FIDO: Correlated item count
The 'correlated' count describes how many alarms have been correlated via non comment correlation means into a single alarm line. By non comment correlation means, I imply a correlation derived from the network topology.
In the above example, 3646 alarms are correlated to the snmp_node of r-432nm-mdf-1 being unreachable.
Firstly, a snmp_node test describes several repeated failed attempts to snmp poll the management plane of a device. It doesn't conclusively indicate a forwarding issue, but it means there are monitored items that are in an unverifiable state, which is grounds for an alarm.
In this case, the alarm suffixes additional data: '3586 suppressed'. An explanation of suppression can seen here: FIDO: Object Suppression . In this case, there are 3586 instances on r-432nm-mdf-1 that cannot be verified.
The FIDO snmp polling engine polls many OIDs for the device in question. Some of these OIDs are used for alarms [ifOperStatus, for example]. Some are used for storage into rrds [per process CPU usage]. Some are used for alarming or storing [sysUptime]. While it can be configured differently, by default, only instances that would result in an alarm are tallied in the 'suppressed' count; instances polled -purely- for RRD storage do not count as they do not represent actionable items.
The other 58 alarms [3646 - 3586 = 58] are likely alarms that were correlated to the node by virtue of being behind r-432nm-mdf-1 from a topology perspective, be it layer 3 traceroute or layer 2 CDP/LLDP.