Alert Correlation
Last updated on 30 August, 2024Alert correlation is a process of grouping alerts into a single unified incident. Alert correlation offers the following benefits:
- Identify significant alerts
- Identify alerts that need further investigation
- Allows better understanding by providing relationships between alerts from various sources
In Edwin AI, alerts are correlated into:
- Insights – Insights are collections of alerts that have been automatically grouped. Insights are displayed in dashboards and can be further investigated through inspection views. Insights have a lifecycle that completes when an insight is set to closed. An insight can be closed through automation or manually from the user interface.
- Singleton Alerts – When there are no correlations found, similar data that have passed maximum correlation time are combined to form a singleton alert. Singleton alerts are escalated as individual alerts.
New alerts and their updates are the output of LogicMonitor’s Alert Evaluation processing phase. Each alert transaction, such as creation, upgrade, downgrade, and closure, resulting from that phase is processed as a separate event in Edwin AI.
Alerts in Edwin AI have their lifecycle represented in a series of escalation states from new through to closed. When an Edwin AI alert is in an open state, any reoccurrence of a LogicMonitor alert instance will be deduplicated under the open alert. This ensures that alert state is accurately reflected in Edwin AI, and provides a point of control for correlation and escalation.