Skip to Content
ModulesCorrelation

Correlation

The Correlation module groups related alerts, events, and anomalies into unified incidents. Instead of responding to dozens of individual alerts during an outage, your team sees a single correlated incident with full context.

Key Features

  • Rule-based correlation — Define grouping rules by service, host, time window, alert type, or custom tags
  • AI-driven clustering — Automatically detect patterns and group alerts that co-occur across outages
  • Topology-aware grouping — Use service dependency maps to correlate alerts across upstream and downstream services
  • Deduplication — Suppress duplicate alerts within configurable time windows
  • Noise reduction metrics — Dashboard showing alert-to-incident compression ratio (typical: 10:1 to 50:1)
  • Custom correlation keys — Group by deployment ID, change ticket, or any custom label

How to Access

Navigate to Correlation in the left sidebar, or access correlation settings from Settings → Correlation Rules.

Basic Usage

  1. Navigate to Correlation → Rules
  2. Click New Rule to create a correlation rule
  3. Define the grouping criteria:
    • Time window — How close in time alerts must occur (e.g., 5 minutes)
    • Group by — Fields to match on (e.g., same service, same host, same alert name)
    • Minimum count — How many matching alerts trigger incident creation
  4. Set the Output Severity for the correlated incident
  5. Enable the rule and monitor the Correlation Activity dashboard
  6. Review auto-created incidents in the Incidents module
IncidentsRCA Lab