Skip to content

LogMan.io Correlator

TeskaLabs LogMan.io Correlator is a microservice responsible for performing detections and finding patters in data based on correlation rules.

LogMan.io Correlator is always deployed for a given tenant.

Important notes

  • Each correlator has mandatory sections in the configuration files, see Configuration section.

  • Correlator cannot work without correlation rules. See Window Correlator section for more information on how to create correlation rules.

Default signals

Each correlator sends a signal to alert management (using a default signal trigger) to create tickets; they are grouped by attributes specified in the evaluate section, otherwise the rule path is used for grouping. For full reference to the signal section (grouping, default trigger), see Signal. Summary:

To use different grouping attributes, add the signal section in the correlator declaration:

signal:
  grouping:
    - user.name

To turn the default signal trigger off completely, use the default option:

signal:
  default: false