Correlations API Overview

You can use this API to create, retrieve, update, and delete correlation definitions.

Correlation is the process of clustering related alerts into incidents. Moogsoft uses correlation definitions that specify the data fields of interest to determine if an alert and incident are correlated. To define an effective correlation, you need to determine the following:

  1. How you want to correlate your alerts — such as by node, service, or location.

  2. The alert fields in your data that contain the relevant information.

Requirements

Before you use this API, do the following:

  1. Set up your event ingestions.

  2. Examine your alerts to determine if they include the data that you want to use for correlation. If they do not, set up your alert enrichments to add this data.

  3. Create an API key. Moogsoft recommends that you create a separate key for each API and integration.

  4. Review the Best practices for defining correlations section.

Recommended Workflow

Moogsoft recommends the following workflow:

  1. Fetch the existing correlation definitions on your instance and save them to a JSON file.

  2. Copy one of the definitions and edit it.

  3. Post the new definition to your instance.

Related topics