| API Endpoint | https://api.bigpanda.io/resources/v2.0/correlation-patterns |
| Supported Methods | POST, GET, PATCH, DELETE |
Parameters
The Correlation Pattern object schema includes the following attributes:
| Parameter | Description | Type | Example |
|---|---|---|---|
| id | System-generated unique identifier for a correlation pattern | UUID | "id" : "12344" |
| active | Whether the correlation pattern is active. Default condition is true | Boolean | "active": true |
| tags | Array of tag name(s) to correlate within the pattern. At least 1 item must appear in the array. No more than 5 items in the array. No duplicate names in the array. | Array | "tags": ["service","check"] |
| time_window | Time frame to determine correlation in minutes | Integer | 1-4320 |
| filter | BPQL Filter to set conditions for the correlation pattern | String | "filter" : "cluster=_prod_"]" |
| cross_source | Determines if alerts can be correlated from different source systems into the same incident Default condition is true | Boolean | "cross_source": true |
| note | Brief description of the correlation pattern | String | "note": unique change |
| created_at | Unix epoch time when the correlation pattern was created (in seconds). | Timestamp (in seconds) | "created_at" : 1493922189 |
| created_by | The ID of the user who created the correlation pattern | User ID | "created_by" : "3123kjlhfasdlkjfh" |
| updated_at | Unix epoch time when the correlation pattern was last updated (in seconds). | Timestamp (in seconds) | "updated_at" : 1372854204 |
| updated_by | The ID of the user who last updated the correlation pattern | User ID | "updated_by" : "3123kjlhfasdlkjfh" |
| suggested_at | Unix epoch time when the correlation pattern was suggested by machine learning (in seconds). | Timestamp (in seconds) | "suggested_at" : 1372854204 |
Suggested Schema
JSON:
{
"id": "5a8fb59d-0b40-4428-95d0-f8da5aee27c0",
"active": true,
"tags": ["service", "check"],
"time_window": 120,
"filter": "cluster=bin78",
"cross_source": false,
"note": "this is my note",
"created_at": 1576421825,
"created_by": "3123kjlhfasdlkjfh",
"updated_at": 1576421825,
"updated_by": "3123kjlhfasdlkjfh",
"suggested_at": 1576421825,
}
BPQL Filters
Correlation Patterns can be configured using BigPanda Query Language (BPQL) to define rules on which alerts will be grouped together. The rules construct a simple and/or boolean expression that is evaluated against the alert properties.