Moogsoft Docs

UI Enrichment

In some cases, the raw alert data from your monitoring source is insufficiently usable. You can use the optional enrichment feature in the Moogsoft AIOps UI to integrate alert data with other data sources. Enrichment can:

  • Improve readability of alerts for operators.

  • Improve accuracy for clustering alerts into Situations.

This topic covers enriching alerts with a static data file.

Before You Begin

Before you start to set up enrichment in the UI, ensure you have met the following requirements:

  • You have logged into Moogsoft AIOps as a user with the 'manage_integrations' role.

  • You have the credentials to connect to MySQL and write to the database.

  • You have prepared a .csv file containing the enrichment data you want to upload, as follows:

    The first line contains the field names.

    The values for one field match the values of a field in your raw alert data.

    See the sample file below:

    NameCode,SiteCode,Address,City,State,Zip
    AB2,GAF,9384 Ornare Road,Lansing,Michigan,76690
    CAV,GAF,133-5757 Sed Avenue,Racine,Wisconsin,42779
    GX2,TES,5722 Nulla Avenue,Springfield,Massachusetts,29957
Enable Enrichment

Run the following MySQL command in the MoogDb database to enable enrichment:

UPDATE features 
SET enabled = 1 
WHERE feature_name = 'enrichment';

You can check that the feature was successfully enabled by running a command similar to the following:

SELECT feature_name, enabled
FROM features
WHERE feature_name = 'enrichment';
Configure the Moolets

Edit $MOOGSOFT_HOME/config/moolets/enricher.conf and make the following change:

  1. Enable the Enricher Moolet to run on startup:

    {
       name               : "Enricher",
       classname          : "com.moogsoft.farmd.moolet.enricher.CEnricherMgr",
       run_on_startup     : true,
       metric_path_moolet : true,
       process_output_of  : "AlertBuilder",
       description        : "Alert Enrichment"
    }

    See Enricher Moolet for further information.

  2. Edit $MOOGSOFT_HOME/config/moolets/maintenance_window_manager.conf and make the following change:

  3. Set the Maintenance Window Manager Moolet to process the output of the Enricher:

    {
       name                     : "MaintenanceWindowManager",
       classname                : "CMaintenance",
       run_on_startup           : true,
       metric_path_moolet       : true,
       process_output_of        : "Enricher",
       maintenance_status_field : "maintenance_status",
       maintenance_status_label : "In maintenance",
       update_captured_alerts   : true
    }
  4. Save the changes and restart Moogfarmd. See Control Moogsoft AIOps Processes for more information.

Create Custom Alert Fields

Create the custom_info alert fields to receive the enrichment data. You cannot update default alert fields with enrichment data.

Refer to the Alerts Columns instructions for further information on creating custom info alert fields.

For example, if you want to enrich alerts with all of the data from the sample file, create custom info alert fields for NameCode, SiteCode, Address, City, State and Zip.

Upload an Enrichment File

Use the Integrations UI to upload your data source as follows:

  1. Go to Integrations - Available Enrichments. The Available Enrichments link is only visible if Enrichment is enabled in the database.

  2. Click Static Data.

  3. Click Upload File, locate your .csv file and click Open.

    This populates the Source Field drop-down lists under Define Lookup and Map Alert Fields with the field names in the first line of the .csv file.

  4. Select the Source Field, which is a field in your .csv file, and the corresponding Alert Field to use for the lookup.

    For example, the NameCode in the sample file could be used as a lookup against a custom_info alert field that contains the same data (AB2, CAV, GX2).

    You can only define one lookup. You can select a custom alert field for the lookup or one of several default alert fields. Alert fields that cannot be used for the lookup do not appear in the drop-down list.

  5. Click + to map the source fields in your .csv file that you want to include in alerts.

    For each desired source field choose the destination alert field. Your custom_info alert fields will appear in the drop-down list.

    You can't map source fields to default alert fields.

  6. When you have mapped all of your alert fields, click Confirm to upload your data.

After you have completed the configuration, Moogsoft AIOps adds enrichment data when it creates new alerts. It is not added to existing alerts.

Moogsoft AIOps enriches alerts when it creates them. Subsequent updates to alerts do not trigger updates to the enriched data within the alerts.