URL
POST https://{api-url}/api/v2/tenants/{tenantId}/policies/alertCorrelation/{policyId}Sample URLs
https://{api-url}/api/v2/tenants/client_7/policies/alertCorrelation/POLICY-AC-3218d82f-25c6-4d4d-bd88-b83c5e30721chttps://{api-url}/api/v2/tenants/msp_6/policies/alertCorrelation/POLICY-AC-ce200249-bcb0-47ef-8b24-9b5744053243Parameters
| Field | Data Type | Values | Description |
|---|---|---|---|
| "name" | String | NA | The name of the alert correlation policy. |
| "filterCriteria" | String | (Optional) Filter for resources whose alerts will match this policy. | |
| Boolean | "true" or "false" | Determine if the alert correlation policy should consider the below filter rules. |
| Boolean | "ALL" or "ANY" | Match ALL or ANY of the rules to filter for resources whose alerts will match this policy. |
| (Mandatory if "filterBase": "true") Filter resources with the rules that follow. | ||
| String | "nativeAttributes" "customAttributes" | Filter for resources on the basis of predefined attributes. Filter for resources using custom attributes of device and client. |
| String | Entity names of native attributes:
| Native or custom attribute name. For example, to filter for resources with host_name "VG-Host", use the following: "filterType":"nativeAttributes", "entityName":"host_name", "operator":"CONTAINS", "entityValue":"VG-Host" To filter for resources with a custom attribute"Agent Status", use the following: "filterType":"customAttributes", "entityName":"Agent Status", "operator":"CONTAINS", "entityValue":"Up" |
| String |
| The logical operators to filter for resources. To filter Windows resources, use "Contains Windows". To filter resources with the agent is installed, use the following: "entityName": "agent_installed", "operator": "Is", "entityValue": "Yes" View to learn more about how to form regular expressions. |
| String | NA | The unique value of the alert. An example would be "VG-Host". |
| Object | ||
| "type" | String | "DEPENDENCY" "ALGORITHM" "CO_OCCURRENCE" | The alert correlation policy type. |
| "dependencyCorrelation" | String | Correlate alerts on upstream and downstream resources. See the Create Alert Correlation Policy API to learn more about creating a dependency correlation. | |
| Integer | 5, 10, 15, 20, 25, 30, 45, 60, 90, 120 | (Optional) Correlate alerts that are generated within a time span specified in minutes. An example is when a user wants to correlate alerts on upstream and downstream resources within a span of 15 minutes. If a value isn't specified, the default time window is 5 minutes. |
| List | NA | Metrics on the upstream resource that may generate alerts. Use the Get Metrics API to retrieve metrics assigned to a resource. |
| List | NA | Metrics on the downstream resource that may generate alerts. Use the Get Metrics API to retrieve metrics assigned to a resource. |
| "algorithmCorrelation" | String | Correlate alerts that share similar alert properties. | |
| Integer | 5, 10, 15, 20, 25, 30, 45, 60, 90, 120 | (Optional) Correlate alerts that are generated within a time span specified in minutes. If a value isn't specified, the default time window is 5 minutes. |
|
|
| Correlate alerts based all of the on the following:
|
| String | NA | (Optional) Provide a subject for the primary alert generated. This helps to identify the Inference. If no subject is provided, the primary alert is treated as the subject for alert correlation. |
| "enabledMode" | String | "ON" "OFF" "OBSERVED" | (Optional) To enable an alert correlation policy, set "enabledMode": "ON". To disable an alert correlation policy, set "enabledMode: "OFF". To enable an alert correlation policy to observe, set "enabledMode": "OBSERVED". |
| "precedence" | Integer | NA | (Optional) Determine the execution order of a policy. For example, if VMware is part of agent status policy and network outage policy, the user can determine which policy should execute first to correlate VMware alerts. |
| |||
| Client Scope Partner Policy | |||
| |||
| |||
| "precedence" | Integer | NA | (Optional) Determine the execution order of a policy. For example, if VMware is specified as part of the agent status policy and network outage policy, the user can determine which policy should execute first to correlate VMware alerts. |
NA indicates that the value is not applicable.
