Hello. A part of my infrastructure uses the Events API (v2) when an anomalous event occurs. Currently, when multiple anomalous events occur, a single incident is created, and a single alert is created (as they all have the same dedup key). The only way to see the fact that multiple anomalies exist is to check the Alert Log. I would instead like to create multiple alerts under the same incident. How can this be done?
Edit: It looks like the product doesn’t currently support this, and that the only solution would be to create multiple incidents and later merge them. This is sub-optimal. A possible solution: return an incident ID after POSTing the event. Future alerts could specify that incident ID in future POSTs, thus allowing multiple alerts to be created under the same incident without merging. This has the additional benefit of not requiring two separate API keys.