SolarWinds integration
You can use a Moogsoft Cloud custom integration to ingest events from SolarWinds.
Before you begin
Before you set up your SolarWinds integration:
Make sure you are signed in to your Moogsoft Cloud instance.
Make sure you are signed in to SolarWinds.
Create a custom integration in Moogsoft Cloud
Within Moogsoft Cloud, navigate to Integrations > Ingestion Services > Create your own Integration.
Click Add New Integration.
Under Moogsoft Endpoint, enter a unique name for your new integration (required).
Note
The name of the integration can be anything you choose. Moogsoft Cloud will automatically generate an API endpoint URL independent of what you enter for this field.
Under API Description, enter a description for the integration (optional).
Under Data Type, select Events.
Click Save.
Keep the web page for this integration open in your browser while you complete the following steps in SolarWinds.
Configure alert actions in SolarWinds
Open SolarWinds. Navigate to Alerts & Activity > Alerts.
From the top right, click Manage Alerts.
Click on the name of an alert that should trigger the integration with Moogsoft Cloud.
Add a new trigger action:
In the Edit Alert window, navigate to Trigger Actions.
Under Trigger Actions, click Add Action.
Select Send a GET or POST Request to a Web Server.
Click Configure Action.
Configure the trigger action:
Under Name of action, provide a name: "Send to Moogsoft."
Under URL, paste the endpoint URL for your Moogsoft Cloud integration.
The endpoint URL is provided for you in Moogsoft Cloud on the page for your custom integration, under Configuration Information > Moogsoft Endpoint.
Select Use HTTP/S POST.
Under Body to POST, copy and paste the following:
{ "description": "${N=Alerting;M=AlertDescription}", "severity": "${N=Alerting;M=Severity}", "source": "${N=SWQL;M=SELECT TOP 1 RelatedNodeCaption FROM Orion.AlertObjects WHERE AlertObjectID = ${N=Alerting;M=AlertObjectID}}", "check": "${N=Alerting;M=AlertName}", "manager": "Solarwinds", "class": "${N=Alerting;M=ObjectType}", "city": "${N=SWQL;M=SELECT TOP 1 Nodes.CustomProperties.City FROM Orion.Nodes AS Nodes, Orion.AlertObjects AS AlertObjects WHERE Nodes.DisplayName = AlertObjects.RelatedNodeCaption AND AlertObjects.AlertObjectID = ${N=Alerting;M=AlertObjectID}}", "department": "${N=SWQL;M=SELECT TOP 1 Nodes.CustomProperties.Department FROM Orion.Nodes AS Nodes, Orion.AlertObjects AS AlertObjects WHERE Nodes.DisplayName = AlertObjects.RelatedNodeCaption AND AlertObjects.AlertObjectID = ${N=Alerting;M=AlertObjectID}}", "ipAddress":"${N=SwisEntity;M=Node.IP_Address}", "machineType":"${N=SwisEntity;M=Node.MachineType}" }
Under ContentType, delete the default value and replace it with:
application/json
Under Authentication, select Token.
Under Header Name, type:
apiKey
Under Header Value, copy and paste your Moogsoft Cloud API key.
The API key is provided for you in Moogsoft Cloud on the page for your custom integration, under Configuration Information > API Key.
Click Add Action.
Test the trigger action:
In the row for your new trigger action, click the Simulate icon (lightning bolt) on the far right.
Select the required properties for simulation and click Execute. This will send a test payload to your Moogsoft Cloud integration.
Open Moogsoft Cloud. Within the page for your custom integration, scroll down to the Map Your Data section. Here, you can view cached payloads of incoming events sent from SolarWinds.
Confirm that the test payload you sent is there.
Add a new reset action:
Go back to where you left off in SolarWinds. At the bottom right of the page, click Next to go to the Reset Actions page.
Under the Reset Action section, click Add Action.
Select Send a GET or POST Request to a Web Server.
