Endpoint
/api/v2/tenants/{tenantId}/policies/alertCorrelation/{policyId}
Path Parameters
tenantId
string

Describes the client ID or msp ID of the tenant

policyId
string

Policy unique identifier

Responses

OK

Endpoint
/api/v2/tenants/{tenantId}/policies/alertCorrelation/{policyId}
Path Parameters
tenantId
string

Describes the client ID or msp ID of the tenant

policyId
string

Policy unique identifier

Responses

OK

algorithmCorrelation
object

algorithmCorrelation.alertsTimeWindow
algorithmCorrelation.matchingConditions
algorithmCorrelation.primaryAlertSubject
clientsIncluded
string

createdBy
object

createdBy.email
createdBy.firstName
createdBy.lastName
createdBy.loginName
createdTime
string

dependencyCorrelation
object

dependencyCorrelation.alertsTimeWindow
dependencyCorrelation.downstreamMetrics
dependencyCorrelation.upstreamMetrics
enabled
boolean

filterCriteria
object

filterCriteria.filterBased
filterCriteria.matchingType
filterCriteria.rules
id
string

includedClients
array

machineLearning
object

machineLearning.continuousLearning
machineLearning.trainingFileId
name
string

precedence
integer

type
string

updatedBy
object

updatedBy.email
updatedBy.firstName
updatedBy.lastName
updatedBy.loginName
updatedTime
string

