Moogsoft Docs

SolarWinds Integration Reference

The SolarWinds LAM ingests event data from SolarWinds.

The following information explains the Moogsoft AIOps configuration required to do this. For more information about SolarWinds, go to solarwinds.com .

SolarWinds offers a REST API through which event data can be received in JSON format. The SolarWinds LAM makes use of this REST API to request event data and ingest it into AIOps. The SolarWinds LAM is an HTTP client LAM. It sends HTTP requests to the SolarWinds server at configurable intervals. It parses the JSON responses received from the SolarWinds server and processes Events from the responses .

See SolarWinds for UI configuration instructions.

Requirements

The ingestion of event data from SolarWinds requires AIOps to be running a SolarWinds LAM, configured to parse JSON responses from SolarWinds.

The ingestion of data from SolarWinds requires access to the SolarWinds server with account credentials of an administrator level SolarWinds user. These credentials are specified in the SolarWinds LAM configuration file solarwinds_lam.conf .

Note

There is no configuration of SolarWinds or the SolarWinds server required for operation of the SolarWinds LAM in AIOps

Capabilities

The performance of AIOps depends on the number of events received per second and the specifications of the AIOps system on which the SolarWinds LAM is running.

AIOps configuration

T o run the SolarWinds LAM, the following AIOps files are required and are installed by default:

File Description
$MOOGSOFT/config/solarwinds_lam.conf SolarWinds LAM configuration file
$MOOGSOFT/bots/lambots/SolarWindsLam.js LAMBot file; processes the event data received from SolarWinds
$MOOGSOFT_HOME/bots/moobots/AlertBuilder.js Standard AlertBuilder Moobot file. This does not require any specific configuration for the SolarWinds LAM

The following sections detail the steps required to configure the SolarWinds LAM and LAMBot:

SolarWinds LAM configuration

In the SolarWinds LAM configuration file solarwinds_lam.conf the following are mandatory:

Host Description
host The hostname/IP Address of the system running SolarWinds
user The username to access SolarWinds
password The password for the user accessing SolarWinds

Other configuration options:

Option Description Example
request_interval How many seconds to wait between sending HTTP requests. HTTP requests ask for data from the previous interval time If the request_interval is 120 (two minutes), the HTTP requests ask for event data from the previous two minutes
disable_certificate_validation Set to false if the SSL certificate for the SolarWinds server is valid (default setting is true to disable SSL certificate validation for the SolarWinds server)
requests_overlap How many seconds more than the request_interval (see above) to request data for. This is to ensure events are not missed
request_interval         : 120,
...
requests_overlap        : 10, 

With the settings above, the LAM sends a request every two minutes (120 seconds). The overlap is set to ten seconds, so each request asks for data from the last two minutes and ten seconds


LAMBot configuration

The LAMBot processes the event data received from SolarWinds. The LAMBot script SolarWindsLam.js is configured for default operation. Configuration options available include:

  • useEventTimestamp
    Set whether to timestamp the generated Event with the current AIOps time, or the EventTime data from SolarWinds (converting to local time as required):
    false = use the current AIOps time (default)
    true = use the EventTime value received from SolarWinds EventTime data
  • useNodeSeverity
    Set whether to take into account the node severity received in event data from SolarWinds (in addition to the event message content) when setting the AIOps Event severity:
    false = do not use the node severity (default)
    true = use the node severity when setting the AIOps Event severity. This requires defining the conditions under which the severity is changed

Final steps

Start the SolarWinds LAM to begin HTTP requesting data from SolarWinds:

service solarwindslamd start 

Note

To check the SolarWinds LAM status:

service solarwindslamd status


To stop the SolarWinds LAM:

service solarwindslamd stop

Default field mapping

The following tables show the default SolarWinds field mappings to AIOps fields.
These mappings are defined in the SolarWinds LAM configuration file and within the LAMBot:

SolarWinds > AIOps Field Mapping
SolarWinds Field AIOps Field Name
Orion.Events.Acknowledged custom_info.acknowledged
Orion.Events.EventID external_id
Orion.Events.EventTime custom_info.eventTime
Orion.Events.Message severity and description
Orion.Events.NetObjectID custom_info.netObjectID
Orion.Events.NetObjectType class
Orion.Events.NetworkNode custom_info.networkNode
Orion.EventTypes.Name severity and type
Orion.EventTypes.Notify custom_info.notify
Orion.Nodes.IPAddress agent_location
Orion.Nodes.Location agent
Orion.Nodes.MachineType custom_info.nodeMachineType
Orion.Nodes.NodeDescription custom_info.nodeDescription
Orion.Nodes.NodeID source_id
Orion.Nodes.NodeName source
Orion.Nodes.Severity custom_info.nodeSeverity
Orion.Nodes.Vendor custom_info.nodeVendor


AIOps > SolarWinds Field Mapping
AIOps Field Name SolarWinds Field
agent Orion.Nodes.Location
agent_location Orion.Nodes.IPAddress
agent_time <epoch-time-at-reception>
class Orion.Events.NetObjectType
custom_info.acknowledged Orion.Events.Acknowledged
custom_info.eventTime Orion.Events.EventTime
custom_info.netObjectID Orion.Events.NetObjectID
custom_info.networkNode Orion.Events.NetworkNode
custom_info.nodeDescription Orion.Nodes.NodeDescription
custom_info.nodeMachineType Orion.Nodes.MachineType
custom_info.nodeSeverity Orion.Nodes.Severity
custom_info.nodeVendor Orion.Nodes.Vendor
custom_info.notify Orion.EventTypes.Notify
description Orion.Events.Message
external_id Orion.Events.EventID
manager SolarWinds
severity Orion.EventTypes.Name +
Orion.Events.Message
source Orion.Nodes.NodeName
source_id Orion.Nodes.NodeID
type Orion.EventTypes.Name