Automatic event enrichment

Moogsoft Cloud includes an automatic enrichment workflow for events which populates the class and type event fields. It uses the Classify workflow action to compare the contents of the description, check, source, and service fields to a list of typical terms. Based on those comparisons, it assigns an infrastructure class to the class field and a type of problem to the type field.

Event Field	Automatic Enrichment Values
`class`	`Network`, `Storage`, `Compute`, `Operating System`, `Application`, `Database`
`type`	`Availability`, `Capacity`, `Connectivity`, `Security`, `Activity`, `Environment`, `Unknown`

You can use the resulting metadata as an additional method of correlation. For example, suppose you have a link down event for Interface 123 and a line down event for eth-1/0/0 from the same data center. The default correlation engine will not recognize the resulting alerts as related because they lack textual similarity, but the automatic enrichment workflow will classify them both as “network” (class) and “availability” (type) events. You can add a correlation using location, type, and class to combine them into a single incident.

The automatic enrichment workflow is enabled by default, but you can disable it if you have mapped other values to type and class that you do not want overwritten. You can also adjust the fields used for classification.

In this section:

Automatic event enrichment

Search results