I am creating some custom Davis Anomaly Detectors for logs and metrics and was wondering if anyone had a set of properties that they recommend. The goal is to better populate the Davis Problem once triggered to ensure seamless resolution. It would be nice to have links to logs as well as affected entities, but not sure how best to do this. Below is some Event Properties I am adding to my template:
| dt.source_entity | {dims:dt.source_entity} |
| event.type | CUSTOM_ALERT |
| event.description | Threshold [{threshold}] for [{alert_condition}] in your logs for entity [{dims:dt.source_entity}] |
| event.name | Service - Found errors in logs |
| owner | team_name |
Please let me know if I am missing something or there is a better way to do it.