{
  "algorithmCorrelation": {
    "alertsTimeWindow": 20,
    "matchingConditions": [
      {
        "matchType": "Identical",
        "property": "subject"
      },
      {
        "matchType": "Nearly Identical",
        "property": "ip_address"
      }
    ],
    "primaryAlertSubject": "Network outage on Switch 162 "
  },
  "createdBy": {
    "email": "john.smith@myorganization.com",
    "firstName": "John",
    "lastName": "Smith",
    "loginName": "John_Smith"
  },
  "createdTime": "2018-03-27T13:14:07+0000",
  "enabled": false,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "ip_address",
        "entityValue": "162.11",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "device_location",
        "entityValue": "West",
        "filterType": "customAttributes",
        "operator": "Contains"
      }
    ]
  },
  "id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
  "name": "Correlate alerts on network outage",
  "precedence": 29,
  "type": "ALGORITHM",
  "updatedBy": {
    "email": "john.smith@myorganization.com",
    "firstName": "John",
    "lastName": "Smith",
    "loginName": "John_Smith"
  },
  "updatedTime": "2018-04-10T14:22:11+0000"
}
{
  "algorithmCorrelation": {
    "alertsTimeWindow": 20,
    "matchingConditions": [
      {
        "matchType": "Identical",
        "property": "subject"
      },
      {
        "matchType": "Identical",
        "property": "alert_metric"
      }
    ],
    "primaryAlertSubject": "subject-alertMetric policy"
  },
  "clientsIncluded": "ALL",
  "createdBy": {
    "email": "admin@opsramp.com",
    "firstName": "OpsRamp API User",
    "lastName": " ",
    "loginName": "opsramp_api_user"
  },
  "createdTime": "2017-11-27T13:14:07+0000",
  "enabled": true,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "host_name",
        "entityValue": "vm",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "test_cutom_attribute",
        "entityValue": "a",
        "filterType": "customAttributes",
        "operator": "Not Contains"
      }
    ]
  },
  "id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
  "name": "test_algorithm_correlation_ap",
  "precedence": 29,
  "type": "ALGORITHM",
  "updatedTime": ""
}
{
  "algorithmCorrelation": {
    "alertsTimeWindow": 20,
    "matchingConditions": [
      {
        "matchType": "Identical",
        "property": "subject"
      },
      {
        "matchType": "Identical",
        "property": "alert_metric"
      }
    ],
    "primaryAlertSubject": "subject-alertMetric policy"
  },
  "createdBy": {
    "email": "admin@opsramp.com",
    "firstName": "OpsRamp API User",
    "lastName": " ",
    "loginName": "opsramp_api_user"
  },
  "createdTime": "2017-11-27T13:14:07+0000",
  "enabled": true,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "host_name",
        "entityValue": "vm",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "test_cutom_attribute",
        "entityValue": "a",
        "filterType": "customAttributes",
        "operator": "Not Contains"
      }
    ]
  },
  "id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
  "includedClients": [
    "client_8",
    "client_9"
  ],
  "name": "test_algorithm_correlation_ap",
  "precedence": 29,
  "type": "ALGORITHM",
  "updatedTime": ""
}
{
  "createdBy": {
    "email": "john.smith@myorganization.com",
    "firstName": "OpsRamp API User",
    "lastName": " ",
    "loginName": "opsramp_api_user"
  },
  "createdTime": "2018-08-27T13:14:07+0000",
  "enabled": false,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "host_name",
        "entityValue": "Logix",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "agent_status",
        "entityValue": "up",
        "filterType": "customAttributes",
        "operator": "Equals"
      }
    ]
  },
  "id": "POLICY-AC-1556bcf6-7cc2-44ba-ba1f-8ca5a211bcb3",
  "machineLearning": {
    "continuousLearning": false,
    "trainingFileId": "ml_alert_correlation_training_client_9"
  },
  "name": "Server SJ-Alerts",
  "precedence": 30,
  "type": "CO_OCCURRENCE",
  "updatedBy": {
    "email": "john.smith@myorganization.com",
    "firstName": "OpsRamp API User",
    "lastName": " ",
    "loginName": "opsramp_api_user"
  },
  "updatedTime": "2018-09-12T10:22:11+0000"
}
{
  "createdBy": {
    "email": "john.smith@myorganization.com",
    "firstName": "John",
    "lastName": "Smith",
    "loginName": "John_Smith"
  },
  "createdTime": "2018-03-27T13:14:07+0000",
  "dependencyCorrelation": {
    "alertsTimeWindow": 15,
    "downstreamMetrics": [
      "system.memory.utilization",
      "system.ping.rta"
    ],
    "upstreamMetrics": [
      "system.process.cpu",
      "system.ping.pl"
    ]
  },
  "enabled": false,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "host_name",
        "entityValue": "vm",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "Root_Device",
        "entityValue": "ESX",
        "filterType": "customAttributes",
        "operator": "Starts with"
      }
    ]
  },
  "id": "POLICY-AC-165c4ee5-8b31-4cba-b88e-f20e57ae8358",
  "name": "Correlate alerts on Hypervisor",
  "precedence": 25,
  "type": "DEPENDENCY",
  "updatedBy": {
    "email": "john.smith@myorganization.com",
    "firstName": "John",
    "lastName": "Smith",
    "loginName": "John_Smith"
  },
  "updatedTime": "2018-04-10T14:22:10+0000"
}
Endpoint
/api/v2/tenants/{tenantId}/policies/alertCorrelation/{policyId}
Path Parameters
tenantId
string

Describes the client ID or msp ID of the tenant

policyId
string

Policy unique identifier

algorithmCorrelation
object

Correlate alerts that share similar alert properties.

algorithmCorrelation.alertsTimeWindow
(Optional) Correlate alerts that are generated within a time span specified in minutes. If a value isn't specified, the default time window is 5 minutes.
algorithmCorrelation.machineLearning
algorithmCorrelation.matchingConditions
Correlate alerts based all of the on the following: 1. Select the alert property with which the alerts should be grouped (example is "Host Name"). 2. Match the type of alert property. If a user wants to correlate alerts which exactly share same IP address 172.34.213, provide the "property": "ip_address" and "matchType": "Identical" fields. See Matching conditions table for detailed information on match types.
algorithmCorrelation.primaryAlertSubject
(Optional) Provide a subject for the primary alert generated. This helps to identify the Inference. If no subject is provided, the primary alert is treated as the subject for alert correlation.
dependencyCorrelation
object

Correlate alerts on upstream and downstream resources.

