Skip to main content

Create a JDBC Enrichment Workflow

To set up JDBC Enrichment in Moogsoft Onprem, configure a workflow in the JDBC Enrichment Workflow Engine to trigger the query you set up in the JDBC Enrichment Integration. See Configure the JDBC Enrichment Integration. This topic covers the final step in the JDBC enrichment example Enrich Alerts Using a JDBC Data Source.

The following diagram illustrates the process to enrich alert data from an external database:

JDBCenrichmentWF.png

In the JDBC Enrichment Workflow Engine, define a workflow with an action that uses the getJDBCEnrichment function. Use the databaseDefName and tableDefName arguments to identify specify the database definition and the table definition you set up in the JDBC Enrichment integration. See Configure the JDBC Enrichment Integration.

The value1 and value2 arguments let you map fields in your alert to the $$params.value1 or $$params.value2 variables in your query. This way different workflows can send different values to the same table definition query. For more information, see the Query section in JDBC Enrichment Reference.

Step 4 example: create a JDBC Enrichment workflow

In the example scenario, you want to enrich all alerts with information from the CMDB. Therefore, create a new workflow in the JDBC Enrichment Workflow Engine as follows:

  1. Create a workflow called "Enrich from CMDB" with the description "Query CMDB and add data to custom_info ". Leave the rest of the fields blank or unchecked.

  2. Add an action into the workflow called "Query CMDB" to specify the database definition you created earlier. See Configure the JDBC Enrichment Integration:

    • Function: getJDBCEnrichment

    • Arguments

      databaseDefName: "cmdb"

      tableDefName: "server"

  3. Add an action into the workflow called "Forward to Maintenance Window Manager" to send the alert to the next stage for data processing:

    • Function: forward

    • Arguments

      moolet: MaintenanceWindowManager

      Forwarding Behavior: Always Forward

When this workflow is active, it queries the CMDB according to the JDBC Enrichment integration configuration. Given the following alert data:

{ ... "source":"sflinux101", ...}

The Workflow Engine updates the custom_info for the alert as follows:

"custom_info":
    {"enrichment":
        {"cmdb_info": {
              "support_group": "SF NOC",                            
              "location": "1265 Battery ST, SF, CA"              }
        },
     "mooghandling": {"isEnriched": true}
     }

Learn more

To read more about the getJDBCEnrichment function, see getJDBCEnrichment.