Alert and Event schemas
See the following tables to understand Cloud Pak for AIOps alert and event properties.
Cloud Pak for AIOps Alert schema
An alert is a mutable record of something that has happened over a certain period of time. It indicates an anomalous condition.
| Cloud Pak for AIOps alert property | Description | Example |
|---|---|---|
| id | A system-generated unique id for the alert. | 1a2a6787-59ad-4acd-bd0d-46c1ddfd8e06 |
| state | The current state of this alert. | Open |
| eventCount | The count of events that have contributed to this alert. | 2 |
| acknowledged | Flag indicating alert acknowledgement. | false |
| team | Team with responsibility for the alert. | Db2 admin group |
| owner | Individual with responsibility for the alert. | user123 |
| deduplicationKey | The key that uniquely identifies the anomalous condition that this alert represents. | {hostname=users-db.myapp.example.com, name=users-db.myapp.example.com, service=users-db.myapp.example.com, type=Service}-High query timeout count:++:Database query timeout- |
| signature | An id which uniquely identifies an anomalous condition on a resource. This may be used to identify historic alerts which refer to the same condition on the same resource. | {hostname=users-db.myapp.example.com, name=users-db.myapp.example.com, service=users-db.myapp.example.com, type=Service}-High query timeout count:++:Database query timeout- |
| firstOccurrenceTime | The time at which the anomalous condition was first detected, in millisecond granularity. Format: yyyy-mm-ddThh:mm:ss.sssZ (ISO8601) | 2022-06-14 3:14:10.862 |
| lastOccurrenceTime | The time at which the anomalous condition was last detected, in millisecond granularity. Format: yyyy-mm-ddThh:mm:ss.sssZ (ISO8601) | 2022-06-14 3:14:10.862 |
| lastStateChangeTime | The time in millisecond granularity for which the alert was last updated. | 2022-06-14 3:14:10.862 |
| summary | A human-readable description of the event. | Fan failure detected on server1.example.com. |
| langId | ISO 639-3 encoding if not specifed assumption is eng. | eng |
| severity | Indicates the alert severity level, which indicates how the perceived capability of the managed object has been affected. | 5 - Major |
| sender | Identifies the resource which sent this alert. This may be the resource that is the subject of the event, or it may be some external system which is monitoring the subject. | {"service":"DemoMon","name": "hyper.example.com","type":"Netcool/OMNIbus"} |
| resource | Identifies the resource that is the subject of this alert. This is made up of multiple fields that describe the resource. There are a set of standard fields which should be used where applicable, but additional fields may be set. Tip: If (when querying the topology service APIs for resource data) the optional parameter _include_status_severity is set to true, the _hasStatus field will reflect the maximum and most severe severity
of all of the status records related to the resource, for example "_hasStatus": "critical". |
{"service":"hyper.example.com","name": "hyper.example.com","hostname":"hyper.example.com", "type":"Service"} |
| expirySeconds | The number of seconds before the event should automatically expire. A value of zero indicates that there is no expiration. | 0 |
| links | An optional array of links to external systems which provide addition information or control over the event, or its subject. This may include a management console for the subject resource, or a page containing further event information from the source monitoring system. Each link should be in the form of a fully qualified URL. | [{"url":"https://fan-controller.example.com/?fanId=1234","linkType":"webpage","name":"management-console", "description":"Fan controller management console"}] |
| details | Additional properties that describe the alert. Note: You can include custom fields in the details object. Their values must be of type string. |
{"additionalProp1":"string","additionalProp2":"string", "additionalProp3":"string"} |
| insights | An array of insights associated with the alert with one or more other entities or groupings. | insights.topology, insights.runbook, insights.scopeGroup |
| relatedIncidentIds | The set of incident id's that this alert is a member of either as a trigger or related context. | ["related-incident-2","related-incident-1","related-incident-3"] |
Cloud Pak for AIOps Event schema
An event is an immutable record of something happening at a certain time point. It may or may not indicate an anomalous condition.
| Cloud Pak for AIOps event property | Description | Example |
|---|---|---|
| id | A system-generated unique id for the event. | 1a2a6787-59ad-4acd-bd0d-46c1ddfd8e06 |
| occurrenceTime | The time at which this event occurred. | 6/15/2022, 3:14:10 PM |
| summary | A human-readable description of the event. | Fan failure detected on server1.example.com. |
| severity | Indicates the event severity level, which indicates how the perceived capability of the managed object has been affected. | 5 - Major |
| sender | Identifies the resource which sent this event. This may be the resource that is the subject of the event, or it may be some external system which is monitoring the subject. | {"service":"DemoMon","name": "hyper.example.com","type":"Netcool/OMNIbus"} |
| resource | Identifies the resource that is the subject of this event. This is made up of multiple fields that describe the resource. There are a set of standard fields which should be used where applicable, but additional fields may be set. Tip: If (when querying the topology service APIs for resource data) the optional parameter _include_status_severity is set to true, the _hasStatus field will reflect the maximum and most severe severity
of all of the status records related to the resource, for example "_hasStatus": "critical". |
{"service":"hyper.example.com","name": "hyper.example.com","hostname":"hyper.example.com", "type":"Service"} . For additional fields in property, see Resource property. |
| expirySeconds | The number of seconds before the event should automatically expire. A value of zero indicates that there is no expiration. | 0 |
| links | An optional array of links to external systems which provide addition information or control over the event, or its subject. This may include a management console for the subject resource, or a page containing further event information from the source monitoring system. Each link should be in the form of a fully qualified URL. | [{"url":"https://fan-controller.example.com/?fanId=1234","linkType":"webpage","name":"management-console", "description":"Fan controller management console"}] . For additional fields in property, see Links property. |
| details | Additional properties that describe the event. Note: You can include custom fields in the details object. Their values must be of type string. |
{"additionalProp1":"string","additionalProp2":"string", "additionalProp3":"string"} |
| insights | An array of insights associated with the event with one or more other entities or groupings. | insights.topology, insights.runbook, insights.scopeGroup. . For additional fields in property, see Insights property. |
| type | Values in an object that indicate the type of an event, such as a problem event or a resolution event, and the classification of an event. | { "classification":":++:CEASelfMonitoring", "eventType":"problem"}. For additional fields in property, see EventType properties. |