Skip to main content

SolarWinds integration

You can use a Moogsoft Cloud custom integration to ingest events from SolarWinds.

Before you begin

Before you set up your SolarWinds integration:

  • Make sure you are signed in to your Moogsoft instance.

  • Make sure you are signed in to SolarWinds.

  • Make sure you have a valid Moogsoft API key.

Create a custom integration in Moogsoft

  1. Within Moogsoft, navigate to Integrations > Ingestion Services > Create your own Integration.

  2. Click Add New Integration.

  3. Under Moogsoft Endpoint, enter a unique name for your new integration (required).

    Note

    The name of the integration can be anything you choose. Moogsoft will automatically generate an API endpoint URL independent of what you enter for this field.

  4. Under API Description, enter a description for the integration (optional).

  5. Under Data Type, select Events.

  6. Click Save.

  7. Keep the web page for this integration open in your browser while you complete the following steps in SolarWinds.

Configure alert actions in SolarWinds

  1. Open SolarWinds. Navigate to Alerts & Activity > Alerts.

  2. From the top right, click Manage Alerts.

  3. Click on the name of an alert that should trigger the integration with Moogsoft.

  4. Add a new trigger action:

    1. In the Edit Alert window, navigate to Trigger Actions.

    2. Under Trigger Actions, click Add Action.

    3. Select Send a GET or POST Request to a Web Server.

    4. Click Configure Action.

  5. Configure the trigger action:

    1. Under Name of action, provide a name: "Send to Moogsoft."

    2. Under URL, paste the endpoint URL for your Moogsoft integration.

      The endpoint URL is provided for you in Moogsoft on the page for your custom integration, under Configuration Information > Moogsoft Endpoint.

    3. Select Use HTTP/S POST.

    4. Under Body to POST, copy and paste the following:

      {
    "description": "${N=Alerting;M=AlertDescription}",
    "severity": "${N=Alerting;M=Severity}",
    "source": "${N=SWQL;M=SELECT TOP 1 RelatedNodeCaption FROM Orion.AlertObjects WHERE AlertObjectID = ${N=Alerting;M=AlertObjectID}}",
    "check": "${N=Alerting;M=AlertName}",
    "manager": "Solarwinds",
    "class": "${N=Alerting;M=ObjectType}",
    "city": "${N=SWQL;M=SELECT TOP 1 Nodes.CustomProperties.City FROM Orion.Nodes AS Nodes, Orion.AlertObjects AS AlertObjects WHERE Nodes.DisplayName = AlertObjects.RelatedNodeCaption AND AlertObjects.AlertObjectID = ${N=Alerting;M=AlertObjectID}}",
    "department": "${N=SWQL;M=SELECT TOP 1 Nodes.CustomProperties.Department FROM Orion.Nodes AS Nodes, Orion.AlertObjects AS AlertObjects WHERE Nodes.DisplayName = AlertObjects.RelatedNodeCaption AND AlertObjects.AlertObjectID = ${N=Alerting;M=AlertObjectID}}",
    "ipAddress":"${N=SwisEntity;M=Node.IP_Address}",
    "machineType":"${N=SwisEntity;M=Node.MachineType}"
}

    5. Under ContentType, delete the default value and replace it with: application/json

    6. Under Authentication, select Token.

    7. Under Header Name, type: apiKey

    8. Under Header Value, enter your Moogsoft API key.

    9. Click Add Action.

  6. Test the trigger action:

    1. In the row for your new trigger action, click the Simulate icon (lightning bolt) on the far right.

    2. Select the required properties for simulation and click Execute. This will send a test payload to your Moogsoft integration.

    3. Open Moogsoft. Within the page for your custom integration, scroll down to the Map Your Data section. Here, you can view cached payloads of incoming events sent from SolarWinds.

      Confirm that the test payload you sent is there.

  7. Add a new reset action:

    1. Go back to where you left off in SolarWinds. At the bottom right of the page, click Next to go to the Reset Actions page.

