Moogsoft Docs

Workflow Engine Functions Reference

This is a reference for Workflow Engine functions in Moogsoft AIOps.

Functions may be available for more than one object. For example, addItemToList is available in event, alert, enrichment, and Situation workflows. In this reference, the functions appear in the lists for all the objects they are valid for.

Event functions

The following functions are available in event workflows:

  • addItemToList: Adds an item or items to an array.

  • appendFields: Appends a concatenated set of fields to an existing field, using a separator character.

  • appendString: Appends a static string to an existing field separated by a space character.

  • ceventFilter: Returns true if the object matches a SQL-like filter. Sweep up filter applies.

  • classifyEvent: Sets the class, type, and severity fields of an event based upon its contents using a predefined classification algorithm.

  • concatFields: Sets the value of a field to a string representing a set of concatenated fields.

  • convertToJSON: Converts the object to JSON and adds it to the workflowContext for use in subsequent actions.

  • copyFieldFromAlertToEvent: Copies a single field from an existing alert to a deduplicating event for the same alert.

  • copyFromAlertToEvent: Copies multiple fields from an existing alert to a deduplicating event for the alert.

  • deltaEvent: Returns true: if the specified event fields differ from corresponding fields in an existing alert, or when an error occurs in the delta check, or when no alert exists. Returns false when it detects no changes.

  • dropEvent: Allows you to prevent further processing of an event.

  • existingAlertFilter: Returns true if the existing alert for a deduplicating event matches a SQL-like filter.

  • isClear: Returns true if the object's severity level is Clear (0).

  • isInSubnet: Returns true when an IP address is present within a specified subnet. Sweep up filter applies.

  • isNewerThan: Returns true when the object age in seconds is less than a specified age in seconds. Sweep up filter applies.

  • isNotNull: Returns true if the value for an object's cEvent field is not null, is not an empty object, or is not an empty array.

  • isNull: Returns true if the value for an object's cEvent field is null, is not set, is an empty object, or is an empty array.

  • isOlderThan: Returns true when the object age in seconds is older than a specified age in seconds. Sweep up filter applies.

  • listContains: Returns true when the array field you query contains some of your specified values. Sweep up filter applies.

  • listContainsAll: Returns true when the array field you query contains all of your specified values. Sweep up filter applies.

  • listDoesNotContain: Returns true when the array field you query contains none of your specified values. Sweep up filter applies.

  • logMessage: Logs a message to the Moogfarmd log.

  • logWorkflowDuration: Logs debug messages for the workflow execution duration.

  • prependFields: Prepends a concatenated set of fields to an existing field, using a separator character.

  • prependString: Prepends a string to an existing field, using a separator character.

  • restAsyncPost: Makes a HTTP POST request with a JSON payload to a named REST endpoint.

  • searchAndReplace: Matches a regular expression to an object field and maps the contents of subgroups to other fields. Sweep up filter applies.

  • setCoreEventField: Sets a single core event field to a value.

  • staticLookup: Searches for a key in a static lookup table, retrieves the corresponding value, and applies that value to a field in the object.

  • stop: Stops the workflow.

  • stripFQDN: Splits a fully qualified domain name (FQDN) into a hostname/short name and a domain name and updates fields with the values.

  • upperCase: Changes the value of a field to uppercase. Sweep up filter applies.

  • willCreateNewAlert: Returns true if the event will create a new alert.

  • willDeduplicateAlert: Returns true if the event will deduplicate into an existing alert.

Alert and enrichment functions

The following functions are available in alert and enrichment workflows:

  • addItemToList: Adds an item or items to an array.

  • alertInSituation: Returns true when the alert is a member of an active Situation. Sweep up filter applies.

  • alertNotInSituation: Returns true when the alert is not a member of an active Situation. Sweep up filter applies.

  • appendFields: Appends a concatenated set of fields to an existing field, using a separator character.

  • appendString: Appends a static string to an existing field separated by a space character.

  • between: Returns true if the object creation date falls between two times.

  • ceventFilter: Returns true if the object matches a SQL-like filter. Sweep up filter applies.

  • concatFields: Sets the value of a field to a string representing a set of concatenated fields.

  • convertToJSON: Converts the object to JSON and adds it to the workflowContext for use in subsequent actions.

  • forward: Forwards the object to the named Moolet.

  • isAssigned: Returns true if the object has an owner or moderator. Sweep up filter applies.

  • isClear: Returns true if the object's severity level is Clear (0).

  • isInSubnet: Returns true when an IP address is present within a specified subnet. Sweep up filter applies.

  • isNewerThan: Returns true when the object age in seconds is less than a specified age in seconds. Sweep up filter applies.

  • isNotAssigned: Returns true if the object does not have an owner or moderator. Sweep up filter applies.

  • isNotNull: Returns true if the value for an object's cEvent field is not null, is not an empty object, or is not an empty array.

  • isNull: Returns true if the value for an object's cEvent field is null, is not set, is an empty object, or is an empty array.

  • isOlderThan: Returns true when the object age in seconds is older than a specified age in seconds. Sweep up filter applies.

  • listContains: Returns true when the array field you query contains some of your specified values. Sweep up filter applies.

  • listContainsAll: Returns true when the array field you query contains all of your specified values. Sweep up filter applies.

  • listDoesNotContain: Returns true when the array field you query contains none of your specified values. Sweep up filter applies.

