Skip to main content

Analyze Your JDBC Source Data

Before you configure Moogsoft Onprem to add data to alerts from an external source, analyze your data and verify that it meets your requirements. This topic covers analysis in the the first step in the JDBC enrichment example Enrich Alerts Using a JDBC Data Source.

The following diagram illustrates the process to enrich alert data from an external database:

analyze_source_data.png

It is critical that your source data meets the minimum quality and availability requirements for your use cases. For example, if you are using the data to drive alert clustering or assignment, it should come from a well-maintained, highly-available data source.

Identify the following about your external data sources:

  • Connectivity details for the databases, including host, port, and login credentials.

  • The database type. If you are using a database other than MySQL, you must download the corresponding database driver. See "Database Specific Information" in ExternalDb.

  • The names of databases and the tables within the databases that hold the enrichment data.

  • The fields in your alert data that relate to the database tables. Make note if different types of alerts store the relationship in different fields. For example the server.name field in your database relates to the source field in one alert, but the custom_info.hostname field in another type of alert.

After your collect information about your data source, you are ready to Configure the JDBC Enrichment Integration .

Step 1 example: Analyze source data

The following sections outline the database details you need during the JDBC Enrichment Integration configuration step:

Database connection information

For the example scenario, all the data you need resides in the same MySQL database at with the following connection information:

  • host: 1x

  • port: 3306

  • database name: cmdb

  • user: enricher

  • password: password

Table information

Location and support group data is stored in the server table. The field server.name relates to the source field in your alerts. For example, given the following alert data:

{ ... "source":"sflinux101", ...}

You can access the location data using the following query:

SELECT location, support_group
FROM server
WHERE name = "sflinux101";

+-------------------------------------+---------------+
| location                            | support_group |
+-------------------------------------+---------------+
| 1265 Battery St., San Francisco, CA | SF NOC        |
+-------------------------------------+---------------+

Learn More

To continue with the JDBC Enrichment example, go to step 2: Configure the JDBC Enrichment Integration.