Click Configure Action.
Configure the reset action:
Under Name of action, provide a name: "Send Clear to Moogsoft."
Under URL, paste the endpoint URL for your Moogsoft Cloud integration.
The endpoint URL is provided for you in Moogsoft Cloud on the page for your custom integration, under Configuration Information > Moogsoft Endpoint.
Select Use HTTP/S POST.
Under Body to POST, copy and paste the following:
{ "description": "${N=Alerting;M=AlertDescription}", "severity": "Clear", "source": "${N=SWQL;M=SELECT TOP 1 RelatedNodeCaption FROM Orion.AlertObjects WHERE AlertObjectID = ${N=Alerting;M=AlertObjectID}}", "check": "${N=Alerting;M=AlertName}", "manager": "Solarwinds", "class": "${N=Alerting;M=ObjectType}", "city": "${N=SWQL;M=SELECT TOP 1 Nodes.CustomProperties.City FROM Orion.Nodes AS Nodes, Orion.AlertObjects AS AlertObjects WHERE Nodes.DisplayName = AlertObjects.RelatedNodeCaption AND AlertObjects.AlertObjectID = ${N=Alerting;M=AlertObjectID}}", "department": "${N=SWQL;M=SELECT TOP 1 Nodes.CustomProperties.Department FROM Orion.Nodes AS Nodes, Orion.AlertObjects AS AlertObjects WHERE Nodes.DisplayName = AlertObjects.RelatedNodeCaption AND AlertObjects.AlertObjectID = ${N=Alerting;M=AlertObjectID}}", "ipAddress":"${N=SwisEntity;M=Node.IP_Address}", "machineType":"${N=SwisEntity;M=Node.MachineType}" }
Under ContentType, delete the default value and replace it with:
application/json
Under Authentication, select Token.
Under Header Name, type:
apiKey
Under Header Value, copy and paste your Moogsoft Cloud API key.
The API key is provided for you in Moogsoft Cloud on the page for your custom integration, under Configuration Information > API Key.
Click Add Action.
Test the reset action:
In the row for your new reset action, click the Simulate icon (lightning bolt) on the far right.
Select the required properties for simulation and click Execute. This will send a test payload to your Moogsoft Cloud integration.
Open Moogsoft Cloud. Within the page for your custom integration, scroll down to the Map Your Data section. Here, you can view cached payloads of incoming events sent from SolarWinds.
Confirm that the test payload you sent is there.
Click Next to go to the Summary page.
Click Submit.
Assign the trigger action to alerts:
Within the Manage Alerts page, use the checkboxes to select all alerts that should trigger the integration with Moogsoft Cloud.
Click Assign Action > Assign Trigger Action.
From the list of trigger actions, select the "Send to Moogsoft" action you created.
Click Assign.
Assign the reset action to alerts:
Within the Manage Alerts page, use the checkboxes to select the same alerts a second time.
Click Assign Action > Assign Reset Action.
From the list of reset actions, select the "Send Clear to Moogsoft" action you created.
Click Assign.
Configure the custom integration in Moogsoft Cloud
Go to your Moogsoft Cloud instance.
Open the page for your custom integration by going to Integrations > Ingestion Services > Create your own Integration > your-integration-name.
Scroll down to the Map Your Data section. Map your payload fields to the corresponding Moogsoft Cloud fields. An example mapping is provided for you below as a reference, but you should tailor the mapping according to your business needs.
For a complete list of mapping types, save options, and instructions on how to use them, read Use mapping types in custom integrations.
Table 1. Example mappingSolarWinds field
Moogsoft Cloud field
source
source
description
description
check
check
severity
severity
department
service
class
class
manager
manager
city
tags.swCity
ipAddress
tags.swIpAddress
machineType
tags.swMachineType
Scroll down to the Set Your Deduplication Key section.
Edit the deduplication key and remove
service
.Click Save at the top of the page.