Event Records

Last updated on 02 September, 2024

The Edwin AI agent processes events received and/or sent from supported event sources and normalizes them into a Common Event Format (CEF). CEF events are streamed into Edwin AI where they immediately enter the event management process. Once event processing is complete, the event is stored in the database and can be queried through the events index.

Event Record Format

The following table describes each event field and its corresponding LM source data mapped to Edwin AI CEF:

ColumnDescriptionLM Alert Field Mapping
_idThe ID of the database record.
TimeString representation of UTC timestamp of the source event.
SourceThe monitoring/management tool, application, log or API from which the event was generated.LogicMonitor (string)
NameThe name of the event reported, for example, Low Disk Space or High CPU Utilization.Datapoint.Datasource
SeverityThe numeric severity of the event, where: 5 is Critical: 4 is Major; 3 is Minor; 2 is Warning; 1 is Indeterminate; and 0 is Clear. The default Alert Processing Action Group that is executed for each event is programmed to automatically transition an alter’s Status between active and cleared based on the received events.Severity

LM alerts severity is mapped to Edwin AI’s numeric severity such as Critical 5 (critical), Error is 4 (major), Warning is 2 (warning), SDT is 1 (intermediate), and Clear is 0 (clear).
CIThe configuration item for which the event is being reported for example a server or router hostname.Resource
ObjectThe object on the CI to which the event pertains, for example a disk or a database instance, or the CI itself.Instance
DescriptionA short summary of the event.Detailed Description
DetailsA verbose summary of the event. The meta group of fields are populated by the event receiver service.
Tenant IDLM Tenant Identifiersystem.tenant.identifier
Pipeline TimestampPipeline timestamp
TimestampUTC timestamp of the source event.Reported at / Cleared at
Organisation IDInternal data
Receiver IDInternal data
Receiver TimestampInternal data
Number of Rules TriggeredNumber of rules triggered
Rule IDs Triggered ListList of Rule IDs triggered
VersionInternal data
Source RecordInternal data
Agent IDInternal data
Agent CIInternal data
Agent IPInternal data
Agent TimestampInternal data