Update alert correlation policy with dependency correlation
Sample request
{
"name": "Correlate alerts on Hypervisor",
"enabled": "false",
"precedence": 25,
"filterCriteria": {
"filterBased": "true",
"matchingType": "ALL",
"rules": [{
"filterType": "nativeAttributes",
"entityName": "host_name",
"operator": "Contains",
"entityValue": "vm"
},
{
"filterType": "customAttributes",
"entityName": "Root_Device",
"operator": "Starts with",
"entityValue": "ESX"
}
]
},
"type": "DEPENDENCY",
"dependencyCorrelation": {
"alertsTimeWindow": "15",
"upstreamMetrics": [
"system.ping.pl",
"system.process.cpu"
],
"downstreamMetrics": [
"system.ping.rta",
"system.memory.utilization"
]
}
}Sample response
{
"id": "POLICY-AC-165c4ee5-8b31-4cba-b88e-f20e57ae8358",
"name": "Correlate alerts on Hypervisor",
"enabled": false,
"precedence": 25,
"filterCriteria": {
"filterBased": true,
"matchingType": "ALL",
"rules": [{
"filterType": "nativeAttributes",
"entityName": "host_name",
"operator": "Contains",
"entityValue": "vm"
}, {
"filterType": "customAttributes",
"entityName": "Root_Device",
"operator": "Starts with",
"entityValue": "ESX"
}]
},
"type": "DEPENDENCY",
"dependencyCorrelation": {
"alertsTimeWindow": 15,
"upstreamMetrics": ["system.process.cpu", "system.ping.pl"],
"downstreamMetrics": ["system.memory.utilization", "system.ping.rta"]
},
"createdBy": {
"loginName": "John_Smith",
"lastName": "Smith",
"firstName": "John",
"email": "john.smith@myorganization.com"
},
"updatedBy": {
"loginName": "John_Smith",
"lastName": "Smith",
"firstName": "John",
"email": "john.smith@myorganization.com"
},
"createdTime": "2018-03-27T13:14:07+0000",
"updatedTime": "2018-04-10T14:22:10+0000"
}Create alert correlation policy with algorithm-based correlation
Sample request
{
"name": "Correlate alerts on network outage",
"enabled": "false",
"filterCriteria": {
"filterBased": "true",
"matchingType": "ALL",
"rules": [{
"filterType": "nativeAttributes",
"entityName": "ip_address",
"operator": "Contains",
"entityValue": "162.11"
},
{
"filterType": "customAttributes",
"entityName": "device_location",
"operator": "Regex",
"entityValue": "*West"
}
]
},
"type": "ALGORITHM",
"algorithmCorrelation": {
"alertsTimeWindow": "20",
"matchingConditions": [{
"property": "subject",
"matchType": "Identical"
},
{
"property": "ip_address",
"matchType": "Nearly Identical"
}
],
"primaryAlertSubject": "Network outage on Switch 162"
}
}Sample response
{
"id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
"name": "Correlate alerts on network outage",
"enabled": false,
"precedence": 29,
"filterCriteria": {
"filterBased": true,
"matchingType": "ALL",
"rules": [{
"filterType": "nativeAttributes",
"entityName": "ip_address",
"operator": "CONTAINS",
"entityValue": "162.11"
}, {
"filterType": "customAttributes",
"entityName": "device_location",
"operator": "Regex",
"entityValue": "*West"
}]
},
"type": "ALGORITHM",
"algorithmCorrelation": {
"alertsTimeWindow": 20,
"matchingConditions": [{
"property": "subject",
"matchType": "Identical"
}, {
"property": "ip_address",
"matchType": "Nearly Identical"
}],
"primaryAlertSubject": "Network outage on Switch 162 "
},
"createdBy": {
"loginName": "John_Smith",
"lastName": "Smith",
"firstName": "John",
