Use case walkthrough: Use tags to create custom fields ►
This video explains how to create custom fields using tags in APEX AIOps Incident Management.
*Please note Moogsoft is now part of Dell's IT Operations solution called APEX AIOps, and changed its name to APEX AIOps Incident Management. The UI in this video may differ slightly but the content covered is still relevant.
While working on data ingestion, you may realize you need additional fields other than the ones provided by Incident Management to map your incoming payload. Tags are custom fields you can create to store such information.
For example, let’s say you are creating an integration using the Events API.
You’ve mapped basic information to the fields available by default.
But you also need to map the environment value in your incoming payload. There’s no field available for that to be mapped. What to do?
This is where you use tags.
This shows the JSON format for a custom tag. There is a key: environment, and a value: production. Incident Management will generate a tag to hold the environment type when the Events API receives this in an event payload.
Keep in mind, you should create tags ONLY WHEN you need to use them later in the journey of the data. if that data is not useful for routing, filtering, correlation, or troubleshooting, there’s no need to map every single field to Incident Management.
Instead of the Events API, you may be using the Create Your Own Integration feature for the flexibility of its field mapping. In that case, there’s a convenient feature to auto-create tags. Here’s how it works.
Add a new mapping row.
And in the target field, select tags.
And for payload fields, search for and add the JSON key which includes the tags you want to use. We’ll add the instance details.
This adds IP Address and Instance ID at the same time.
Of course, you can also map tags one at a time. Here's how you do that. Now we have the environment value stored as a tag.
Another way to create tags is using the workflow engine.
Let’s say the impacted customer is not part of the incoming event payload, so you want to enrich events with customer information from an external source.
This workflow queries the data catalog using the instance_id. It looks up the customer value and stores it in a newly created tag.
You can generate tags from any workflow action that allows you to specify an output field. For example, Extract Substring or Match and Update.
OK, now that you know how to create tags, next, let me show you how to use them.
You can use tags to filter a list. We’ll add a column for the customer tag…
…and filter by the value we want.
And, you can refer to tags to help with troubleshooting.
This correlation definition uses tags to filter, and to correlate.
Let’s say the alerts originating in the test environment should not be put through this correlation definition.
Since you have a tag for the environment value, you can use that to filter the alert flow like this.
Also, suppose you want to use the customer name to correlate alerts. Here alerts that share the exact same value for the customer tag and similar values for service are grouped together into an incident.
Another place you can use tags is routing. Let’s say your support team uses PagerDuty to respond to customer-impacting incidents. So you want to route production incidents to PagerDuty, but not incidents affecting the development or test servers.
Here, we’ve used the environment tag to create a filter so only production incidents will be routed to this integration.
Now you know how to use tags. Thanks for watching.
Now you know how to Thanks for watching!