Skip to content

LogMan.io Correlator

TeskaLabs LogMan.io Correlator is a microservice responsible for performing detections and finding patters in data based on correlation rules.

LogMan.io Correlator is always deployed for a given tenant.

Important notes

  • Each correlator has mandatory sections in the configuration files, see Configuration section.

  • Correlator cannot work without correlation rules. See Window Correlator section for more information on how to create correlation rules.

Default signals

Each correlator sends a signal to alert management (using a default signal trigger) to create tickets are being grouped by attributes specified in evaluate section, otherwise the rule path will be used for grouping. To use a different grouping attributes, use the signal section in the correlator declaration:

signal:
  grouping:
    - user.name

To turn the default signal trigger off completely, use the default option:

signal:
  default: false