Map the service
field
The APEX AIOps Incident Management data schema includes an optional service
list field that relates to the impact or scope of an alert or incident. For example, you can define services based on affected business processes, applications, support teams, or geographies. Once defined, you can use services in Incident Management to monitor performance in the Dashboard, cluster alerts into actionable incidents using the Correlation Engine, route outbound notifications, and more.
Plan your service categories
To take advantage of these capabilities, you will need to first decide how to define services and then map your data ingestion payloads to the service categories you define.
Choose meaningful service categories. For example, you might use geographic locations, department names, data center names, application groupings, priority applications, and so forth.
Provide easy to understand names for the services.
Provide consistent naming so the service categories make sense to the user.
Note
Service names example
Let’s say you have a Content Delivery Network (CDN) for streaming video content. Your network and server performance has a key impact on your business. In this case, you may wish to set up categories according to the geographic location of your data centers. So your service names might be
nyc-usa-dc1, cupertiono-usa-dc2, grenoble-fr-dc1, london-uk-dc3
, and so on. Here the pattern iscity-country-data center
. It is easy to follow and easy to add more locations.
Map payloads to services
You have three options to map your incoming data payloads to services. You can do the mapping during:
Data ingestion, using inbound integrations or data ingestion APIs.
Event processing, using the Workflow Engine.
Data enrichment, using the Workflow Engine and a data catalog.
The following sections briefly describe how to define and map the service
field.
Map service during data ingestion
When you set up a data ingestion, you can define which field from your payload gets mapped to the Incident Management service
field. If an appropriate field does not exist in the payload, you can also enter a hard-coded value for the service.
Note
When you enter a service name, it is placed in an array. This is because multiple services can be assigned to a single alert or incident. For example, if you specify your service name as "Data Center 1" it is placed in an array on the backend so that it is actually ["Data Center 1"]. The field mapping function expects an array. This is important to note as you may want to use the equals operator in a trigger or scope filter. However, this will not work. Instead you will need to use the in
operator and either parentheses or square brackets, as shown in the following figure.
Configuring services during data ingestion is supported with the following integration methods:
Product-specific inbound integrations: Ansible Tower, AppDynamics, Azure, Dynatrace, New Relic, Pingdom, Prometheus AlertManager, Splunk, and Zabbix, among others, contain instructions for integration with Incident Management. The suggested mappings include proposed mappings for the
service
field.Create Your Own Integration (CYOI): In addition to the CYOI integration instructions, you can read Use mapping types in custom integrations for information about mapping payload fields to Incident Management target fields.
API ingestion: For information about mapping services using the CYOI API for ingestion, read Custom Integration API Mapping.
To set up your inbound integration, in your Incident Management UI, navigate to Integrations > Ingestion Services.
Map service using an event workflow
For some integrations that don’t automatically supply a service field in the payload, you can define the service
field with the Workflow Engine. To do this mapping:
Log into your Incident Management instance.
Click the Correlate & Automate icon and click Workflow Engine.
Create a workflow with a Trigger filter that matches the integration.
Add a Set Service action that supplies the service name from an existing field in the payload, or from a hard-coded text value.
Map service using an event workflow with a data catalog
You can also define a workflow that extracts service names from a data enrichment catalog.
For detailed information about defining and using data catalogs, see Create data catalogs.