Event Management correlates related events and automatically consolidates them into a single case. Bring in all the context of related logs, related metrics, and alerting monitors to triage and troubleshoot issues in one place.
From the Correlation page, find the pattern you want to analyze and click Triage Cases at the end of the same row. You can also click Case Management at the top of the page to view all cases with correlated events in Case Management. Datadog pulls in related metrics and logs so you can troubleshoot issues with all the related data in one place.
Event Management Case
| Feature | Description |
|---|
| Priority | highest priority of correlated alerts |
| Attribute | tags from correlated events. user updates won’t get overriden by the engine |
| Status | automatically managed by system, user updates will get overriden by system. Cases will auto resolve when all of the underline alerts recover and automatically reopen when any alert is re-triggered during the maximum alive time window |
| Deletion | select the checkbox on the alert to delete any irrelevant alerts, deleted alerts won’t get correlated again |
| Enriched Alerts | some cases will get automatically enriched with intelligent alerts that Datadog thinks are related based on your infrastructure. Enriched alert do not impact case attribute, priority, and status |
For more information on Case Management operations, see the Case Management documentation.
Investigation
- From the case Overview, click Investigation
- Under the Correlations section, you can see a list of alerts and events
- Click into any of the alerts or events to view all related metrics and logs in context of the alert
- (Optional) Select any alerts or events you want to remove that are not related to the case
- Under the Related Metrics section, compare all related metrics or group by tags
Create a notification or ticket
With correlated events, you can configure one notification for a group. So, instead of having 20 notifications and 20 potential issues to investigate, you have one single case and one notification. Combine all your alerts in the Case Management Projects page. There are a few ways to group notifications in Case Management:
Ticketing
On the Project Settings page, configure the Integrations you want your projects to send notifications to. Datadog supports the following integrations with manual and automatic ticket creation, and bi-directional syncing:
For setup instructions, see the Case Management Settings documentation.
Notifications
In case management, views group cases based on a configured query. You can set up a notification when a case matching this query is created. Datadog supports, Pagerduty, Email, Webhook, Microsoft Teams, and Slack. To learn how to create a view, see the Case Management Views documentation.
Note: You need to reconfigure underlying monitors to remove multiple notifications. Grouping monitor events does not mute individual notifications.
