Insight Records
Last updated on 19 March, 2024Insights are created based on the grouping of alerts using machine learning and patterns and alert severity from alert correlations.
Insight Record Format
The insight field definitions are described in the following:
| Column | Description |
| _id | The ID of the database record. |
| #Alerts | Total number of correlated alerts |
| Tenant ID | LM Tenant identifier |
| First Timestamp | Earliest event within the deduplicated events. |
| Last Timestamp | Latest event within the deduplicated events. |
| Permanent URL | Permanent URL |
| Description | Detailed description of a correlation. |
| Impacted CI | A list of CIs impacted by the correlation. |
| Severity | Current severity |
| Model ID List | A list of models used to form a correlation. |
| Tags | Tags derived from summarizing and tokenizing associated item of the correlated alert descriptions and relevant keywords. |
| ML UI Result | Summary of a correlation to be displayed with the UI. |
| State | ML state active, cleared, or merged. |
| Assigned To | Assigned to |
| Incident ID | Incident id |
| Incident Priority | Incident priority |
| Incident URL | Link to incident |
| Highest Severity | The highest severity event that contains within the alert’s deduplicated event set. |
| Lowest Severity | The lowest severity event contained within the alert’s deduplicated event set. |
| Escalation | The state represents the lifecycle of an insight record from new to closed. |
| ML Processor Timestamp | Internal data |
| Organisation ID | Internal data |
| Original Key | Internal data |
| Updated Timestamp | Internal data |
| Created Timestamp | Internal data |
| Insight Key List | Internal data |
| ML Processor Timestamp | Internal data |