Insight Records

Last updated on 19 March, 2024

Insights are created based on the grouping of alerts using machine learning and patterns and alert severity from alert correlations.

Insight Record Format

The insight field definitions are described in the following:

_idThe ID of the database record.
#AlertsTotal number of correlated alerts
Tenant IDLM Tenant identifier
First TimestampEarliest event within the deduplicated events.
Last TimestampLatest event within the deduplicated events.
Permanent URLPermanent URL
DescriptionDetailed description of a correlation.
Impacted CIA list of CIs impacted by the correlation.
SeverityCurrent severity
Model ID ListA list of models used to form a correlation.
TagsTags derived from summarizing and tokenizing associated item of the correlated alert descriptions and relevant keywords.
ML UI ResultSummary of a correlation to be displayed with the UI.
StateML state active, cleared, or merged.
Assigned ToAssigned to
Incident IDIncident id
Incident PriorityIncident priority
Incident URLLink to incident
Highest SeverityThe highest severity event that contains within the alert’s deduplicated event set.
Lowest SeverityThe lowest severity event contained within the alert’s deduplicated event set.
EscalationThe state represents the lifecycle of an insight record from new to closed.
ML Processor TimestampInternal data
Organisation IDInternal data
Original KeyInternal data
Updated TimestampInternal data
Created TimestampInternal data
Insight Key ListInternal data
ML Processor TimestampInternal data