dim) | incident_id | Incident Activities (Fact) | incident_id | One to Many |
| Incidents (Dim) | incident_id | Entities (Alerts Dim) | incident_id | One to Many |
| Incidents (Dim) | incident_id | Incident Metrics (Fact) | incident_id | One to Many |
| Incident Activities (Fact) | user_id | Incident Activities Users (Dim) | creator_user_id | Many to One |
| Entities (Alerts Dim) | entity_id | Entity Tags (Fact) | entity_id | One to Many |
| Entity Tags (Fact) | normalized_host, normalized_check | Mean Time Between Failures (Fact) | normalized_host, normalized_check | One to Many |
The Mean Time Between Failures table provides aggregated metrics on the frequency of alerts at the Host/Check level for ease of reporting in the Mean Time Between Failures widget. For details on TTx metrics (assign, detect, resolve) for individual incidents, refer to the Incident Metrics table instead.
Entities (Alerts Dim)
Each entity is a single aggregated alert in BigPanda. Each entity appears as its own row in the BigPanda timeline view. If incidents are merged, the incident id will be updated to the destination incident id for all merged entities.
| Column Name | Description | Data Type | Notes |
|---|---|---|---|
| entity_id | The unique identifier of the entity | String | |
| incident_id | The unique identifier of the incident to which this entity belongs | String | |
| source system (system code) | The monitor system that sent this alert | String | |
| entity start time (epoch) | The unix time the alert started | Integer | |
| entity last changed time (epoch) | The unix time for the last change made to an alert | Integer | |
| entity end time (epoch) | The unix time for the resolution of the alert | Integer | |
| entity current status | The current status of the entity | String | Ok, Critical, or Warning |
| entity highest severity | The highest status of the entity | String | Can be used to find entities there were critical at any point |
| entity status changes (alerts) | The number of times the entity has changed status | Integer | Limited to ~70 events Changes to the “ok” statuses are not counted |
| entity start date/time (utc) | The date/time that the alert (entity) started | Date/Time | |
| entity start date/time (pst) | The date/time that the alert (entity) started | Date/Time | |
| entity start date/time (mst) | The date/time that the alert (entity) started | Date/Time | |
| entity start date/time (cst) | The date/time that the alert (entity) started | Date/Time | |
| entity start date/time (est) | The date/time that the alert (entity) started | Date/Time | |
| entity start date/time (india) | The date/time that the alert (entity) started | Date/Time | |
| entity end date/time (utc) | The date/time when the alert (entity) resolved | Date/Time | |
| entity end date/time (pst) | The date/time when the alert (entity) resolved | Date/Time | |
| entity end date/time (mst) | The date/time when the alert (entity) resolved | Date/Time | |
| entity end date/time (cst) | The date/time when the alert (entity) resolved | Date/Time | |
| entity end date/time (est) | The date/time when the alert (entity) resolved | Date/Time | |
| entity end date/time (india) | The date/time when the alert (entity) resolved | Date/Time | |
| source system | The monitor system that sent the alert (cleaned) | String | |
| incident_hyperlink | URL with the org's "All incidents" environment and incident ID spliced | String | Can be used used in Tables/Aggregated Tables to provide hyperlinks to the Incident |
Entity Tags (Fact)
All tags of an entity with normalized fields
| Column Name | Description | Data Type | Notes |
|---|---|---|---|
| entity_id | The unique identifier of the entity | String | |
| incident_id | The unique identifier of the incident | String | |
| the tags in BP UI | String value of tag, defined by column name | String | Each tag will have its own value column |
| the tags in BP UI | String value of tag, defined by column name | String | Each tag will have its own value column |
| check | Normalized "check" related fields to a single field for easier reporting breakdowns | String | |
| host | Normalized "host" related fields to a single field for easier reporting breakdowns | String | |
| search_check | URL with BigPanda search ?query="_normalized_check*" | String | Can be used used in Tables/Aggregated Tables to provide hyperlinks to the Universal Search |
| search_host | URL with BigPanda search ?query="_normalized_host*" | String | Can be used used in Tables/Aggregated Tables to provide hyperlinks to the Universal Search |
Incident Activities (Fact)
A single action a user performed in BigPanda.
