/enrichment

A Graze API endpoint that allows you to add and delete records from the enrichment data store. To use the Enrichment API, you must install Moogsoft Add-ons v1.4 or later and set up the Enrichment API Integration.

After you load data into the enrichment data store, you can add the data to an alert's custom_info object under the enrichment key using the Enrichment Workflow Engine getEnrichment function.

For an tutorial on how to use the Enrichment API, see Enrich Alerts Using the Enrichment API.

Back to Graze API EndPoint Reference.

POST

The enrichment endpoint only supports the POST HTTP method to create, update, and delete enrichment records.

Request arguments

Endpoint enrichment takes the following request payload:

Name

Type

Required

Description

action

String

yes

One of post or delete.

post creates or updates enrichment records.

delete removes enrichment records.

data

Array

yes

An array of of enrichment data records represented as JSON objects.

attribute

String

yes

Name of the alert field or other key for the enrichment data. For example, "source".

For the delete action, accepts the * wildcard to delete all attributes.

value

String

yes

The value for the associated attribute. For example if the attribute is "source" for host name data, a value might be "sflinux101".

For the delete action, accepts the * wildcard at the beginning of the search string,end of the search string or booth to delete all matching values. For example "*linux*" would delete all matching values that contain the string "linux": "SFlinux101", "SFlinux", and "linux101".

enrichment

JSON object

for post action

JSON representation of the enrichment data to add to an alert based upon the match attribute and value. For example if you wanted to store store location data:

{"location":"1265 Battery St., San Francisco, CA"}

Example payload:

{"action":"post",
 "data":[
    {"attribute":"source",
    "value":"SFlinux101",
    "enrichment": {
        "location":"1265 Battery St., San Francisco, CA",
        "support_group":"SF NOC"}
    },
    {"attribute":"source",
     "value":"DENlinux102",
        "enrichment": {
            "location":"1700 Lincoln Street, Denver, CO",
            "support_group":"DENVER NOC"}          
    }]
}

Endpoint enrichment takes the following request argument:

Response

Endpoint enrichment returns the following response:

Examples

The following examples demonstrate typical use of endpoint grazeApiEndpointName:

Request example

Example cURL request to create enrichment data:

curl -k -X POST 'https://localhost/graze/v1/integrations/enrichment' \
--header 'Content-Type: application/json; charset=UTF-8' \
-u graze:graze \
-d '{"action":"post", "data":[ {"attribute":"source", "value":"SFlinux101", "enrichment": { "location":"1265 Battery St., San Francisco, CA", "support_group":"SF NOC"} }, {"attribute":"source", "value":"DENlinux102", "enrichment": { "location":"1700 Lincoln Street, Denver, CO", "support_group":"DENVER NOC"} }]}'

Response example