Enrichment is the process of adding contextual information to alerts in BigPanda. Use the Enrichments API to define custom tags that help users understand incidents more quickly and enrich BigPanda functionality, including correlation patterns and maintenance plans.
The Enrichments API allows you to programmatically create custom tags that add contextual information to alerts. It supports the mapping enrichment technique, which creates custom tags by looking up values in a data mapping table.
Define an enrichment schema using these API resources:
- Enrichments object, which defines the enrichment technique and configuration details associated with that technique. For example, in a mapping enrichment, the configuration details include a description of the data mapping table.
- Sub-objects that are specific to the enrichment technique. For a mapping enrichment, the Map endpoint allows you to upload and maintain a data mapping table.
The API works by evaluating all incoming alerts to see if they match an active enrichment definition. Matching alerts are enriched with custom tags according to the instructions in the enrichment definition.
Roles with the following permissions can access the Alert Enrichment API:
|Alert Enrichment||View and use the Alert Enrichments UI and API.|
|Mapping Enrichment (API Only)||Use the Mapping Enrichment API.|
Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the Roles Management guide.
Use the Enrichment API to develop a common language between monitoring systems and to identify upstream and downstream dependencies between configuration items.
Define common tags to identify when alerts from different monitoring sources are related to the same monitored object in your infrastructure. For example, you can define a mapping enrichment for
cluster based on the Pingdom service. Then, define an extraction enrichment for
cluster based on the Nagios host name. Now, a cross-source correlation pattern on the
cluster tag can group related alerts from either system into the same incident.
Understand the physical and logical relationships between alerting objects and the rest of your infrastructure. For example, you can leverage a CMDB to identify when different objects have the same parent object (such as multiple hosts in the same cluster). Then, define correlation patterns for objects with the same parent, Environments that reflect your infrastructure, and/or maintenance plans that suppress alerts for objects downstream of an object under maintenance.
Help IT Operations teams categorize, prioritize, route, and remediate an incident. For example, you can leverage a team spreadsheet to add assignments, categories, and priorities to alerts. Then, define Environments, dashboards, and Analytics reports to ensure the right teams have visibility into issues and/or define AutoShare rules to automatically trigger escalation processes.
Available Objects and Actions
|Object||Description||Supported Methods||API Endpoint|
|Enrichments Object||Defines the schema for an enrichment.|
Use the Enrichments API to perform these actions.
|Create Enrichment||Creates a new definition for an enrichment schema.|
|Update Enrichment||Activates or deactivates a specific enrichment definition.|
|Create Mapping Enrichment Table||Uploads a new data mapping table that follows a specific enrichment schema.|
|Update Mapping Enrichment Table Rows||Updates specific rows of an existing mapping enrichment table.|
|List All Enrichments||Lists all enrichment definitions that exist for an organization.|
|Retrieve Enrichment||Retrieves a specific definition for an enrichment schema.|
|Check Status of Upload Job||Checks the status of an asynchronous job to upload or update a mapping enrichment table.|
To maintain quality of service, the Alert Enrichment API is limited to 5 requests per second.
Additional requests will return a 429 response code and the request will need to be retried.