Data Ingestion

You can configure how data fields are mapped and how events are deduplicated for monitoring integrations in Moogsoft AIOps.

Benefits of these data ingestion features include:

  • Data Mapping enables Moogsoft AIOps to identify and organize alerts from integrations.

  • Deduplicating events from integrations into alerts reduces noise.

The configuration steps below can only be taken after the integration has been installed and is running. The tabs are inactive prior to the integration being installed.

Data Mapping

After Moogsoft AIOps receives the payload of an incoming event from the integration, you can map the data fields to the corresponding alert fields in Moogsoft AIOps.

You can customize mappings on the Data Mapping tab under each integration. Note that the follow restrictions apply to mapping rules:

The Data Mapping tab contains three sections:

  1. Input displays the incoming payload of the first event sent to Moogsoft AIOps by the integration after tokenization. The Payload View contains the following information and controls:

    29960178.png

    A. Source fields - integration data fields.

    B. Source field values - values of the integration data fields.

    C. Refresh - clears the window and populates with the payload of the next event from the integration.

    D. Expand - click and drag down to expand the Payload View.

    You can edit, copy and paste the payload text as required.

  2. Transform allows you to transform and map the data fields of events from the integration with the appropriate alert fields in Moogsoft AIOps.

    Select any field from the list to edit it and select the Moogsoft AIOps field it maps to. See Alert and Event Field Reference for descriptions of the alert fields in Moogsoft AIOps. You can also add custom fields.

  3. Output displays a preview of how the integration event appears as an alert in Moogsoft AIOps. This changes dynamically as you change the data field mappings and the Payload View.

Alert Noise Reduction

Moogsoft AIOps deduplicates events into alerts in order to reduce noise. You can configure a signature to ensure events from a single integration or from multiple integrations of different types are deduplicated into alerts together.

To edit the signature, go to the Signature editor and select the fields you want to be included. Alternatively, click 'Use Recommended Fields' to use fields recommended by Moogsoft AIOps.

Fields recommended for use in a signature included: source/host, event type/class, manager/agent, unique ID, error code or impacted entities.

After you configure a signature, compare the Alerts to see if Moogsoft AIOps deduplicated the events as you would expect. If not, then revise and refine the signature.

See Signature for more information.

In this section: