Endpoint
/api/v2/tenants/{tenantId}/policies/alertCorrelation/{policyId}
Path Parameters
tenantIdstring
policyIdstring
Responses
OK
Endpoint
/api/v2/tenants/{tenantId}/policies/alertCorrelation/{policyId}
Path Parameters
tenantIdstring
policyIdstring
Responses
OK
algorithmCorrelationobject
Child Parameters
- algorithmCorrelation.alertsTimeWindow
- algorithmCorrelation.matchingConditions
- algorithmCorrelation.primaryAlertSubject
clientsIncludedstring
createdByobject
Child Parameters
- createdBy.email
- createdBy.firstName
- createdBy.lastName
- createdBy.loginName
createdTimestring
dependencyCorrelationobject
Child Parameters
- dependencyCorrelation.alertsTimeWindow
- dependencyCorrelation.downstreamMetrics
- dependencyCorrelation.upstreamMetrics
enabledboolean
filterCriteriaobject
Child Parameters
- filterCriteria.filterBased
- filterCriteria.matchingType
- filterCriteria.rules
idstring
machineLearningobject
Child Parameters
- machineLearning.continuousLearning
- machineLearning.trainingFileId
namestring
precedenceinteger
typestring
updatedByobject
Child Parameters
- updatedBy.email
- updatedBy.firstName
- updatedBy.lastName
- updatedBy.loginName
updatedTimestring
{
"algorithmCorrelation": {
"alertsTimeWindow": 20,
"matchingConditions": [
{
"matchType": "Identical",
"property": "subject"
},
{
"matchType": "Nearly Identical",
"property": "ip_address"
}
],
"primaryAlertSubject": "Network outage on Switch 162 "
},
"createdBy": {
"email": "john.smith@myorganization.com",
"firstName": "John",
"lastName": "Smith",
"loginName": "John_Smith"
},
"createdTime": "2018-03-27T13:14:07+0000",
"enabled": false,
"filterCriteria": {
"filterBased": true,
"matchingType": "ALL",
"rules": [
{
"entityName": "ip_address",
"entityValue": "162.11",
"filterType": "nativeAttributes",
"operator": "Contains"
},
{
"entityName": "device_location",
"entityValue": "West",
"filterType": "customAttributes",
"operator": "Contains"
}
]
},
"id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
"name": "Correlate alerts on network outage",
"precedence": 29,
"type": "ALGORITHM",
"updatedBy": {
"email": "john.smith@myorganization.com",
"firstName": "John",
"lastName": "Smith",
"loginName": "John_Smith"
},
"updatedTime": "2018-04-10T14:22:11+0000"
}
{
"algorithmCorrelation": {
"alertsTimeWindow": 20,
"matchingConditions": [
{
"matchType": "Identical",
"property": "subject"
},
{
"matchType": "Identical",
"property": "alert_metric"
}
],
"primaryAlertSubject": "subject-alertMetric policy"
},
"clientsIncluded": "ALL",
"createdBy": {
"email": "admin@opsramp.com",
"firstName": "OpsRamp API User",
"lastName": " ",
"loginName": "opsramp_api_user"
},
"createdTime": "2017-11-27T13:14:07+0000",
"enabled": true,
"filterCriteria": {
"filterBased": true,
"matchingType": "ALL",
"rules": [
{
"entityName": "host_name",
"entityValue": "vm",
"filterType": "nativeAttributes",
"operator": "Contains"
},
{
"entityName": "test_cutom_attribute",
"entityValue": "a",
"filterType": "customAttributes",
"operator": "Not Contains"
}
]
},
"id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
"name": "test_algorithm_correlation_ap",
"precedence": 29,
"type": "ALGORITHM",
"updatedTime": ""
}
{
"algorithmCorrelation": {
"alertsTimeWindow": 20,
"matchingConditions": [
{
"matchType": "Identical",
"property": "subject"
},
{
"matchType": "Identical",
"property": "alert_metric"
}
],
"primaryAlertSubject": "subject-alertMetric policy"
},
"createdBy": {
"email": "admin@opsramp.com",
"firstName": "OpsRamp API User",
"lastName": " ",
"loginName": "opsramp_api_user"
},
"createdTime": "2017-11-27T13:14:07+0000",
"enabled": true,
"filterCriteria": {