    2. Under the Reset Action section, click Add Action.

    3. Select Send a GET or POST Request to a Web Server.

    4. Click Configure Action.

  8. Configure the reset action:

    1. Under Name of action, provide a name: "Send Clear to Moogsoft."

    2. Under URL, paste the endpoint URL for your Moogsoft integration.

      The endpoint URL is provided for you in Moogsoft on the page for your custom integration, under Configuration Information > Moogsoft Endpoint.

    3. Select Use HTTP/S POST.

    4. Under Body to POST, copy and paste the following:

      {
    "description": "${N=Alerting;M=AlertDescription}",
    "severity": "Clear",
    "source": "${N=SWQL;M=SELECT TOP 1 RelatedNodeCaption FROM Orion.AlertObjects WHERE AlertObjectID = ${N=Alerting;M=AlertObjectID}}",
    "check": "${N=Alerting;M=AlertName}",
    "manager": "Solarwinds",
    "class": "${N=Alerting;M=ObjectType}",
    "city": "${N=SWQL;M=SELECT TOP 1 Nodes.CustomProperties.City FROM Orion.Nodes AS Nodes, Orion.AlertObjects AS AlertObjects WHERE Nodes.DisplayName = AlertObjects.RelatedNodeCaption AND AlertObjects.AlertObjectID = ${N=Alerting;M=AlertObjectID}}",
    "department": "${N=SWQL;M=SELECT TOP 1 Nodes.CustomProperties.Department FROM Orion.Nodes AS Nodes, Orion.AlertObjects AS AlertObjects WHERE Nodes.DisplayName = AlertObjects.RelatedNodeCaption AND AlertObjects.AlertObjectID = ${N=Alerting;M=AlertObjectID}}",
    "ipAddress":"${N=SwisEntity;M=Node.IP_Address}",
    "machineType":"${N=SwisEntity;M=Node.MachineType}"
}

    5. Under ContentType, delete the default value and replace it with: application/json

    6. Under Authentication, select Token.

    7. Under Header Name, type: apiKey

    8. Under Header Value, paste your Moogsoft API key.

    9. Click Add Action.

  9. Test the reset action:

    1. In the row for your new reset action, click the Simulate icon (lightning bolt) on the far right.

    2. Select the required properties for simulation and click Execute. This will send a test payload to your Moogsoft integration.

    3. Open Moogsoft. Within the page for your custom integration, scroll down to the Map Your Data section. Here, you can view cached payloads of incoming events sent from SolarWinds.

      Confirm that the test payload you sent is there.

  10. Click Next to go to the Summary page.

  11. Click Submit.

  12. Assign the trigger action to alerts:

    1. Within the Manage Alerts page, use the checkboxes to select all alerts that should trigger the integration with Moogsoft.

    2. Click Assign Action > Assign Trigger Action.

    3. From the list of trigger actions, select the "Send to Moogsoft" action you created.

    4. Click Assign.

  13. Assign the reset action to alerts:

    1. Within the Manage Alerts page, use the checkboxes to select the same alerts a second time.

    2. Click Assign Action > Assign Reset Action.

    3. From the list of reset actions, select the "Send Clear to Moogsoft" action you created.

    4. Click Assign.

Configure the custom integration in Moogsoft

  1. Go to your Moogsoft instance.

  2. Open the page for your custom integration by going to Integrations > Ingestion Services > Create your own Integration > your-integration-name.

  3. Scroll down to the Map Your Data section. Map your payload fields to the corresponding Moogsoft fields. An example mapping is provided for you below as a reference, but you should tailor the mapping according to your business needs.

    For a complete list of mapping types, save options, and instructions on how to use them, read Use mapping types in custom integrations.

    Table 1. Example mapping

    SolarWinds field

    Moogsoft field

    source

    source

    description

    description

    check

    check

    severity

    severity

    department

    service

    class

    class

    manager

    manager

    city

    tags.swCity

    ipAddress

    tags.swIpAddress

    machineType

    tags.swMachineType



  4. Scroll down to the Set Your Deduplication Key section.

  5. Edit the deduplication key and remove service.

  6. Click Save at the top of the page.

In this section: