Alerts and Events schema fields
On this page, find fields that can be included in an Event or Alert schema in IBM Cloud Pak for AIOps for these properties:
Note: format type used is Open API v3 definition.
EventType property schema
EventType:
description: >
The classification of the event, i.e. a description of what happened.
type: object
properties:
eventType:
description: >
String description of whether the event is a problem
or resolution event.
type: string
enum:
- problem
- resolution
default: problem
classification:
description: >
Description of the type of the event. E.g. Utilization, System
status, Threshold breach
type: string
example: Utilization
condition:
description: >
The condition/status or threshold causing the event. E.g. Down, 95%,
Unavailable
type: string
example: "> 30 seconds"
Insights property schema
Insight:
description: >
Represents an insight reference to one or more other entities provided
by a specified source that is related to associated element.
type: object
properties:
id:
description: >
The unique identifier for this specific relationship, used to
identify other related entities. Entities with the same insight
id will participate in the same insight (i.e. this may act as a
correlation key).
type: string
example: 98aa5f81-7da7-4063-bd66-dccaf59097d1
type:
description: The type of insight being described
type: string
example: ibm.com/causal-alert-relationship
source:
description: The source of the insight information
type: string
example: ibm.com/causal-correlation/temporal
details:
description: >
Additional details about this insight. The schema of this object
depends on the insight type.
type: object
$ref: "#/components/schemas/InsightDetails"
AssociatedChange:
type: object
properties:
link:
type: string
description: The URL to the associated change in source system.
Conversation:
type: object
properties:
link:
type: string
description: The URL to the conversation in source system.
Grouping:
type: object
properties:
policyId:
type: string
description: The id of the policy that creates the grouping.
groupDetails:
type: object
description: >
Details or links on group and/or to explain the reasons for the
grouping.
Runbook:
type: object
additionalProperties: false
required:
- policyId
- runbookId
- isAutomated
properties:
policyId:
type: string
description: The id of the policy that connected this insight.
runbookId:
type: string
format: uuid
description: The ID of the runbook
runbookVersion:
type: integer
minimum: 1
description: Optional. Defines whether a fixed version of a runbook should be linked. If, not specified latest version is used.
order:
type: integer
minimum: 1
description: Optional. Order for runbook actions. Defines in which order runbooks should be executed.
isAutomated:
type: boolean
description: Defines whether or not the connected Runbook will be automatically executed, once the policy matches.
mappings:
type: array
description: In order to execute a runbook all required runbook parameters need to be filled out. If the incident wants to define the values based on the policy or on its own attributes a suitable mapping has to be created. This is required if automatically triggered execution is desired.
items:
type: object
additionalProperties: false
properties:
mappingType:
type: string
description: Choose how a parameter is mapped. 'parameter' means using a field/property from the Incident. 'fixed' means the same value will always be used. 'useDefault' will use the default from the runbook. 'runtime' leave entry up to the operator.
enum:
- parameter
- fixed
- useDefault
- runtime
runbookParameterName:
type: string
description: The name of the runbook parameter as valued is mapped to.
parameterValue:
type: string
description: The value put into the runbook for the parameter. Depending on the 'mappingType' this value is optional (useDefault), represents the name of an incident parameter (parameter) or is the value to be put in (fixed).
Seasonality:
type: object
properties:
policyId:
type: string
description: >
The id of the policy that relates to the seasonality insight.
seasonalDetails:
type: object
description: >
Details or links on seasonality and/or to explain the reasons for
the grouping.
SimiliarIncident:
type: object
properties:
incidentid:
type: string
description: id of incident that it related to
link:
type: string
description: The URL to the incident in source system.
distance:
description: this should be a double but open API does not seem to like it :-(
type: integer
SimilarIncidents:
description: >
Represents a list of similar historical tickets, based on query
submitted to the service. It also includes a list of recommended
actions that are extracted from resolutions, which can be highlighted
with help of their offset information.
type: object
properties:
similar_incidents:
description: The list of similar incients for the query.
type: array
items:
$ref: "./similar_incidents.schema.yaml#/components/schemas/SimilarIncidentItem"
recommended_actions:
description: The list of extracted actions from resolutions in related incidents.
type: array
items:
$ref: "./similar_incidents.schema.yaml#/components/schemas/RecommendedActionItem"
AlertResolutions:
description: Represents a list of resolution links for current alert.
type: object
properties:
shortDescription:
type: string
description: Short description of the log anomaly alert.
description:
type: string
description: Description about the current log anomaly alert.
category:
type: string
description: Detected error category.
subCategory:
type: string
description: Detected error sub category.
resolutionLinks:
type: array
description: A list of resolution url links for current alert.
items:
type: object
properties:
url:
type: string
description: URL link for the resolution.
title:
type: string
description: Title for the resolution.
content:
type: string
description: Content excerpt for the resolution.
AssociatedAlertTemplates:
description: >
Represents the error template info for explainable purpose.
type: object
properties:
error_template_list:
type: array
items:
type: string
description: A list of error template
error_count_vector:
type: array
items:
type: integer
description: Count vector corresponding to error template list.
significant_message_code:
type: string
description: Message code for the significant error template.
type_window:
type: string
description: Indicates the window type, e.g., "liberty_twas"
TopologicalGroup:
description: >
Signifies that one of the resources that this entity pertains to is a member
of a resource group. The id of the insight is the id of the resource group
within the topology store.
type: object
properties:
name:
type: string
description: Human readable name of the resource group
tags:
description: A list of any tags assigned to the resource group
type: array
items:
type: string
entityTypes:
description: >
An array of group types that pertain to this group, ex. waiopsApplication which
signifies this resource group represents an application.
type: array
items:
type: string
TopologicalResource:
description: >
Signifies that this entity pertains to a specific resource within the topology.
