Classify action

This action sets the class and type fields. You can also use the Match and Update action to update the event class based on your own criteria.

Given one or more input fields, this action uses a predefined algorithm to set the fields as follows:

Field

Possible Values

class

Network , Storage , Compute , Operating System , Application, or Database.

type

Availability, Capacity, Connectivity, Security, Activity, Environment, Unknown

This action takes the following inputs:

  • Input fields

    A list of fields to use in the classification.

Example

The Classifier action receives an event with the following description:

"description":"login-service response time > 500ms"

The action sets the event class field to application and the type field to connectivity. These values get added to all resulting alerts and incidents.