"filterBased": true,
"matchingType": "ALL",
"rules": [
{
"entityName": "host_name",
"entityValue": "vm",
"filterType": "nativeAttributes",
"operator": "Contains"
},
{
"entityName": "test_cutom_attribute",
"entityValue": "a",
"filterType": "customAttributes",
"operator": "Not Contains"
}
]
},
"id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
"includedClients": [
"client_8",
"client_9"
],
"name": "test_algorithm_correlation_ap",
"precedence": 29,
"type": "ALGORITHM",
"updatedTime": ""
}
{
"createdBy": {
"email": "john.smith@myorganization.com",
"firstName": "OpsRamp API User",
"lastName": " ",
"loginName": "opsramp_api_user"
},
"createdTime": "2018-08-27T13:14:07+0000",
"enabled": false,
"filterCriteria": {
"filterBased": true,
"matchingType": "ALL",
"rules": [
{
"entityName": "host_name",
"entityValue": "Logix",
"filterType": "nativeAttributes",
"operator": "Contains"
},
{
"entityName": "agent_status",
"entityValue": "up",
"filterType": "customAttributes",
"operator": "Equals"
}
]
},
"id": "POLICY-AC-1556bcf6-7cc2-44ba-ba1f-8ca5a211bcb3",
"machineLearning": {
"continuousLearning": false,
"trainingFileId": "ml_alert_correlation_training_client_9"
},
"name": "Server SJ-Alerts",
"precedence": 30,
"type": "CO_OCCURRENCE",
"updatedBy": {
"email": "john.smith@myorganization.com",
"firstName": "OpsRamp API User",
"lastName": " ",
"loginName": "opsramp_api_user"
},
"updatedTime": "2018-09-12T10:22:11+0000"
}
{
"createdBy": {
"email": "john.smith@myorganization.com",
"firstName": "John",
"lastName": "Smith",
"loginName": "John_Smith"
},
"createdTime": "2018-03-27T13:14:07+0000",
"dependencyCorrelation": {
"alertsTimeWindow": 15,
"downstreamMetrics": [
"system.memory.utilization",
"system.ping.rta"
],
"upstreamMetrics": [
"system.process.cpu",
"system.ping.pl"
]
},
"enabled": false,
"filterCriteria": {
"filterBased": true,
"matchingType": "ALL",
"rules": [
{
"entityName": "host_name",
"entityValue": "vm",
"filterType": "nativeAttributes",
"operator": "Contains"
},
{
"entityName": "Root_Device",
"entityValue": "ESX",
"filterType": "customAttributes",
"operator": "Starts with"
}
]
},
"id": "POLICY-AC-165c4ee5-8b31-4cba-b88e-f20e57ae8358",
"name": "Correlate alerts on Hypervisor",
"precedence": 25,
"type": "DEPENDENCY",
"updatedBy": {
"email": "john.smith@myorganization.com",
"firstName": "John",
"lastName": "Smith",
"loginName": "John_Smith"
},
"updatedTime": "2018-04-10T14:22:10+0000"
}
Endpoint
/api/v2/tenants/{tenantId}/policies/alertCorrelation/{policyId}
Path Parameters
tenantIdstring
policyIdstring
algorithmCorrelationobject
Correlate alerts that share similar alert properties.
Child Parameters
- algorithmCorrelation.alertsTimeWindow
- (Optional) Correlate alerts that are generated within a time span specified in minutes. If a value isn't specified, the default time window is 5 minutes.
- algorithmCorrelation.machineLearning
- algorithmCorrelation.matchingConditions
- Correlate alerts based all of the on the following: 1. Select the alert property with which the alerts should be grouped (example is "Host Name"). 2. Match the type of alert property. If a user wants to correlate alerts which exactly share same IP address 172.34.213, provide the "property": "ip_address" and "matchType": "Identical" fields. See Matching conditions table for detailed information on match types.
- algorithmCorrelation.primaryAlertSubject
- (Optional) Provide a subject for the primary alert generated. This helps to identify the Inference. If no subject is provided, the primary alert is treated as the subject for alert correlation.
dependencyCorrelationobject
Correlate alerts on upstream and downstream resources.