| Column Name | Description | Data Type | Notes |
|---|---|---|---|
| activity_id | The unique identifier of the activity | String | |
| incident_id | The unique identifier of the incident the action was taken on | String | |
| activity type (system code) | The type of activity | String | format is incident#ACTION |
| activity time (epoch) | The unix time the action was taken | Integer | |
| activity environment | The name of the environment the activity took place in | String | |
| activity comment | The comment that was included with the activity | String | |
| shared activity target (system code) | The name of the system the related incident was shared to | String | |
| flapping_state | Whether or not the related incident is flapping | Boolean | |
| activity type | The type of activity (cleaned) | String | |
| assigned | If assigned, shows incident id | String | |
| shared | If shared, shows incident id | String | |
| snoozed | If snoozed, shows incident id | String | |
| manual resolved | If manually resolved, shows incident id | String | |
| shared time (epoch) | Epoch time of the action in the column name | Integer | |
| assigned time (epoch) | Epoch time of the action in the column name | Integer | |
| snoozed time (epoch) | Epoch time of the action in the column name | Integer | |
| manual resolved time (epoch) | Epoch time of the action in the column name | Integer | |
| commented time (epoch) | Epoch time of the action in the column name | Integer | |
| incident disposition | disposition of the Incident e.g. assigned, manual_resolved | String | |
| incident disposition time (epoch) | epoch time of the action in the column name | Integer | |
| disposition incident id | incident id when dispostion happened | String | |
| incident engagement | how did the user engage with the incident e.g. commented/shared | String | |
| incident engagement time (epoch) | epoch time of the action in the column name | Integer | |
| activity time (UTC) | Activity Time/Date | Date/Time | |
| activity time (PST) | Activity Time/Date | Date/Time | |
| activity time (MST) | Activity Time/Date | Date/Time | |
| activity time (CST) | Activity Time/Date | Date/Time | |
| activity time (EST) | Activity Time/Date | Date/Time | |
| activity time (India) | Activity Time/Date | Date/Time |
Incident Metrics (Fact)
Pre-aggregated metric totals for Time to Assign / Detect / Resolve (TTA, TTD, and TTR)
| Column Name | Description | Data Type | Notes |
|---|---|---|---|
| incident_id | The unique identifier of the incident | String | |
| incident start time (epoch) | The unix time the incident started | Integer | |
| time to assign (mins) | number of minutes to assign the incident | Integer | |
| time to detect (mins) | number of minutes to detect the incident | Integer | |
| incident time to resolve (mins) | number of minutes to resolve the incident | Integer |
Incidents (Dim)
A single BigPanda incident
| Column Name | Definition | Data Type | Notes |
|---|---|---|---|
| incident_id | The unique identifier of the incident | String | |
| incident start time (epoch) | The unix time the incident started | Integer | |
| incident last changed time (epoch) | The unix time for the last status change | Integer | |
| incident end time (epoch) | The unix time for the resolution of the incident | Integer | |
| incident current status | The current status of the incident | String | Ok, Critical, or Warning |
| incident highest severity | the highest status of the incident | String | Can be used to differentiate incidents that were critical at any point |
| incident BP create time (epoch) | The unix time when the incident was created in BigPanda | Integer | (Coming Soon) |
| Incident start date/time (UTC) | The date/time the incident started | Date/Time | |
| Incident start date/time (PST) | The date/time the incident started | Date/Time | |
| Incident start date/time (MST) | The date/time the incident started | Date/Time | |
| Incident start date/time (CST) | The date/time the incident started | Date/Time | |
| Incident start date/time (EST) | The date/time the incident started | Date/Time | |
| Incident start date/time (India) | The date/time the incident started | Date/Time | |
| Incident end date/time (UTC) | The date/time for the resolution of the incident | Date/Time | |
| Incident end date/time (PST) | The date/time for the resolution of the incident | Date/Time | |
| Incident end date/time (MST) | The date/time for the resolution of the incident | Date/Time | |
| Incident end date/time (CST) | The date/time for the resolution of the incident | Date/Time | |
| Incident end date/time (EST) | The date/time for the resolution of the incident | Date/Time | |
| Incident end date/time (India) | The date/time for the resolution of the incident | Date/Time | |
| Incident start day of week (UTC) | Day of week (0-6) to map to weekdays | Integer | |
| Incident start day of week (PST) | Day of week (0-6) to map to weekdays | Integer | |
| Incident start day of week (MST) | Day of week (0-6) to map to weekdays | Integer | |
| Incident start day of week (CST) | Day of week (0-6) to map to weekdays | Integer | |
| Incident start day of week (EST) | Day of week (0-6) to map to weekdays | Integer | |
| Incident start day of week (India) | Day of week (0-6) to map to weekdays | Integer |
Mean Time Between Failures (Fact)
Calculations to assist with querying the Alert Analysis Report. This table represents aggregated results of the data in the Incident Metrics table.
| Column Name | Description | Data Type | Notes |
|---|---|---|---|
| MTBF host | The host (not normalized) | String | |
| MTBF check | The check (not normalized) | String | |
| MTBF Mean Time Between Failures (hrs) | The mean time between failures | Integer | |
| MTBF occurrences | The number of mean time between failures occurrences | Integer | |
| MTBF last seen | The date/time that the mean time between failures last seen | Date/Time |
Users (Dim)
A single BigPanda user
| Column Name | Description | Data Type | Notes |
|---|---|---|---|
| user_id | The unique identifier of the user | String | |
| engineer (Incident Activity) | The in-system name of the user | String | |
| engineer email (Incident Activity) | The email of the user | String |
Next Steps
Learn about the new Unified Analytics platform
View information about BigPanda Reporting
Learn how to set up Live Dashboards
Updated about 1 year ago