The id of this insight will be set to the unique id of the resource within the topology.
type: object
properties:
name:
type: string
description: Human readable name of the resource
compositeOfIds:
type: string
description: >
If this resource is a composite resource, contains a comma
separated list of id's of composed resources.
compositeId:
type: string
description: id of the compositeId
ProbableCauseRanking:
type: object
description: the ranking of alerts in the group
properties:
id:
type: string
description: in the alert it is the correlationId or the eventId if in the incident
rank:
type: integer
description: the rank of the alert
IncidentTopology:
type: object
description: >
details of the group id where incident topology is stored. The incident topology is
generated by probable cause component
properties:
id:
type: string
description: asm group id
time:
type: integer
description: time in ms when the last resource in the asm group was added
Union:
type: object
description: >
Represents a union of insights of a particular type across entities. The
union is uniquely identified by the id field of the insight.
properties:
subsumedUnions:
type: array
description: >
An array of ids of previous union insights which were subsumed by
this one, due to a new entity occurring that joined them.
items:
type: string
description: The id of a subsumed union insight
ProposedIncident:
type: object
description: >
Represent a suggested incident to create for this alert.
properties:
policyId:
type: string
description: The id of the policy that proposes this incident.
delay:
type: integer
description: Suggested hold-off delay in seconds before creating the incident.
ChatOpsIntegrators:
type: object
description: >
An array of configured integrators for a given incident to hold integrator specific details.
properties:
id:
type: string
description: Unique id for this integrator
channel_name:
type: string
description: Chatops channel name
name:
type: string
description: kind of chat ops i.e. slack, teams etc
app_state:
type: string
description: Custom state field
permalink:
type: string
description: Permalink for Integrators
ITSMIntegrators:
type: object
description: >
An array of configured ITSMs for a given incident to hold integrator specific details.
properties:
id:
type: string
description: Unique id for this platform
ticket_num:
type: string
description: Ticket number associated with the ITSM system
name:
type: string
description: kind of ITSM i.e. ServiceNow, etc
app_state:
type: string
description: Custom state field
permalink:
type: string
description: Permalink for ITSM platform
type:
type: string
description: type of ITSM Integrators
ActionHistory:
description: >
Represents the actions this entity has passed through.
type: object
properties:
policyId:
type: string
description: The id of the policy that triggered the action
actionId:
type: string
description: The id of the action the entity has passed through
InsightDetails:
anyOf:
- $ref: "#/components/schemas/AssociatedChange"
- $ref: "#/components/schemas/Conversation"
- $ref: "#/components/schemas/Grouping"
- $ref: "#/components/schemas/Runbook"
- $ref: "#/components/schemas/Seasonality"
- $ref: "#/components/schemas/SimiliarIncident"
- $ref: "#/components/schemas/SimilarIncidents"
- $ref: "#/components/schemas/AlertResolutions"
- $ref: "#/components/schemas/AssociatedAlertTemplates"
- $ref: "#/components/schemas/TopologicalGroup"
- $ref: "#/components/schemas/TopologicalResource"
- $ref: "#/components/schemas/ProbableCauseRanking"
- $ref: "#/components/schemas/IncidentTopology"
- $ref: "#/components/schemas/Union"
- $ref: "#/components/schemas/ChatOpsIntegrators"
- $ref: "#/components/schemas/ITSMIntegrators"
- $ref: "#/components/schemas/ActionHistory"
Links property schema
Link:
description: >
Represents a link to an external system which has further information
or control over an event.
type: object
properties:
linkType:
description: >
Describes what type of link this is, giving a hint as to what may
consume it.
type: string
example: webpage
name:
description: >
An identifier for this link that can be referred to programmatically
type: string
example: management-console
description:
description: Descriptive text which defines what the link leads to
type: string
example: Fan controller management console
url:
description: >
A fully qualified URL that can be used to locate the target of the
link
type: string
example: https://fan-controller.example.com/?fanId=1234
Resource property schema
Resource:
description: >
Identifies a resource within the environment. This is made up of
multiple fields that describe the resource. There are a set of standard
fields which should be used where applicable, but additional fields may
be set.
type: object
additionalProperties:
description: Additional event-specific resource locators
$ref: '#/components/schemas/StringOrInteger'
properties:
type:
description: The type of resource
type: string
example: host
name:
description: The name of the resource
type: string
example: myhost.example.com
sourceId:
type: string
description: The id the resource is known by in the source system
hostname:
description: The hostname of the resource
type: string
example: myhost.example.com
ipAddress:
description: The IP address of the resource
type: string
example: 9.123.123.1
service:
description: The name of the service that the resource is serving
type: string
example: mobile-app
port:
description: The port that is the subject of this event
$ref: '#/components/schemas/StringOrInteger'
example: "80"
interface:
description: The interface that is the subject of this event
type: string
example: eth0
application:
type: string
description: The application that is the subject of this event
controller:
type: string
description: The controller that is the subject of this event
component:
type: string
description: The component that is the subject of this event
cluster:
type: string
description: The cluster that is the subject of this event
location:
description: The location of the resource
type: string
example: Dallas 10
accessScope:
type: string
description: The project or namespace the resource is part of
example: default
connectionId:
type: string
description: >-
Configuration unique identifier of the connection this event
came from.
example: 'f5aa7fa9-92eb-4bec-942c-37eb3e3e9601'