Query Catalog action

This action queries a data catalog and maps the matching data to the specified event fields.

  • Catalog name

    The catalog to query.

  • Lookup mapping

    Look up the matching catalog entry for an object: If the catalog field = the event field, the entry matches.

  • Apply mapping

    If the action finds a matching entry, copy data from the catalog field to the event field. You can specify a default value if a catalog field is undefined.

Example

Your monitoring service sends metrics to Express. These metrics have all the data required by the Metrics API, but they do not specify the service running on each source. You create a catalog called mySources, which specifies each source and its associated service, region, and instance type:

instance-id,          service,      region,      instance-type
i-0z267fg498xc23750,  custLogin,    us-east-1f,  t2.large
i-0w690ji481vb38749,  dbQuery,      us-west-1b,  t3a.xlarge
...

To map the catalog data to your monitored sources, you drag a Query Catalog action into your workflow and configure it as follows:

  • Catalog name = mySources

  • Lookup mapping : instance-id = Source

  • Apply mapping:

    • service = Service

    • region = Location.region

    • instance-type = Tags.instance-type

When this action processes an event from one of these sources, it adds the catalog data to the event.

Event before

Event after

{   
   "description":"CPU spike to 75%", 
   "severity":4,
   "source":"i-0z267fg498xc23750",
   "time":1592322348182,
   "check":"cpu",
   "service":[""],   
}

{   
   "description":"CPU spike to 75%", 
   "severity":4,
   "source":"i-0z267fg498xc23750",
   "time":1592322348182,
   "check":"cpu",
   "service":["custLogin"],
   "location": { "region":"us-east-1f"},
   "tags": { "instance-type":"t2.large"}    
}