Correlation Patterns

Use the Correlation Patterns API to define how alerts are clustered into BigPanda incidents.

Alert Correlation Logic sets rules to correlate alerts into BigPanda incidents. BigPanda's open machine learning engine will automatically create correlation patterns based on the alerts received, and will suggest new patterns as situations arise. You can customize the correlation patterns to better fit your infrastructure at any time.


Enrichment V2 Required

The Correlation Patterns API uses the underlying systems of the Enrichment V2 Engine. Your organization must have migrated to Enrichment V2 before using the Correlation API.

DO NOT USE the API without Enrichment V2 enabled or existing V1 Correlation patterns may be damaged.


Beta Feature

This feature is currently only available through the Beta program and is not released for general availability. To request access to the feature, contact [email protected].

DO NOT attempt to use the API without first having it enabled or it may cause issues in correlation.

Pattern Parameters

Correlation patterns define the relationships between alerts by using the following parameters:

  • Source Systems - the integrated monitoring systems for which the pattern applies. For example, correlating alerts that come from a specific instance of Datadog.
  • Tags - the properties that indicate when alerts are related. For example, correlating alerts that come from the same cluster and have the same check.
  • Time window - The amount of time between when the alerts started. For example, network-related alerts may start within a short time from one another.
  • Filter - (optional) The conditions that further refine which alerts to correlate. For example, correlating only network-related alerts by data center, or specific tags from specific sources.

By default, correlation patterns apply to all sources. Source systems can be added to the filter to narrow the pattern to apply only to specific sources. Sources can be filtered by each individual instance using their unique Integration ID, or by source type using a wildcard. For Example:

  • source_system=api.* - All Alerts API sources will be included
  • source_system=api.restapi - Only Alerts from the Rest API will be included
    Alerts from multiple sources can be correlated together if cross-source correlation is enabled.


Rate Limitations

To maintain quality of service, BigPanda APIs are limited to 5 requests per second.
Additional requests will return a 429 response code and the request will need to be retried.

Relevant Permissions

See the Working with Correlation Patterns guide for a full explanation of the permissions required to access the Correlation Patterns Settings section and the Correlation Patterns API.

To learn more about how BigPanda's permissions work, see the RBAC - Role Based Access Control guide.


Authentication Necessary

A User API Key is required for authentication.