Match List Items in Recipes

You can create Recipes and configure clustering around the use of 'custom_info' list-based fields in Alert Custom Info.

You can also set whether list-based clustering of a custom_field is applied. If not, the field will be treated as string.

Match List Items for a Custom Info Field

To match list items for a custom info field:

  1. Click on the Clustering tab.

  2. Select the 'custom_info' attribute from the Cluster By list. Enter the custom_info field name in the box below.

  3. Check the box next to Match List Items to match individual items in custom_info lists.

    29962097.png

Configure List-based Matching

You can also set list-based matching for Cookbook Recipes defined in cookbook.conf.

To enable this:

  1. Edit $MOOGSOFT_HOME/config/moolets/cookbook.conf. See Cookbook and Recipe Reference for all available Recipe properties.

  2. Add a qualifier treat_as: "list" for any custom_info components in the matcher:

    matcher : {
           components: [ { name: "custom_info.cities", similarity: 0.5, treat_as: "list" } ]
          }

  3. Save any changes and restart Moogfarmd.

After configuring the Recipe, you can expect the following alerts to arrive in your system:

Alert 1: custom_info.offices = ["London"]
Alert 2: custom_info.offices = ["London", "San Francisco", "Venice", "Bangalore"]
Alert 3: custom_info.offices = ["Venice", "Bangalore"]
Alert 4: custom_info.offices = ["Bangalore"]

Example

If you configure your Recipe to treat the custom_field value as a list and set the similarity to 1.0:

matcher : {
             components: [ { name: "custom_info.cities", similarity: 1.0, treat_as: "list" } ]
          }

This configuration would produce four clusters:

  • Cluster A: Alert 1 and alert 2 match for "London".

  • Cluster B: Alert 2 matches for "San Francisco".

  • Cluster C: Alert 3 and alert 4 match on "Venice".

  • Cluster D: Alerts 2, 3 and 4 match on "Bangalore".

This can produce four separate Situations as per the four clusters above, or two Situations because cluster D contains all the alerts in clusters B and C.

If the Recipe does not see custom_info field as a list then it treats the field as a single string. This means in this example all four alerts would end up in separate Situations with no clustering.

In this section: