Using Inferred Topologies

Suppose that you want to cluster application errors separately from network connection problems. You can assign alerts to different topologies and then use a single Cookbook Recipe to filter the alerts by topology before clustering.

Overview

Set up a workflow and Cookbook to use multiple topologies.

  1. Use the Alert Workflow Engine to populate the custom info field ‘moog_topoology’ with the contents of the ‘class’ alert field.

  2. Update your Source Cookbook Recipe to use inferred topology filters, and set your Cookbook to process the output of Alert Workflows.

  3. Test the inferred topologies by sending in network and application alerts and examining the resulting Situations.

Step-by-Step Instructions

  1. Go to Settings > Automation > Workflow Engine > Alert Workflows. Click on 'Add Workflow' in the upper right.

  2. Name your workflow "Populate Named Topology".

  3. Click on 'Add Action' at the top of the left pane.

  4. Name the action "Copy class to moog_topology".

  5. In the function dropdown, choose 'populateNamedTopology'.

  6. In the topologyName text box, enter '$(class)' without the single quotes. This will put the value of the 'class' alert field into the  'custom_info.moog_topology' field.

  7. Save your workflow.

  8. Go to Settings > Algorithms > Cookbook Recipes and click on the Source Cookbook Recipe.

  9. Choose 'Infer Topology from Alert' in the Topology Filter section. Change Match to 'Any Node' so you can see all the alerts in a given topology together, and then save your changes.

  10. Go to Settings > Algorithms > Cookbooks and click on Default Cookbook.

  11. Under 'Process Output of' choose 'Alert Workflows' and save changes.

  12. Close any open Situations.

  13. Send the network and application events from your terminal.

    curl http://localhost:8888 -H 'Content-Type: application/json' --insecure -v --data '{events:[{"signature":"Switch07::Network fault","source_id":"sw07","external_id":"4955","manager":"BNT","source":"Switch07","class":"network","agent_location":"White Plains","type":"Network fault","severity":5,"description":"Error detected"}]}'
    curl http://localhost:8888 -H 'Content-Type: application/json' --insecure -v --data '{events:[{"signature":"Switch02::Network fault","source_id":"sw02","external_id":"4380","manager":"BNT","source":"Switch02","class":"network","agent_location":"White Plains","type":"Network fault","severity":5,"description":"Error detected"}]}'
    curl http://localhost:8888 -H 'Content-Type: application/json' --insecure -v --data '{events:[{"signature":"EnterpriseAppServer03::Init failure","source_id":"eas03","external_id":"5842","manager":"BNT","source":"EnterpriseAppServer03","class":"appserver","agent_location":"White Plains","type":"Init failure","severity":5,"description":"wpauction failed to initialize"}]}'
  14. Go to Workbench > Open Alerts and double click on one of the alerts to look at the alert details, including the value in the 'class' field.

  15. Click on 'Show Custom Info' and verify that the custom info field 'moog_topology' is set to the same value as ‘class’, which should match a topology name.

  16. Go to Workbench > Open Situations. For each of the two Situations, go to the Topology tab. Check the topology name shown in the display options, and examine the topology visualization to verify that your Cookbook generated the Situations based on the inferred topology.

This concludes the lab section.