Use the Correlation Patterns API to define how alerts are clustered into BigPanda incidents.
Alert Correlation Logic sets rules to correlate alerts into BigPanda incidents. You can customize the correlation patterns to better fit your infrastructure at any time.
Pattern Parameters
Correlation patterns define the relationships between alerts by using the following parameters:
- Source Systems - the integrated monitoring systems for which the pattern applies. For example, correlating alerts that come from a specific instance of Datadog.
- Tags - the properties that indicate when alerts are related. For example, correlating alerts that come from the same cluster and have the same check.
- Time window - The amount of time between when the alerts started. For example, network-related alerts may start within a short time from one another.
- Filter - (optional) The conditions that further refine which alerts to correlate. For example, correlating only network-related alerts by data center, or specific tags from specific sources.
By default, correlation patterns apply to all sources. Source systems can be added to the filter to narrow the pattern to apply only to specific sources. Sources can be filtered by each individual instance using their unique Integration ID, or by source type using a wildcard. For Example:
source_system=api.*- All Alerts API sources will be includedsource_system=api.restapi- Only Alerts from the Rest API will be included
Alerts from multiple sources can be correlated together if cross-source correlation is enabled.
Rate Limitations
To maintain quality of service, BigPanda APIs are limited to 5 requests per second.
Additional requests will return a 429 response code and the request will need to be retried.
Relevant Permissions
Roles with the following permission can access Correlation Patterns in the API and BigPanda Settings:
| Role Name | Description |
|---|---|
| Alert Correlation | View, edit, and create new Correlation Patterns in BigPanda Settings and API. |
Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the Roles Management guide.
Authentication Necessary
A User API Key is required for authentication.
Available Actions
Use the Correlation Patterns API to perform these actions:
| Action | Definition | Description |
|---|---|---|
| Create a Correlation Pattern | POST /correlation-patterns | Creates a new correlation pattern. |
| Retrieve a Correlation Pattern by ID | GET /correlation-patterns/{id} | Retrieves a specific correlation pattern. |
| Retrieve All Correlation Patterns | GET /correlation-patterns | Retrieves all correlation patterns. |
| Update a Correlation Pattern | PATCH /correlation-patterns/{id} | Updates a correlation pattern. |
| Delete a Correlation Pattern | DELETE /correlation-patterns/{id} | Deletes a correlation pattern. |
| Update Correlation Patterns Order | PUT /correlation-patterns-order | Updates the run order for specific correlation patterns. |
| Reset Correlation Patterns Order | POST /correlation-patterns-order/reset | Resets all correlation patterns to run in order from largest time window to smallest. |