Event Records
Last updated on 02 September, 2024The Edwin AI agent processes events received and/or sent from supported event sources and normalizes them into a Common Event Format (CEF). CEF events are streamed into Edwin AI where they immediately enter the event management process. Once event processing is complete, the event is stored in the database and can be queried through the events index.
Event Record Format
The following table describes each event field and its corresponding LM source data mapped to Edwin AI CEF:
Column | Description | LM Alert Field Mapping |
_id | The ID of the database record. | – |
Time | String representation of UTC timestamp of the source event. | – |
Source | The monitoring/management tool, application, log or API from which the event was generated. | LogicMonitor (string) |
Name | The name of the event reported, for example, Low Disk Space or High CPU Utilization. | Datapoint.Datasource |
Severity | The numeric severity of the event, where: 5 is Critical: 4 is Major; 3 is Minor; 2 is Warning; 1 is Indeterminate; and 0 is Clear. The default Alert Processing Action Group that is executed for each event is programmed to automatically transition an alter’s Status between active and cleared based on the received events. | Severity LM alerts severity is mapped to Edwin AI’s numeric severity such as Critical 5 (critical), Error is 4 (major), Warning is 2 (warning), SDT is 1 (intermediate), and Clear is 0 (clear). |
CI | The configuration item for which the event is being reported for example a server or router hostname. | Resource |
Object | The object on the CI to which the event pertains, for example a disk or a database instance, or the CI itself. | Instance |
Description | A short summary of the event. | Detailed Description |
Details | A verbose summary of the event. The meta group of fields are populated by the event receiver service. | – |
Tenant ID | LM Tenant Identifier | system.tenant.identifier |
Pipeline Timestamp | Pipeline timestamp | – |
Timestamp | UTC timestamp of the source event. | Reported at / Cleared at |
Organisation ID | Internal data | – |
Receiver ID | Internal data | – |
Receiver Timestamp | Internal data | – |
Number of Rules Triggered | Number of rules triggered | – |
Rule IDs Triggered List | List of Rule IDs triggered | – |
Version | Internal data | – |
Source Record | Internal data | – |
Agent ID | Internal data | – |
Agent CI | Internal data | – |
Agent IP | Internal data | – |
Agent Timestamp | Internal data | – |