About Alerts
Last updated on 29 August, 2024An alert instance is a single deduplicated record for repeated events for the same original key. The original key is a multipart key automatically constructed from the following event fields: source, CI, object, and name. For more information on alert fields that form an original key, see Alert Record.
Edwin AI Alerts are deduplicated series for a repeating event. When Edwin AI receives an event it creates a new alert record if no open alert can be found. However, if an open alert exists, Edwin AI increments the existing alert’s deduplication counter and adds the event to the alert. Alerts can be either correlated as insights or as individual alerts known as singleton alerts.
Edwin AI receives each alert update as an event and processes them into a single deduplicated alert instance, thus avoiding repeat escalations.
Note: Alerts evolve as conditions change.
Edwin AI performs one of the following:
- create a new alert record when no matching open alert is found. Or,
- adds the event to a matching existing alert.