Query Catalog action
Available for event, alert, and incident workflows |
This action queries a data catalog and maps the matching data to the specified event, alert, or incident fields.
Catalog Name
The catalog to query.
Lookup Mapping
Look up the matching catalog entry for an object: If the catalog field = the event, alert, or incident field, the entry matches.
Apply Mapping
If the action finds a matching entry, copy data from the catalog field to the event, alert, or incident field. You can specify a default value if a catalog field is undefined.
Click the "Add Another" button to add an additional mapping. Click the trash can icon to delete a mapping.
Event example
Your monitoring service sends metrics to APEX AIOps Incident Management. These metrics have all the data required by the Metrics API, but they do not specify the service running on each source. You create a catalog called mySources, which specifies each source and its associated service, region, and instance type:
instance-id, service, region, instance-type i-0z267fg498xc23750, custLogin, us-east-1f, t2.large i-0w690ji481vb38749, dbQuery, us-west-1b, t3a.xlarge ...
To map the catalog data to your monitored sources, you add a Query Catalog action into your workflow and configure it as follows:
Catalog name = mySources
Lookup mapping : instance-id =
Source
Apply mapping:
service =
service
region =
location.region
instance-type =
tags.instance-type
When this action processes an event from one of these sources, it adds the catalog data to the event.
Here is an example event that was processed by this workflow:
Event before | Event after |
---|---|
{ "description":"CPU spike to 75%", "severity":4, "source":"i-0z267fg498xc23750", "time":1592322348182, "check":"cpu", "service":[""], } | { "description":"CPU spike to 75%", "severity":4, "source":"i-0z267fg498xc23750", "time":1592322348182, "check":"cpu", "service":["custLogin"], "location": { "region":"us-east-1f"}, "tags": { "instance-type":"t2.large"} } |
Alert example
Suppose that you want to assign a tags.team
value for all new alerts based on their services
field value. You already have a catalog called servicesToTeams, which maps each service to a corresponding team assignment:
Service, team support, Team A retail, Team B payment, Team C ...
You can accomplish this by creating an alert workflow with a Query Catalog action.
After setting up the trigger, you can configure the Query Catalog action as follows:
Catalog Name:
servicesToTeams
Lookup Mapping:
service
=Service
Apply Mapping:
team
→tags.team
When this action processes an alert from with a relevant service, it adds the related catalog data to the alert.
Here is an example alert that was processed by this workflow:
Alert fields before | Alert fields after |
---|---|
{ ... "description": "Server Health Alert: Connection Issue Detected from IP 192.168.2.20", "service": [ "support" ], ... "tags": { "integration_type": [ "eventapi" ] }, ... } | { ... "description": "Server Health Alert: Connection Issue Detected from IP 192.168.2.20", "service": [ "support" ], ... "tags": { "integration_type": [ "eventapi" ], "team": "Team A" }, ... } |