Alert Correlation Logic sets rules to correlate alerts into BigPanda incidents. BigPanda's open machine learning engine will automatically create correlation patterns based on the alerts received, and will suggest new patterns as situations arise. You can customize the correlation patterns to better fit your infrastructure at any time.
Enrichment V2 Required
The Correlation Patterns API uses the underlying systems of the Enrichment V2 Engine. Your organization must have migrated to Enrichment V2 before using the Correlation API.
DO NOT USE the API without Enrichment V2 enabled or existing V1 Correlation patterns may be damaged.
This feature is currently only available through the Beta program and is not released for general availability. To request access to the feature, contact [email protected].
DO NOT attempt to use the API without first having it enabled or it may cause issues in correlation.
Correlation patterns define the relationships between alerts by using the following parameters:
- Source Systems - the integrated monitoring systems for which the pattern applies. For example, correlating alerts that come from a specific instance of Datadog.
- Tags - the properties that indicate when alerts are related. For example, correlating alerts that come from the same cluster and have the same check.
- Time window - The amount of time between when the alerts started. For example, network-related alerts may start within a short time from one another.
- Filter - (optional) The conditions that further refine which alerts to correlate. For example, correlating only network-related alerts by data center, or specific tags from specific sources.
By default, correlation patterns apply to all sources. Source systems can be added to the filter to narrow the pattern to apply only to specific sources. Sources can be filtered by each individual instance using their unique Integration ID, or by source type using a wildcard. For Example:
source_system=api.*- All Alerts API sources will be included
source_system=api.restapi- Only Alerts from the Rest API will be included
Alerts from multiple sources can be correlated together if cross-source correlation is enabled.
To maintain quality of service, BigPanda APIs are limited to 5 requests per second.
Additional requests will return a 429 response code and the request will need to be retried.
See the Working with Correlation Patterns guide for a full explanation of the permissions required to access the Correlation Patterns Settings section and the Correlation Patterns API.
To learn more about how BigPanda's permissions work, see the RBAC - Role Based Access Control guide.
A User API Key is required for authentication.