  • logMessage: Logs a message to the Moogfarmd log.

  • logWorkflowDuration: Logs debug messages for the workflow execution duration.

  • lookupAndReplace: Sets the alertField to a value when one of the fields in the inFields list matches a word or regular expression. Sweep up filter applies.

  • prependFields: Prepends a concatenated set of fields to an existing field, using a separator character.

  • prependString: Prepends a string to an existing field, using a separator character.

  • replaceString: Replaces a string or regular expression in a field with a specified string or regular expression.

  • restAsyncPost: Makes a HTTP POST request with a JSON payload to a named REST endpoint.

  • searchAndReplace: Matches a regular expression to an object field and maps the contents of subgroups to other fields. Sweep up filter applies.

  • sendMooletInform: Sends a Moolet inform with a subject and details.

  • setClass: Sets the class of the alert.

  • setCustomInfoJSONValue: Adds or updates a custom info key to the specified JSON value. Sweep up filter applies.

  • setCustomInfoValue: Adds or updates a custom info key to a specified string value. Sweep up filter applies.

  • setDescription: Sets the description of the object.

  • setSeverity: Sets the severity of the alert. Sweep up filter applies.

  • setType: Sets the type of the alert.

  • staticLookup: Searches for a key in a static lookup table, retrieves the corresponding value, and applies that value to a field in the object.

  • stop: Stops the workflow.

  • stripFQDN: Splits a fully qualified domain name (FQDN) into a hostname/short name and a domain name and updates fields with the values.

  • upperCase: Changes the value of a field to uppercase. Sweep up filter applies.

Situation functions

The following functions are available in Situation workflows:

  • addItemToList: Adds an item or items to an array.

  • appendFields: Appends a concatenated set of fields to an existing field, using a separator character.

  • appendString: Appends a static string to an existing field separated by a space character.

  • between: Returns true if the object creation date falls between two times.

  • ceventFilter: Returns true if the object matches a SQL-like filter. Sweep up filter applies.

  • checkSituationState: Returns true if the specified state exists for a Situation. Sweep up filter applies.

  • concatFields: Sets the value of a field to a string representing a set of concatenated fields.

  • containsAlertDetails: Returns true if all or any of the alerts in the Situation matches the filter condition. Sweep up filter applies.

  • convertToJSON: Converts the object to JSON and adds it to the workflowContext for use in subsequent actions.

  • createServiceTicket: Creates a ticket for the specified service.

  • forward: Forwards the object to the named Moolet.

  • hasCausalPRC: Returns true if one or more alerts in the Situation has a causal PRC flag set. Sweep up filter applies.

  • hasMerged: Returns true if the Situation has been merged or superseded.

  • hasNotMerged: Returns true if the Situation has not been merged or superseded.

  • hasSimilarSituations: Returns true when the Situation has a similar Situation above the specified threshold.

  • isAssigned: Returns true if the object has an owner or moderator. Sweep up filter applies.

  • isClear: Returns true if the object's severity level is Clear (0).

  • isNotAssigned: Returns true if the object does not have an owner or moderator. Sweep up filter applies.

  • isNewerThan: Returns true when the object age in seconds is less than a specified age in seconds. Sweep up filter applies.

  • isNotNull: Returns true if the value for an object's cEvent field is not null, is not an empty object, or is not an empty array.

  • isNull: Returns true if the value for an object's cEvent field is null, is not set, is an empty object, or is an empty array.

  • isOlderThan: Returns true when the object age in seconds is older than a specified age in seconds. Sweep up filter applies.

  • labelSituation: Labels the Situation using the Situation Manager Labeler macro language. Sweep up filter applies.

  • listContains: Returns true when the array field you query contains some of your specified values. Sweep up filter applies.

  • listContainsAll: Returns true when the array field you query contains all of your specified values. Sweep up filter applies.

  • listDoesNotContain: Returns true when the array field you query contains none of your specified values. Sweep up filter applies.

  • logMessage: Logs a message to the Moogfarmd log.

  • logWorkflowDuration: Logs debug messages for the workflow execution duration.

  • prependFields: Prepends a concatenated set of fields to an existing field, using a separator character.

  • prependString: Prepends a string to an existing field, using a separator character.

  • replaceString: Replaces a string or regular expression in a field with a specified string or regular expression.

  • restAsyncPost: Makes a HTTP POST request with a JSON payload to a named REST endpoint.

  • searchAndReplace: Matches a regular expression to an object field and maps the contents of subgroups to other fields. Sweep up filter applies.

  • sendMooletInform: Sends a Moolet inform with a subject and details.

  • setCustomInfoJSONValue: Adds or updates a custom info key to the specified JSON value. Sweep up filter applies.

  • setCustomInfoValue: Adds or updates a custom info key to a specified string value. Sweep up filter applies.

  • setDescription: Sets the description of the object.

  • setSituationState: Sets the state of the Situation. Sweep up filter applies.

  • sigActionFilter: Returns true if the Situation action is of the specified type.

  • sigActionToolFilter: Returns true if the specified tool has been run against a Situation.

  • staticLookup: Searches for a key in a static lookup table, retrieves the corresponding value, and applies that value to a field in the object.

  • stop: Stops the workflow.

  • upperCase: Changes the value of a field to uppercase. Sweep up filter applies.