Moogsoft Docs

Match List Items in Recipes

You can create Recipes and configure clustering around the use of 'custom_info' list-based fields in Alert Custom Info.

You can also set whether list-based clustering of a custom_field is applied . If not, the field will be treated as string.

Match list items for a Custom Info Field

To match list items for a custom info field:

  1. Click on the Clustering tab.
  2. Select the 'custom_info' attribute from the Cluster By list. Enter the custom_info field name in the box below.
  3. Check the box next to Match List Items to match individual ite ms in custom_info lists.

Configure list-based Matching

You can also set list-based matching for Cookbook Recipes defined in cookbook.conf .
To enable this:

  1. Edit $MOOGSOFT_HOME/config/moolets/cookbook.conf . See Cookbook and Recipe Reference for all available Recipe properties.
  2. Add a qualifier treat_as: "list" for any custom_info components in the matcher :

    matcher : {
               components: [ { name: "custom_info.cities", similarity: 0.5, treat_as: "list" } ]
              }
  3. Save any changes and restart moogfarmd.

After configuring the Recipe, you can expect the following alerts to arrive in your system :

Alert 1: custom_info.offices = ["London"]
Alert 2: custom_info.offices = ["London", "San Francisco", "Venice", "Bangalore"]
Alert 3: custom_info.offices = ["Venice", "Bangalore"]
Alert 4: custom_info.offices = ["Bangalore"]

Example

If you configure your Recipe to treat the custom_field value as list and set the similarity to 1.0:

matcher : {
             components: [ { name: "custom_info.cities", similarity: 1.0, treat_as: "list" } ]
          }

This configuration would produce four clusters:

  • Cluster A: Alert 1 and alert 2 match for "London".
  • Cluster B: Alert 2 matches for "San Francisco".
  • Cluster C: Alert 3 and alert 4 match on "Venice".
  • Cluster D: Alerts 2, 3 and 4 match on "Bangalore".

This can produce four separate Situations as per the four clusters above, or two Situations because cluster D contains all the alerts in clusters B and C.

If the Recipe does not see custom_info field as a list then it treats the field as a single string. This means in this example all four alerts would end up in separate Situations with no clustering.