What Is a Custom_info Field


What Is a Custom Info Object?

In Moogsoft Enterprise, there isn't always a corresponding field for everything you want to keep from the source system. Custom Info is a field that allows you to extend the Moogsoft Enterprise alert schema. You can store additional information that has not been mapped to any standard Alert field attributes. Store data in the custom_info field as a JSON-formatted tree. You can update the custom_info for an object without affecting any other object properties.

Custom Info Field Best Practices

You need to be strategic and selective about adding custom_info. Keep the following points in mind as you create custom info fields.

Do NOT Add Unnecessary Information

Do NOT Overload the event Custom Info object with unnecessary information. When you are just beginning the ingestion stage, it is likely that you do not know all the fields you need. Do NOT create custom fields for everything at this stage. Consult your operators who will be addressing these alerts. Ask them what additional information they need in the alert payload in order to diagnose issues and only keep those values. Also when you get to the alert clustering process you will identify the custom information needs (if any) for clustering.

Mind the Event Size Limit

The maximum allowed size of an event is 64KB. If an event exceeds the limit, it does not get created in the system. Be mindful of the limit and truncate some of the field values as needed. For example, if you decide to add a list of values such as impacted applications, add a length limit to not risk exceeding the event size limit

Mind the Performance Impact

The size of the event directly impacts the amount of disk space required for the database server. Each time an event is deduplicated, or the alert is updated in the system, a complete copy of it I saved in the database. This includes the custom_info object. Suppose you have a 20KB alert, and it gets updated and actioned 100 times. The database footprint of it will be about 2MB. See Retention Policy under Sizing Recommendations.

Use the Same Base Model

It is best practice to enforce the same custom_info base model across all of your ingestions. Use the example model below. You can expand it as you see fit, but always add defaults.

var baseCustomInfo = {
      enrichment : {},
      mooghandling : {
          isEnriched : false,
          archiveOnly : false,
          toolFlags : {},
      services : [],
      location : {},
      eventDetails : {},
      ticketing : {
          ticketNumber : null,
          ticketStatus : null

Learn More

For information on Workflow Engine Functions you can use to modify custom_info, see Workflow Engine Functions Reference.