Alert enrichment enriches the alert Problem Area field with information extracted from the alert subject or description. Alert enrichment is usually used for log-type alerts where rich information is embedded in the alert subject or description, but the metric value is the generic metric name. If the Problem Area field is not enriched, it defaults to the alert Metric field value.

The Problem Area field is used to drive downstream alert correlation, alert first response, and alert escalation. The alert Problem Area field is available in the filter criteria, and the Problem Area is used in alert sequence model training for ML-based alert correlations and seasonality-based suppression. In addition, you can use the Problem Area field when preparing first response and escalation ML training.

Alert correlation and seasonality-based alert suppression use existing data to create ML models. For patterns to be seen by ML, there must be enough repetition in the data. Because the alert enrichment policies enrich new alerts, but not existing alerts, it takes a few weeks before you see new patterns from the ML models after you enable alert enrichment.

The following permission sets are required to access alert enrichment policies:

  • OpsQ View: Allows you to view the policies of other users.
  • OpsQ Manage: Allows you to create, edit, delete, and turn policies on or off.