Skip to main content

Enrich on Alert Creation

If your enrichment data is unlikely to change during the lifetime of an alert, enrich once on alert creation.

To enrich on alert creation:

  • Create a custom alert enricher Moolet.

  • Configure your alert enricher to use caching.

  • Configure the Alert Builder to send data to your custom Moolet on alert creation.

  • Define your custom Moolet in Moogfarmd.

See Enrichment Overview for more information on enrichment methods and processes.

Create an Alert Enricher Moobot

Create an Alert Enricher Moobot to obtain enrichment data from your external source, for example via JDBC.

Use Caching

The Bot utility is included with the Situation Manager Labeler.

You can configure your Alert Enricher Moobot to use the caching facilities in the Bot utility. This is optional but good practice if the data is relatively static. It reduces the time required to repeatedly process data from a third party system. For example:

var USE_CACHE = false;
var CMDB_CACHE_RETENTION = 3600;

if (USE_CACHE && cmdb_cache_exists && cmdb_cache_exists.enrichment) 
{
        customInfo.enrichment = cmdb_cache_exists.enrichment;
} 
else 
{
        botUtil.addObject(customInfo, "enrichment", ci_enrichment, false);
        var cmdb_cache = {};
        cmdb_cache.enrichment = customInfo.enrichment;
        botUtil.setCacheValue(botModules.constants, "CMDB"+host, cmdb_cache, CMDB_CACHE_RETENTION);
}
Configure the Alert Builder

In the following example the Alert Builder sends newly created alerts to the Alert Enricher Moolet and updated alerts to the Maintenance Window Manager:

if(alert)
{
        var alertAction=alert.payload().getAction() === "Alert Created" ? "create" : "update";

        if ( alertAction === "create" ) {
                logger.info("createAlert: Created Alert Id: " + alert.value("alert_id"));
                alert.forward("AlertEnricher");
                }
        else {
                logger.info("createAlert: Updated Alert Id: " + alert.value("alert_id"));
                alert.forward("MaintenanceWindowManager");
        }
}
Configure Moogfarmd

Define the Alert Enricher Moobot in Moogfarmd. For example:

{
    name                : "AlertEnricher",
    classname           : "CEmptyMoolet",
    run_on_startup      : true,
    persist_state       : true,
    metric_path_moolet  : false,
    moobot              : "AlertEnricher.js",
    standalone_moolet   : true,
    threads             : 5
}