Moogsoft Docs

Data Ingestion

Yo u can configure how data fields are mapped and how events are deduplicated for monitoring integrations in Moogsoft AIOps.

Benefits of these data ingestion features include:

  • Data Mapping enables AIOps to identify and organize alerts from integrations.
  • Deduplicating events from integrations into alerts reduces noise.

The configuration steps below can only be taken after the integration has been installed and is running. The tabs are inactive prior to the integration being installed.

Data Mapping

After Moogsoft AIOps receives the payload of an incoming event from the integration, you can map the data fields to the corresponding alert fields in AIOps.

Customize your mapping using the Data Mapping tab under each integration. There are three steps:

  1. Input displays the incoming payload of the first event sent to AIOps by the integration after tokenization. The Payload View contains the following information and controls:

    A. Source fields - integration data fields.
    B. Source field values - values of the integration data fields.
    C. Refresh - clears the window and populates with the payload of the next event from the integration.
    D. Expand - click and drag down to expand the Payload View.

    You can edit, copy and paste the payload text as required.

  2. Transform allows you to transform and map the data fields of events from the integration with the appropriate alert fields in AIOps.
    Select any field from the list to edit it and select the AIOps field it maps to. See Alert and Event Fields Reference for descriptions of the alert fields in AIOps. You can also add custom fields.

  3. Output displays a preview of how the integration event appears as an alert in AIOps. This changes dynamically as you change the data field mappings and the Payload View.

Alert Noise Reduction

AIOps deduplicates events into alerts in order to reduce noise. You can configure a signature to ensure events from a single integration or from multiple integrations of different types are deduplicated into alerts together.

To edit the signature, go to the Signature editor and select the fields you want to be included. Alternatively, click 'Use Recommended Fields' to use fields recommended by AIOps.

Fields recommended for use in a signature included: source/host, event type/class, manager/agent, unique ID, error code or impacted entities.

After you configure a signature, compare the Alerts to see if AIOps deduplicated the events as you would expect. If not, then revise and refine the signature.

Integrations with Deduplication

The alert noise reduction feature is only available for certain monitoring integrations. These are as follows:

Apache Kafka
VMware vSphere
AWS CloudWatch
vRealize Log Insight
CA Spectrum,
HP OPMi Plugin
WebSphere MQ
Dynatrace APM
Microsoft SCOM
Cisco OEM

For all other integrations, the integrations take care of the field mapping and it is not configurable.