Alert Correlation Logic sets rules to correlate alerts into BigPanda incidents. BigPanda's open machine learning engine will automatically create correlation patterns based on the alerts received, and will suggest new patterns as situations arise. You can customize the correlation patterns to better fit your infrastructure at any time.
Correlation patterns define the relationships between alerts by using the following parameters:
- Source Systems - the integrated monitoring systems for which the pattern applies. For example, correlating alerts that come from a specific instance of Datadog.
- Tags - the properties that indicate when alerts are related. For example, correlating alerts that come from the same cluster and have the same check.
- Time window - The amount of time between when the alerts started. For example, network-related alerts may start within a short time from one another.
- Filter - (optional) The conditions that further refine which alerts to correlate. For example, correlating only network-related alerts by data center, or specific tags from specific sources.
By default, correlation patterns apply to all sources. Source systems can be added to the filter to narrow the pattern to apply only to specific sources. Sources can be filtered by each individual instance using their unique Integration ID, or by source type using a wildcard. For Example:
source_system=api.*- All Alerts API sources will be included
source_system=api.restapi- Only Alerts from the Rest API will be included
Alerts from multiple sources can be correlated together if cross-source correlation is enabled.
To maintain quality of service, BigPanda APIs are limited to 5 requests per second.
Additional requests will return a 429 response code and the request will need to be retried.
See the Manage Alert Correlation guide for a full explanation of the permissions required to access the Correlation Patterns Settings section and the Correlation Patterns API.
To learn more about how BigPanda's permissions work, see the Roles Management guide.
A User API Key is required for authentication.
Use the Correlation Patterns API to perform these actions:
|Create a Correlation Pattern||Creates a new correlation pattern.|
|Retrieve a Correlation Pattern by ID||Retrieves a specific correlation pattern.|
|Retrieve All Correlation Patterns||Retrieves all correlation patterns.|
|Update a Correlation Pattern||Updates a correlation pattern.|
|Delete a Correlation Pattern||Deletes a correlation pattern.|