Correlation Patterns

Use the Correlation Patterns API to define how alerts are clustered into BigPanda incidents.

Alert Correlation Logic sets rules to correlate alerts into BigPanda incidents. You can customize the correlation patterns to better fit your infrastructure at any time.

Pattern Parameters

Correlation patterns define the relationships between alerts by using the following parameters:

  • Source Systems - the integrated monitoring systems for which the pattern applies. For example, correlating alerts that come from a specific instance of Datadog.
  • Tags - the properties that indicate when alerts are related. For example, correlating alerts that come from the same cluster and have the same check.
  • Time window - The amount of time between when the alerts started. For example, network-related alerts may start within a short time from one another.
  • Filter - (optional) The conditions that further refine which alerts to correlate. For example, correlating only network-related alerts by data center, or specific tags from specific sources.

By default, correlation patterns apply to all sources. Source systems can be added to the filter to narrow the pattern to apply only to specific sources. Sources can be filtered by each individual instance using their unique Integration ID, or by source type using a wildcard. For Example:

  • source_system=api.* - All Alerts API sources will be included
  • source_system=api.restapi - Only Alerts from the Rest API will be included
    Alerts from multiple sources can be correlated together if cross-source correlation is enabled.


Rate Limitations

To maintain quality of service, BigPanda APIs are limited to 5 requests per second.
Additional requests will return a 429 response code and the request will need to be retried.

Relevant Permissions

Roles with the following permission can access Correlation Patterns in the API and BigPanda Settings:

Role NameDescription
Alert CorrelationView, edit, and create new Correlation Patterns in BigPanda Settings and API.

Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the Roles Management guide.


Authentication Necessary

A User API Key is required for authentication.

Available Actions

Use the Correlation Patterns API to perform these actions:

Create a Correlation PatternPOST /correlation-patternsCreates a new correlation pattern.
Retrieve a Correlation Pattern by IDGET /correlation-patterns/{id}Retrieves a specific correlation pattern.
Retrieve All Correlation PatternsGET /correlation-patternsRetrieves all correlation patterns.
Update a Correlation PatternPATCH /correlation-patterns/{id}Updates a correlation pattern.
Delete a Correlation PatternDELETE /correlation-patterns/{id}Deletes a correlation pattern.
Update Correlation Patterns OrderPUT /correlation-patterns-orderUpdates the run order for specific correlation patterns.
Reset Correlation Patterns OrderPOST /correlation-patterns-order/resetResets all correlation patterns to run in order from largest time window to smallest.