The alert management training file supports two categories of input columns:

  • Predefined attributes (system-defined alert and resource fields)
  • Custom attributes (user-defined tags for resources or alerts)

These columns define the matching logic used by the machine learning model to process incoming alerts.

Predefined Attributes

Predefined attributes are system-provided fields derived from alert and resource data. These attributes typically follow a hierarchical structure with up to three levels.

Attribute Hierarchy Example

For the column name resource.generalInfo.resourceType:

  • resource = first level (alert object)
  • generalInfo = second level
  • resourceType = third level

Only non-collection type attributes are supported, with a few noted exceptions.

Retrieving Predefined Attributes

To discover supported fields:

  • Use the Get Alert API for alert attributes.
  • Use the Get Resource API for resource attributes.

Example Attributes

Alert AttributesAlert Resource Attributes
clientUniqueIdresource.state
metricresource.generalInfo.resourceType
componentresource.generalInfo.make
alertTyperesource.generalInfo.osName
currentStateresource.location.name
statusresource.deviceGroup.name
priorityresource.serviceGroup.name
elapsedTimeStringresource.dnsName
healedTimeStringNot applicable
repeatCountNot applicable

Unsupported Attributes

  • resource.generalInfo.name is not supported in training files.
  • Resource names are dynamic and require constant maintenance.
  • Instead, use stable attributes such as:
    • resource.generalInfo.resourceType
    • resource.deviceGroup.name
    • resource.serviceGroup.name

Custom Attributes

Custom attributes (also known as tags) are user-defined fields that can be applied to resources or alerts. These attributes are useful for routing, escalation, or suppression based on business logic, such as tiers, environments, or application roles.

Example: Tier-Based Routing Using Resource Tags

resource.tag.Tierincident.assigneeGroup.name
Tier 1Critical Support
Tier 2Infrastructure Support
Tier 3General Support

Using Alert-Level Tags

You can also use custom attributes applied to alerts directly. These should be formatted as tag.<tag_name>.

Example for Alert Escalation

tag.environmentincident.assigneeGroup.name
ProductionProd Support
QAQA Support

Example for First Response

tag.environmentsuppressedsnoozeDuration
QAtrue30

Multi-Level Group Path Formatting

When using group-based attributes such as resource.deviceGroup.name or resource.serviceGroup.name:

  • To specify nested groups, provide the full group path:
    • Example: Parent > Child > GrandChild
  • For direct child groups:
    • Example: Parent > Child

This ensures that the rule correctly maps to the group hierarchy used in your OpsRamp environment.