Composite Alarm event class

The Composite Alarm event class is a subclass of the MonitorEvent class, which is a subclass of the EVENT base event class.

The Composite Alarm event class represents slots that store information about composite alarms generated by policies, where the alarm condition depends on multiple related events or correlated patterns.

To understand the list of slots that are used to determine duplicate events, see Slot facets.

Slot name	Slot display Name	Type	Description
ca_composite_alarm_id	Composite Alarm ID	String	Unique ID of the composite alarm.
ca_policy_id	Policy ID	String	Policy ID that triggers the composite alarm.
ca_policy_name	Policy Name	String	Name of the policy used to generate the composite alarm.
ca_hostname_label	Host name Label	String	Host name label associated with the composite alarm source.
ca_duration	Duration	Integer	Duration in milliseconds for which the composite condition persists.
ca_device_id	Device ID	String	Unique ID of the device from which the composite alarm originates.
ca_device_ipaddress	Device IP Address	String	The IP address of the device that triggers the composite alarm.
ca_agent_name	PATROL Agent Name	String	Name of the PATROL Agent that reports the composite alarm.
ca_agent_os	PATROL Agent OS	String	Operating system of the PATROL Agent.
ca_agent_port	PATROL Agent Port	String	Port number of the PATROL Agent.
ca_agent_tags	Agent Tags	String	Tags associated with the PATROL Agent.
ca_old_severity	Old Severity	Severity	The previous severity before the composite alarm severity changes.
ca_highest_severity	Highest Severity	Severity	Highest severity level recorded among all correlated alarms.
ca_repeat_count	Repeat Count	Integer	Number of times the composite alarm repeats.
ca_end_time	End Time	Date (Epoch milliseconds)	The time when the composite alarm closes automatically.

Related topics

Configuring composite alarm policy