"email": "john.smith@myorganization.com"
},
"updatedBy": {
"loginName": "John_Smith",
"lastName": "Smith",
"firstName": "John",
"email": "john.smith@myorganization.com"
},
"createdTime": "2018-03-27T13:14:07+0000",
"updatedTime": "2018-04-10T14:22:11+0000"
}Create Alert Correlation Policy with Cooccurrence-Based Correlation
Sample request
{
"name": "Server-SJ Alerts",
"filterCriteria": {
"filterBased": "true",
"matchingType": "ALL",
"rules": [{
"filterType": "nativeAttributes",
"entityName": "host_name",
"operator": "Contains",
"entityValue": "Logix"
},
{
"filterType": "customAttributes",
"entityName": "device_location",
"operator": "Contains",
"entityValue": "West-SJ"
}
]
},
"type": "CO_OCCURRENCE"
}Sample response
{
"id": "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
"name": "Server-SJ Alerts",
"enabled": true,
"precedence": 30,
"filterCriteria": {
"filterBased": true,
"matchingType": "ALL",
"rules": [{
"filterType": "nativeAttributes",
"entityName": "host_name",
"operator": "Contains",
"entityValue": "Logix"
}, {
"filterType": "customAttributes",
"entityName": "device_location",
"operator": "Contains",
"entityValue": "West-SJ"
}]
},
"type": "CO_OCCURRENCE",
"createdBy": {
"loginName": "opsramp_api_user",
"lastName": " ",
"firstName": "OpsRamp API User",
"email": "john.smith@myorganization.com"
},
"updatedBy": {
"loginName": "opsramp_api_user",
"lastName": " ",
"firstName": "OpsRamp API User",
"email": "john.smith@myorganization.com"
},
"createdTime": "2018-08-27T13:14:07+0000",
"updatedTime": "2018-09-10T11:10:20+0000"
}Create Alert Correlation Policy with IP address filter
Sample request
{
"name":"IP policy api demo",
"type":"ALGORITHM",
"filterCriteria": {
"filterBased":"true",
"matchingType":"ALL",
"rules":
[
{
"filterType":"nativeAttributes",
"entityName":"ip_address",
"ipMatchingConditions": {
"ipAddressMatchType":"CIDR Match",
"cidrNotation":"192.168.1.1/24"
}
}
]
},
"algorithmCorrelation": {
"alertsTimeWindow":"20",
"matchingConditions":[
{
"property":"host_name",
"matchType":"Identical"
}
],
"primaryAlertSubject":"IP policy api demo"
}
}Sample response
{
"id": "POLICY-AC-498fe534-f70b-4511-80cd-88138ab15122",
"name": "IP policy api demo",
"enabled": true,
"precedence": 87,
"filterCriteria": {
"filterBased": true,
"matchingType": "ALL",
"rules": [
{
"filterType": "nativeAttributes",
"entityName": "ip_address",
"ipMatchingConditions": {
"ipAddressMatchType": "CIDR Match",
"cidrNotation": "192.168.1.1/24"
}
}
]
},
"type": "ALGORITHM",
"algorithmCorrelation": {
"alertsTimeWindow": 20,
"matchingConditions": [
{
"property": "host_name",
"matchType": "Identical"
}
],
"primaryAlertSubject": "IP policy api demo"
},
"createdBy": {
"loginName": "opsramp_api_user",
"lastName": " ",
"firstName": "OpsRamp API User",
"email": "admin@opsramp.com"
},
"createdTime": "2018-12-28T10:37:32+0000",
"updatedTime": ""
}Create client scope partner alert correlation policy correlated with algorithm and ALL based on organizationMatchingType
Sample request
{
"name":"test_algorithm_correlation_ap",
"organizationMatchingType":"ALL",
"filterCriteria": {
"filterBased":"true",
"matchingType":"ALL",
"rules":
[
{
"filterType":"nativeAttributes",
"entityName":"host_name",
