Moogsoft Docs

Alert and Event Fields Reference

This is a reference guide for alert and event fields, input types, field descriptions and output examples.

Field Type Description Example Output
active_situations Array Situation IDs of any Situations the alert is associated with.

1, 6, 8

agent_host Text Host machine or physical location of the agent that created the event. OEM Monitor 1
agent_name Text Name of the agent that created the event. NAGIOS SOCKET
agent_location Text Host machine or physical location of the agent that created the event. London Data Centre (51.4167,-0.2833)
agent_time Integer

Timestamp of when the event occurred in epoch time. U se $moog_now in the mapping to set agent time to the time the event arrived at Moogsoft AIOps.

1516183437
alert_id Integer Internal identifier generated by Moogsoft AIOps. 101
class Text Level of classification for an event. This follows the hierarchy; class then type . CISCO-IF-Extension-MIB
count Integer Number of events in the alert. 2
custom_info Text Custom information added as a JSON encoded string.
custom_info.myNodeList=[ "node1" , "node2" , "node3" ]
description Text Text description of the alert. Network Interface (ifIndex = 512479388 ) Up (ifEntry.52683483)
entropy Integer Measure of uncertainty of an outcome between 0 and 1 (0 meaning very certain and 1 meaning very uncertain) . 0.4
external_id Integer Unique identifier from the event source. 7622183
first_event_time Integer Earliest event time for the alert. This is calculated from the agent_time of the events that constitute the alert. 14:08:14 16/01/2018
host Text Name of the source machine that generated the event. OEM Server 2
internal_last_event_time Integer Time that the latest event for the Alert was received by the Moog server. 10:24:03 19/01/2018
last_change Integer Time that the alert was last updated in the Moogsoft AIOps UI. 12:38:06 19/01/2018
last_event_time Integer Latest event time for the alert . This is calculated from the agent_time of the events that constitute the alert. 10:24:03 19/01/2018
manager Text General identifier of the event generator or intermediary. NAGIOS, SCOM.
owned_by Text Alert owner's username. John Smith
severity Integer Severity level of the alert between 0 and 5. 4
significance Integer Relative significance of an alert is calculated based on its entropy. See Significance . 3
situations Array Any situations the alert is associated with, including those that have been resolved or closed. 24, 01
source Text Name of the source machine that generated the event. If there is no source machine or application, the source is the name of the instance (database name, cluster node, container name). A hostname or fully qualified domain name (FQDN).
source_id Text Identifier for the source machine that generated the event. 5dc68d65-532c-4918-be12-21e1cbcf7af2
status Text Status of the alert. Assigned
type Text Level of classification for an event. This follows the hierarchy; class then type . CISCO-IF-Extension-MIB Notification