Tag Naming
Tags are used for enrichment, normalization, and deduplication. Learn standard tag names and requirements for tag naming in BigPanda.
BigPanda normalizes alert data from integrated monitoring systems into standard key-value pairs, called tags. Tags are used for enrichment, normalization, and deduplication. The tag name is the first half of the key-value pair that will show up on incidents.
The name should be short, specific, and meaningful to everyone in your organization. We recommend using BigPanda standard tags when possible and consistent formatting across your organization to make tag management easier.
Tag Naming Requirements
Each tag name must be unique and meet these requirements:
- Start with a letter (a - z).
- Contain only letters (a-z), numbers (0 - 9), underscores (_), and hyphens (-). They cannot contain spaces or other special characters.
- Alert tag names can only contain lowercase letters (a-z).
- Alert tag names can contain up to 64 characters.
- Incident tag names can contain up to 20 characters.
- Priority tag level names can contain up to 10 characters.
When creating alert tags, if you attempt to create a tag with a name that does not meet the requirements above, a message appears that says Tag name is not valid.
Tags with names that don’t fit the approved formatting will have limited functionality and will be unable to be searched or added as a condition via BigPanda's Query Language. Spaces, periods, and special characters (with the exception of underscores) are not supported when querying tag names.
Standard Tags
To improve data normalization and consistency, we recommend specific tag names for common monitoring elements. Using standard tag names ensures that your data will perform consistently with our system and that you can leverage the full automation capabilities of BigPanda.
When setting up an integration using the Open Integration Manager, BigPanda automatically generates tag name suggestions based on our deep knowledge of successful Incident Intelligence. See the Tag Normalization Suggestions documentation for more information.
Standard tag use is strongly recommended, but is not required.
Standard Tag Name | Tag Description | Common Source Tag Names |
---|---|---|
host | Name of the target system that generated the alert. This tag is the default primary property for many integrations | hostname, instance, device, machine, server, hosts |
cmdb_ci | Field used by the outbound ITSM tool to create a ticket. This may be a host, application, service, ephemeral entity, etc. | impacted_ci, configuration_item, ci_name |
check | Name or title of the alert. This tag is the default secondary property for many integrations. | alert, sdesc, short_desc, title |
description | Full text or description of the alert | summary, ldesc, long_desc, problem |
application | The impacted application. | app, app_name, impacted_app |
service | Impacted service. | impact_service, srvc |
assignment_group | Assignee group in the outbound tool. | support_group, routing_group, escalation_group, workgroup |
business_group | The line of business impacted by the alert. | business_unit, logical_group, lob |
priority | Importance or severity of the alert. | severity, inc_priority |
impact | Impact of the alert on the host or service. | inc_impact |
urgency | Level of urgency for alert resolution. | inc_urgency |
environment | The instance or dev environment that triggered the alert. For example, prod, dev, etc. Key field for topology mapping. | env, tier, stage |
network_device | Networking device associated with the alert. Key field for topology mapping. | router, routers, switch, switches, hub, repeater, bridge, gateway |
cluster | Multi-server connection associated with the alert. Key field for topology and correlation. | rack, tower |
location | Physical location where the alert triggered. | physical_location, device_location |
runbook_url | Link or location of related runbook | runbook_link, knowledge_base, ki_article, support_link, kb_article, wiki_url |
Tag Naming Limitations
Some words are already used for tagging and backend functions in BigPanda. These words may have limited functionality within BigPanda when used as tag names.
When creating new alert or incident tags, we recommend users use an alternate name (i.e. "short_description") for the tag to bring that data into the BigPanda system.
Some tag names have special character limits or restrictions on the length or type of values that can be sent with that tag.
- Most alert tag values: an alphanumeric combo, up to 512 characters.
description
tag values: an alphanumeric combo, up to 2048 characters.- Most incident tag values: an alphanumeric combo, up to 400 characters.
priority
tag values: need to be configured to calculate to a numerical value. See the Priority Tag documentation for more details.
Functionality Limitations
Some tag names are tied to backend processes in a way that means they have limited functionality within parts of BigPanda, including correlation patterns, BPQL conditions, searches, and BPFL tag value templates. Tags with these names still function as normal tags, but may have limited downstream capabilities.
Word | Can be used in BPQL Condition Filters | Can be used in Correlation Patterns | Can be searched with Unified Search | Can be used in BPFL tag value templates |
---|---|---|---|---|
description | Yes | No | No | No |
incident_identifier | No | No | No | Yes |
primary_property | No | No | No | Yes |
secondary_property | No | No | No | Yes |
severity | Yes | Yes | No | Yes |
source_system | No | Yes | Yes | Yes |
status | Yes | No | Yes | Yes |
timestamp | No | No | No | Yes |
alerts | No | Yes | Yes | Yes |
assignee | Yes | Yes | No | Yes |
assigner | Yes | Yes | No | Yes |
namespace | No | No | No | No |
Alert Tag Name Limitations
Some words are reserved and cannot be used as alert tag names in BigPanda. Tags with these names may be able to be saved, but will not enrich alerts.
Reserved words during OIM configuration:
- incident_identifier
- primary_property
- secondary_property
Reserved words during Alert Enrichment tag configuration
- description
- namespace
- severity
Incident Tag Name Limitations
Some words are tied to incident metadata and behavior and cannot be used as incident tag names in BigPanda. Tags with these names may be able to be saved, but will not apply to incidents.
- alerts
- assignee
- assigner
- active
- attachments
- changed_at
- comments
- correlation_matchers_log
- end
- environments
- flapping
- folders
- id
- incident_tags
- is_flapping
- is_in_maintenance
- is_snoozed
- maintenance
- namespace
- number_of_alerts
- severity
- source_system
- status
- shared
- snooze
- start
- updated_at
The priority
incident tag is a unique incident tag automatically included in all BigPanda systems. This tag can be customized or deactivated, but cannot be removed or duplicated. See the Priority Tag documentation for more details.
Updated 1 day ago