Ingest Source Event Data

Data ingestion is the process that inputs ("raw") event data from your infrastructure and converts the relevant data fields to ("processed") Moogsoft events. Moogsoft Enterprise can ingest a wide variety of formats: plain-text status messages, binary SNMP data, JSON-formatted strings.

As part of your data ingestion setup, you will examine your incoming data stream, identify data fields that do not correspond to standard Moogsoft Enterprise events and decide which of these fields you want to preserve. Some data might be useful further downstream: for clustering alerts into Situations or providing Operators with diagnostic information.

As a best practice, do not try to get your data ingestion settings right on the first try. You are dealing with a bit of paradox - you need to ingest data in order to uncover the data processing requirements. By ingesting the real data you can conduct discovery sessions effectively, which leads to identifying the data ingestion requirements. So expect to update the data ingestion settings throughout the deployment process.

Data ingestion takes 4 steps.

data_preparation_steps.png

Watch the video to learn these steps in detail.

There are two types of LAMS:

  • Generic LAMs – Based on a specific protocol or communication type, but not specific to a particular product.

  • Vendor-specific LAMs – Configured or customized versions of the generic LAMs that are set up to work with a specific product

In the following section, we will step through the LAM configuration process using the REST LAM example. Consult the developer guide for other types of LAMs, but the points of considerations discussed in the following pages will apply to them.

Watch the Data Ingestion Concepts video in Moogsoft university.