dependencyCorrelation.alertsTimeWindow
(Optional) Correlate alerts that are generated within a time span specified in minutes. An example is when a user wants to correlate alerts on upstream and downstream resources within a span of 15 minutes. If a value isn't specified, the default time window is 5 minutes.
dependencyCorrelation.downstreamMetrics
Metrics on the downstream resource that may generate alerts. Use the Get Metrics API to get metrics assigned to a resource.
dependencyCorrelation.upstreamMetrics
Metrics on the upstream resource that may generate alerts. Use the Get Metrics API to get metrics assigned to a resource.
enabledMode
string

(Optional) To enable an alert correlation policy, set "enabledMode": "ON". To disable an alert correlation policy, set "enabledMode: "OFF". To enable an alert correlation policy to observe, set "enabledMode": "OBSERVED".

filterCriteria
object

(Optional) Filter for resources whose alerts will match this policy.

filterCriteria.filterBased
Determine if the alert correlation policy should consider the below filter rules.
filterCriteria.matchingType
Match ALL or ANY of the rules to filter for resources whose alerts will match this policy.
filterCriteria.rules
(Mandatory if "filterBase": "true") Filter resources with the rules that follow.
includedClients
array

name
string

The name of the alert correlation policy.

organizationMatchingType
string

precedence
integer

(Optional) Determine the execution order of a policy. For example, if VMware is specified as part of the agent status policy and network outage policy, the user can determine which policy should execute first to correlate VMware alerts.

type
string

The alert correlation policy type.

{
  "dependencyCorrelation": {
    "alertsTimeWindow": 15,
    "downstreamMetrics": [
      "system.ping.rta",
      "system.memory.utilization"
    ],
    "upstreamMetrics": [
      "system.ping.pl",
      "system.process.cpu"
    ]
  },
  "enabled": "false",
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "host_name",
        "entityValue": "vm",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "Root_Device",
        "entityValue": "ESX",
        "filterType": "customAttributes",
        "operator": "Starts with"
      }
    ]
  },
  "name": "Correlate alerts on Hypervisor",
  "precedence": 25,
  "type": "DEPENDENCY"
}

Responses

OK

algorithmCorrelation
object

algorithmCorrelation.alertsTimeWindow
algorithmCorrelation.matchingConditions
algorithmCorrelation.primaryAlertSubject
createdBy
object

createdBy.email
createdBy.firstName
createdBy.lastName
createdBy.loginName
createdTime
string

enabled
boolean

filterCriteria
object

filterCriteria.filterBased
filterCriteria.matchingType
filterCriteria.rules
id
string

name
string

precedence
integer

type
string

updatedTime
string

{
  "createdBy": {
    "email": "john.smith@myorganization.com",
    "firstName": "John",
    "lastName": "Smith",
    "loginName": "John_Smith"
  },
  "createdTime": "2018-03-27T13:14:07+0000",
  "dependencyCorrelation": {
    "alertsTimeWindow": 15,
    "downstreamMetrics": [
      "system.memory.utilization",
      "system.ping.rta"
    ],
    "upstreamMetrics": [
      "system.process.cpu",
      "system.ping.pl"
    ]
  },
  "enabled": false,
  "filterCriteria": {
    "filterBased": true,
    "matchingType": "ALL",
    "rules": [
      {
        "entityName": "host_name",
        "entityValue": "vm",
        "filterType": "nativeAttributes",
        "operator": "Contains"
      },
      {
        "entityName": "Root_Device",
        "entityValue": "ESX",
        "filterType": "customAttributes",
        "operator": "Starts with"
      }
    ]
  },
  "id": "POLICY-AC-165c4ee5-8b31-4cba-b88e-f20e57ae8358",
  "name": "Correlate alerts on Hypervisor",
  "precedence": 25,
  "type": "DEPENDENCY",
  "updatedBy": {
    "email": "john.smith@myorganization.com",
    "firstName": "John",
    "lastName": "Smith",
    "loginName": "John_Smith"
  },
  "updatedTime": "2018-04-10T14:22:10+0000"
}