"operator":"Contains",
"entityValue":"vm"
},
{
"filterType":"customAttributes",
"entityName":"test_custom_attribute",
"operator":"Not Contains",
"entityValue":"a"
}
]
},
"type":"ALGORITHM",
"algorithmCorrelation": {
"alertsTimeWindow":"20",
"matchingConditions":[
{
"property":"subject",
"matchType":"Identical"
},
{
"property":"alert_metric",
"matchType":"Identical"
}
],
"primaryAlertSubject":"subject-alertMetric policy"
}
}Sample response
{
"id" : "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
"name" : "test_algorithm_correlation_ap",
"clientsIncluded" : "ALL",
"enabled" : true,
"precedence" : 29,
"filterCriteria" : {
"filterBased" : true,
"matchingType" : "ALL",
"rules" : [ {
"filterType" : "nativeAttributes",
"entityName" : "host_name",
"operator" : "Contains",
"entityValue" : "vm"
}, {
"filterType" : "customAttributes",
"entityName" : "test_custom_attribute",
"operator" : "Not Contains",
"entityValue" : "a"
} ]
},
"type":"ALGORITHM",
"algorithmCorrelation" : {
"alertsTimeWindow" : 20,
"matchingConditions" : [ {
"property" : "subject",
"matchType" : "Identical"
}, {
"property" : "alert_metric",
"matchType" : "Identical"
} ],
"primaryAlertSubject" : "subject-alertMetric policy"
},
"createdBy" : {
"loginName" : "opsramp_api_user",
"lastName" : " ",
"firstName" : "OpsRamp API User",
"email" : "admin@opsramp.com"
},
"createdTime" : "2017-11-27T13:14:07+0000",
"updatedTime" : ""
}Create client scope partner alert correlation policy correlated with algorithm and INCLUDE based on organizationMatchingType
Sample request
{
"name":"test_algorithm_correlation_ap",
"organizationMatchingType":"INCLUDE",
"includedClients":[
"client_8",
"client_9"],
"filterCriteria": {
"filterBased":"true",
"matchingType":"ALL",
"rules":
[
{
"filterType":"nativeAttributes",
"entityName":"host_name",
"operator":"Contains",
"entityValue":"vm"
},
{
"filterType":"customAttributes",
"entityName":"test_custom_attribute",
"operator":"Not Contains",
"entityValue":"a"
}
]
},
"type":"ALGORITHM",
"algorithmCorrelation": {
"alertsTimeWindow":"20",
"matchingConditions":[
{
"property":"subject",
"matchType":"Identical"
},
{
"property":"alert_metric",
"matchType":"Identical"
}
],
"primaryAlertSubject":"subject-alertMetric policy"
}
}Sample response
{
"id" : "POLICY-AC-7556bcf6-4cc2-44ba-ba1f-3ca5a211bcb3",
"name" : "test_algorithm_correlation_ap",
"includedClients":[
"client_8",
"client_9"],
"enabled" : true,
"precedence" : 29,
"filterCriteria" : {
"filterBased" : true,
"matchingType" : "ALL",
"rules" : [ {
"filterType" : "nativeAttributes",
"entityName" : "host_name",
"operator" : "Contains",
"entityValue" : "vm"
}, {
"filterType" : "customAttributes",
"entityName" : "test_custom_attribute",
"operator" : "Not Contains",
"entityValue" : "a"
} ]
},
"type":"ALGORITHM",
"algorithmCorrelation" : {
"alertsTimeWindow" : 20,
"matchingConditions" : [ {
"property" : "subject",
"matchType" : "Identical"
}, {
"property" : "alert_metric",
"matchType" : "Identical"
} ],
"primaryAlertSubject" : "subject-alertMetric policy"
},
"createdBy" : {
"loginName" : "opsramp_api_user",
"lastName" : " ",
"firstName" : "OpsRamp API User",
"email" : "admin@opsramp.com"
},
"createdTime" : "2017-11-27T13:14:07+0000",
"updatedTime" : ""
}