Adding a Topology Filter to a Cookbook Recipe

If the nodes in a Situation are in an active topology, you can view them in context by enabling a topology filter in your Cookbook Recipe. You can control clustering based on whether the nodes are close together or far apart.

Overview

Add a named topology filter to the Source Cookbook Recipe in the Default Cookbook.

  1. Send a test event into Moogsoft Enterprise using a cURL command and check the user interface to verify that it arrived.

    curl http://localhost:8888 -H 'Content-Type: application/json' --insecure -v --data '{events:[{"signature":"Switch07::Network fault","source_id":"sw07","external_id":"4955","manager":"BNT","source":"Switch07","class":"network","agent_location":"White Plains","type":"Network fault","severity":5,"description":"Error detected"}]}'
  2. Add the pre-configured 'network' topology to the Source Cookbook Recipe.

  3. Resend the event and examine the visual display on the Situation Topology tab.

  4. Send an additional event and examine the resulting Situation. Adjust the hop settings to prevent the two events from clustering, resend the events, and check the results.

    curl http://localhost:8888 -H 'Content-Type: application/json' --insecure -v --data '{events:[{"signature":"Switch02","source_id":"","external_id":"","manager":"BNT","source":"Switch02","class":"network","agent_location":"","type":"Network Fault","severity":"5","description":"Error Detected"}]}'

Step-by-Step Instructions

  1. Use a cURL command to send an event into Moogsoft Enterprise from your terminal. You can copy and paste the command below into your terminal window.

    curl http://localhost:8888 -H 'Content-Type: application/json' --insecure -v --data '{events:[{"signature":"Switch07::Network fault","source_id":"sw07","external_id":"4955","manager":"BNT","source":"Switch07","class":"network","agent_location":"White Plains","type":"Network fault","severity":5,"description":"Error detected"}]}'

    Here, localhost:8888 refers to port 8888 on your Linux virtual machine, the port to which the Moogsoft REST LAM data adapter is listening. The data payload is structured to be readable by the REST LAM. The event fields are in JSON format, with key-value pairs defined by colons and separated by commas.

  2. In the user interface, go to Workbench > Open Alerts. You should see a critical alert. Double click on it to see the alert details, and examine how the values in the cURL command data payload have been mapped to the fields in the alert.

  3. Go to Workbench > Open Situations. Click on the open Situation and then the Visualize tab. You will see that the Source Recipe generated the Situation.

    By examining the alert and Situation, you know that you have a critical switch failure in your networking hardware, but you don't know which components are connected to the switch and affected by the failure. Adding a topology filter to your Cookbook Recipe will let you see the Situation in context.

  4. Go to Settings > Cookbook Recipes and click on the Source Recipe.

  5. Click on the ‘Topology Filter’ checkbox.

  6. In the settings pane that appears, click on 'Named Topology' and choose the 'network' topology.

  7. Leave the node field set to 'source'. This identifies the alert field the topology filter will use to match to its list of nodes.

  8. For now, leave the 'Match' setting set to 'any node'. This ensures that any nodes in the topology will be included in a Situation if they also match the clustering settings for the Cookbook Recipe.

  9. Leave the settings in the 'Clustering' tab the same, and save changes.

  10. Go to Workbench > Open Situations. Close any open Situations by right clicking on the Situation and choosing 'Close'.

  11. From your terminal, resend the network fault event.

    curl http://localhost:8888 -H 'Content-Type: application/json' --insecure -v --data '{events:[{"signature":"Switch07::Network fault","source_id":"sw07","external_id":"4955","manager":"BNT","source":"Switch07","class":"network","agent_location":"White Plains","type":"Network fault","severity":5,"description":"Error detected"}]}'
  12. Go to Workbench > Open Situations in the UI, and double click on the critical Situation.

  13. Go to the Topology tab. You can see that the faulty network switch is connected to your mainframe.

  14. Experiment with the display options to see more of your network. Click on the dropdown arrow in the display options box, and move the slider under 'Neighbor Nodes' to the maximum, ‘4’.

  15. You can zoom and pan as needed to make the network visible, and rearrange the nodes in the display. Making these display changes will not affect the Cookbook Recipe topology settings.

  16. Send an additional event from your terminal into Moogsoft Enterprise using a cURL command.

    curl http://localhost:8888 -H 'Content-Type: application/json' --insecure -v --data '{events:[{"signature":"Switch02","source_id":"","external_id":"","manager":"BNT","source":"Switch02","class":"network","agent_location":"","type":"Network Fault","severity":"5","description":"Error Detected"}]}'
  17. Examine the Open Situations and Open Alerts views in the UI. Because of the similarity in the source names, the Default Cookbook has clustered the two alerts into a single Situation.

  18. Go to the Topology tab for the Situation. You should see both faulty switches in the topology. (You may need to refresh your browser.)

    You decide that you don't want to cluster these two alerts into a single Situation, since they are affecting different parts of the network. Rather than changing the Cookbook clustering settings, you can adjust the topology filter to keep the alerts from clustering.

  19. Go to Settings > Cookbook Recipes > Source.

  20. Under Topology Filter, change the 'Match' setting to 'Nodes within 2 Hops', and save your changes.

  21. Close any open Situations.

  22. Resend the two events using your terminal.

    curl http://localhost:8888 -H 'Content-Type: application/json' --insecure -v --data '{events:[{"signature":"Switch07::Network fault","source_id":"sw07","external_id":"4955","manager":"BNT","source":"Switch07","class":"network","agent_location":"White Plains","type":"Network fault","severity":5,"description":"Error detected"}]}'
    curl http://localhost:8888 -H 'Content-Type: application/json' --insecure -v --data '{events:[{"signature":"Switch02","source_id":"","external_id":"","manager":"BNT","source":"Switch02","class":"network","agent_location":"","type":"Network Fault","severity":"5","description":"Error Detected"}]}'
  23. You now have two separate Situations in the UI. Examine the Topology tab for each one. You can see the affected node for each Situation in its local context.

This concludes the lab section.