Moogsoft Docs

Enrichment

In some cases, the raw alert data from your monitoring source is insufficiently usable. You can use the optional enrichment features in Moogsoft AIOps to integrate alert data with other data sources. Enrichment can:

  • Improve readability of alerts for operators
  • Improve accuracy for clustering alerts into Situations

This topic covers enriching alerts with a static data file.

Before You Begin

Before you start to set up data enrichment, ensure you have met the following requirements:

  • You have logged into Moogsoft AIOps as a user with the 'manage_integrations' role
  • You have the credentials to connect to MySQL and write to the database
  • You have prepared a .csv file containing the enrichment data you want to upload, as follows:
    The first line contains the field names.
    The values for one field match the values of a field in your raw alert data.
    See the sample file below:

    NameCode,SiteCode,Address,City,State,Zip
    AB2,GAF,9384 Ornare Road,Lansing,Michigan,76690
    CAV,GAF,133-5757 Sed Avenue,Racine,Wisconsin,42779
    GX2,TES,5722 Nulla Avenue,Springfield,Massachusetts,29957

Enable Enrichment

Run the following command in MySQL to enable enrichment in the databas e:

UPDATE features 
SET enabled = 1 
WHERE feature_name = 'enrichment';

You can check that the feature was successfully enabled by running a command similar to the following:

SELECT feature_name, enabled
FROM features
WHERE feature_name = 'enrichment'

Configure the Moolets

Edit $MOOGSOFT_HOME/config/moog_farmd.conf and make the following two changes:

  1. Enable the En richer Moolet to run on startup:

    {
       name               : "Enricher",
       classname          : "com.moogsoft.farmd.moolet.enricher.CEnricherMgr",
       run_on_startup     : true,
       persist_state      : false,
       metric_path_moolet : true,
       process_output_of  : "AlertBuilder",
       description        : "Alert Enrichment"
    }

    Click here for further information on the Enricher Moolet.

  2. Set the Maintenance Windows Manager Moolet to process the output of the Enricher :

    {
       name                     : "MaintenanceWindowManager",
       classname                : "CMaintenance",
       run_on_startup           : true,
       persist_state            : false,
       metric_path_moolet       : true,
       process_output_of        : "Enricher",
       maintenance_status_field : "maintenance_status",
       maintenance_status_label : "In maintenance",
       update_captured_alerts   : true
    }
  3. Save the changes and restart moogfarmd .

Create Custom Alert Fields

Create the custom_info alert fields to receive the enrichment data. You cannot update default alert fields with enrichment data.

Refer to the Alert Columns instructions for further information on creating custom_info alert fields.

For example, if you want to enrich alerts with all of the data from the sample file, create custom_info alert fields for NameCode, SiteCode, Address, City, State and Zip.

Upload an Enrichment Fil e

Use the Integrations UI to upload your data source as follows:

  1. Go to Integrations - Available Enrichments . The Available Enrichments link is only visible if Enrichment is enabled in the database.
  2. Click Static Data .
  3. Click Upload File , locate your .csv file and click Open .
    This populat es the Source Field drop-down lists under Define Lookup and Map Alert Fields with the field names in the first line of the .csv file.
  4. Select the Source Field , which is a field in your .csv file, and the corresponding Alert Field to use for the lookup.

    Note

    For example, the NameCode  in the sample file could be used as a lookup against a custom_info alert field that contains the same data (AB2, CAV, GX2).
    You can only define one lookup. You can select a custom alert field for the lookup or one of several default alert fields. Alert fields that cannot be used for the lookup do not appear in the drop-down list.

  5. Click + to map the source fields in your .csv file that you want to include in alerts.
    For each desired source field choose the destination alert field. Your custom_info alert fields will appear in the drop-down list.
    You can't map source fields to default alert fields.
  6. When you have mapped all of your alert fields, click Confirm to upload your data.

After you have completed the configuration, Moogsoft AIOps adds enrichment data when it creates new alerts. It is not added to existing alerts.

Moogsoft AIOps enriches alerts when it creates them. Subsequent updates to alerts do not trigger updates to the enriched data within the alerts.