Skip to main content

Alert and Event Field Reference

This is a reference guide for alert and event fields, input types, field descriptions and output examples.

Field

Type

Description

Example Output

active_situations

Array

IDs of any Situations associated with the alert.

1, 6, 8

agent_host

Text

Host machine or physical location of the agent that created the event.

OEM Monitor 1

agent_name

Text

Name of the agent that created the event.

NAGIOS SOCKET

agent_location

Text

Host machine or physical location of the agent that created the event.

London Data Centre (51.4167,-0.2833)

agent_time

Integer

Timestamp when the event occurred in epoch time. Use $moog_now in the mapping to set agent time to the time the event arrived at Moogsoft Onprem.

1516183437

alert_id

Integer

Internal identifier generated by Moogsoft Onprem.

101

class

Text

Level of classification for an event. This follows the hierarchy; class then type.

CISCO-IF-Extension-MIB

count

Integer

Number of events in the alert.

2

custom_info

Text

Custom information added as a JSON encoded string.

custom_info.myNodeList=[ "node1" , "node2" , "node3" ]

description

Text

Text description of the alert.

Network Interface (ifIndex = 512479388 ) Up (ifEntry.52683483)

entropy

Integer

Measure of uncertainty of an outcome between 0 and 1 (0 meaning very certain and 1 meaning very uncertain).

0.4

external_id

Integer

Unique identifier from the event source.

7622183

first_event_time

Integer

Earliest event time for the alert. This is calculated from the agent_time of the events that constitute the alert.

14:08:14 16/01/2018

host

Text

Name of the source machine that generated the event.

OEM Server 2

internal_last_event_time

Integer

Time that the latest event for the alert was received by the Moogsoft Onprem server.

10:24:03 19/01/2018

last_change

Integer

Time that the alert was last updated in the Moogsoft Onprem UI.

12:38:06 19/01/2018

last_event_time

Integer

Latest event time for the alert. This is calculated from the agent_time of the events that constitute the alert.

10:24:03 19/01/2018

manager

Text

General identifier of the event generator or intermediary.

NAGIOS, SCOM.

owned_by

Text

Alert owner's username.

John Smith

severity

Integer

Severity level of the alert between 0 and 5.

4

significance

Integer

Relative Significance of an alert is calculated based on its entropy.

3

situations

Array

Any Situations the alert is associated with, including those that have been resolved or closed.

24, 01

source

Text

Name of the source machine that generated the event. If there is no source machine or application, the source is the name of the instance (database name, cluster node, container name).

A hostname or fully qualified domain name (FQDN).

source_id

Text

Identifier for the source machine that generated the event.

5dc68d65-532c-4918-be12-21e1cbcf7af2

status

Text

Status of the alert.

Assigned

type

Text

Level of classification for an event. This follows the hierarchy; class then type.

CISCO-IF-Extension-MIB Notification

In this section:

A measure of the relative significance of an alert, initially calculated based on its entropy (a measure of the rarity or uniqueness of the alert).