Child Parameters
- dependencyCorrelation.alertsTimeWindow
- (Optional) Correlate alerts that are generated within a time span specified in minutes. An example is when a user wants to correlate alerts on upstream and downstream resources within a span of 15 minutes. If a value isn't specified, the default time window is 5 minutes.
- dependencyCorrelation.downstreamMetrics
- Metrics on the downstream resource that may generate alerts. Use the Get Metrics API to get metrics assigned to a resource.
- dependencyCorrelation.upstreamMetrics
- Metrics on the upstream resource that may generate alerts. Use the Get Metrics API to get metrics assigned to a resource.
enabledModestring
(Optional) To enable an alert correlation policy, set "enabledMode": "ON". To disable an alert correlation policy, set "enabledMode: "OFF". To enable an alert correlation policy to observe, set "enabledMode": "OBSERVED".
filterCriteriaobject
(Optional) Filter for resources whose alerts will match this policy.
Child Parameters
- filterCriteria.filterBased
- Determine if the alert correlation policy should consider the below filter rules.
- filterCriteria.matchingType
- Match ALL or ANY of the rules to filter for resources whose alerts will match this policy.
- filterCriteria.rules
- (Mandatory if "filterBase": "true") Filter resources with the rules that follow.
namestring
The name of the alert correlation policy.
organizationMatchingTypestring
precedenceinteger
(Optional) Determine the execution order of a policy. For example, if VMware is specified as part of the agent status policy and network outage policy, the user can determine which policy should execute first to correlate VMware alerts.
typestring
The alert correlation policy type.
{
"dependencyCorrelation": {
"alertsTimeWindow": 15,
"downstreamMetrics": [
"system.ping.rta",
"system.memory.utilization"
],
"upstreamMetrics": [
"system.ping.pl",
"system.process.cpu"
]
},
"enabled": "false",
"filterCriteria": {
"filterBased": true,
"matchingType": "ALL",
"rules": [
{
"entityName": "host_name",
"entityValue": "vm",
"filterType": "nativeAttributes",
"operator": "Contains"
},
{
"entityName": "Root_Device",
"entityValue": "ESX",
"filterType": "customAttributes",
"operator": "Starts with"
}
]
},
"name": "Correlate alerts on Hypervisor",
"precedence": 25,
"type": "DEPENDENCY"
}
Responses
OK
algorithmCorrelationobject
Child Parameters
- algorithmCorrelation.alertsTimeWindow
- algorithmCorrelation.matchingConditions
- algorithmCorrelation.primaryAlertSubject
createdByobject
Child Parameters
- createdBy.email
- createdBy.firstName
- createdBy.lastName
- createdBy.loginName
createdTimestring
enabledboolean
filterCriteriaobject
Child Parameters
- filterCriteria.filterBased
- filterCriteria.matchingType
- filterCriteria.rules
idstring
namestring
precedenceinteger
typestring
updatedTimestring
{
"createdBy": {
"email": "john.smith@myorganization.com",
"firstName": "John",
"lastName": "Smith",
"loginName": "John_Smith"
},
"createdTime": "2018-03-27T13:14:07+0000",
"dependencyCorrelation": {
"alertsTimeWindow": 15,
"downstreamMetrics": [
"system.memory.utilization",
"system.ping.rta"
],
"upstreamMetrics": [
"system.process.cpu",
"system.ping.pl"
]
},
"enabled": false,
"filterCriteria": {
"filterBased": true,
"matchingType": "ALL",
"rules": [
{
"entityName": "host_name",
"entityValue": "vm",
"filterType": "nativeAttributes",
"operator": "Contains"
},
{
"entityName": "Root_Device",
"entityValue": "ESX",
"filterType": "customAttributes",
"operator": "Starts with"
}
]
},
"id": "POLICY-AC-165c4ee5-8b31-4cba-b88e-f20e57ae8358",
"name": "Correlate alerts on Hypervisor",
"precedence": 25,
"type": "DEPENDENCY",
"updatedBy": {
"email": "john.smith@myorganization.com",
"firstName": "John",
"lastName": "Smith",
"loginName": "John_Smith"
},
"updatedTime": "2018-04-10T14:22:10+0000"
}