alertDelta
A Workflow Engine function that returns true when attributes have changed. This is based on the previous_data metadata, which Moogsoft Onprem sends with the alert object in an AlertUpdate event.
Only use this function in conjunction with an entry filter that includes the event_handler trigger for "Alert Updated".
This function does not check the values of the attributes, only if the attributes have changed. As standard de-duplication changes attributes, use this function carefully.
Moogsoft recommends placing alertDelta in an engine dedicated to handling Alert Updates and other alert event handlers. This prevents updated alerts re-entering the processing chain through standard Alert Workflows. Contact your Moogsoft Onprem administrator for more information.
This function is available as a feature of the Add-ons v1.4 download and later.
This function is available for alert and enrichment workflows.
Back to Workflow Engine Functions Reference.
Arguments
Workflow Engine function alertDelta takes the following arguments:
Name | Required | Type | Description |
|---|---|---|---|
| Yes | Object | List of attributes to check for change. Accepts granular custom info attributes. |
Example
The following example demonstrates typical use of Workflow Engine function alertDelta.
You want to check if the owner an alert has changed before performing subsequent actions in your workflow. You could use an entry filter to check for a specific ownership, but in this instance the value of the ownership is not relevant, only that it has changed.
Using a separate Workflow Engine to prevent unwanted re-entry, you set up a workflow with an entry filter that includes the event_handler trigger for "Alert Update" and the owner as "Unassigned":
(event_handler = "Alert Update") AND (owner != "anon")
Set the following:
fields: ownerForwarding behavior: Stop this workflow. This ensures that if the alert owner has not changed, subsequent actions in this workflow do not execute.
The UI translates your settings to the following JSON:
{"fields":["owner"]}If the alerts metadata shows that the “owner” has changed, the function returns true and the alert is forwarded to the next action in the workflow.
If function does not detect a change of ownership, the function returns false and the forwarding behaviour prevents subsequent actions in the workflow from executing.