Keep’s Alert Mapping enrichment feature provides a powerful mechanism for dynamically enhancing alert data by leveraging external data sources, such as CSV files and topology data. This feature allows for the matching of incoming alerts to specific records in a CSV file or topology data based on predefined attributes (matchers) and enriching those alerts with additional information from the matched records.
In complex monitoring environments, the need to enrich alert data with additional context is critical for effective alert analysis and response. Keep’s Alert Mapping and Enrichment enables users to define rules that match alerts to rows in a CSV file or topology data, appending or modifying alert attributes with the values from matching rows. This process adds significant value to each alert, providing deeper insights and enabling more precise and informed decision-making.
CVS file will look like:
region | responsible_team | severity_override |
---|---|---|
us-east-1 | team-alpha | high |
us-west-2 | team-beta | medium |
eu-central-1 | team-gamma | low |
Imagine you have a CSV file with columns representing different aspects of your infrastructure, such as region
, responsible_team
, and severity_override
. By creating a mapping rule that matches alerts based on service
and region
, you can automatically enrich alerts with the responsible team and adjust severity based on the matched row in the CSV file.
Similarly, you can use topology data to enrich alerts. For example, if an alert is related to a specific service, you can use topology data to find related components and their statuses, providing a more comprehensive view of the issue.
service
or region
.To create an alert mapping and enrichment rule:
Keep’s Alert Mapping enrichment feature provides a powerful mechanism for dynamically enhancing alert data by leveraging external data sources, such as CSV files and topology data. This feature allows for the matching of incoming alerts to specific records in a CSV file or topology data based on predefined attributes (matchers) and enriching those alerts with additional information from the matched records.
In complex monitoring environments, the need to enrich alert data with additional context is critical for effective alert analysis and response. Keep’s Alert Mapping and Enrichment enables users to define rules that match alerts to rows in a CSV file or topology data, appending or modifying alert attributes with the values from matching rows. This process adds significant value to each alert, providing deeper insights and enabling more precise and informed decision-making.
CVS file will look like:
region | responsible_team | severity_override |
---|---|---|
us-east-1 | team-alpha | high |
us-west-2 | team-beta | medium |
eu-central-1 | team-gamma | low |
Imagine you have a CSV file with columns representing different aspects of your infrastructure, such as region
, responsible_team
, and severity_override
. By creating a mapping rule that matches alerts based on service
and region
, you can automatically enrich alerts with the responsible team and adjust severity based on the matched row in the CSV file.
Similarly, you can use topology data to enrich alerts. For example, if an alert is related to a specific service, you can use topology data to find related components and their statuses, providing a more comprehensive view of the issue.
service
or region
.To create an alert mapping and enrichment rule: