Create a Workflow to Forward to JDBC Enrichment
To set up JDBC Enrichment in Moogsoft Onprem, configure a workflow in the Enrichment Workflow Engine to forward alerts to the JDBC Enrichment Workflow. This topic covers the third step in the JDBC enrichment example Enrich Alerts Using a JDBC Data Source.
The following diagram illustrates the process to enrich alert data from an external database:
The JDBC Enrichment Workflow Engine doesn't process alerts as part of the standard data processing flow. The Enrichment Workflow engine listens for alerts coming from the Alert Builder, so you can create an enrichment workflow with an action that uses the forward function to send alerts to "JDBC Enrichment Workflows".
Step 3 example: create an enrichment workflow to forward to JDBC enrichment
In the example scenario, you want to enrich all alerts with information from the CMDB. Therefore, create a new workflow in the Enrichment Workflow Engine as follows:
Create a workflow called "Forward for enrichment" as follows:
Description: "Forward alerts to JDBC Enrichment Workflow"
Entry filter:
'custom_info.enrichment.isEnriched' != trueThis way we don't attempt to enrich any alerts that have already been enriched.
Sweep up filter: <leave blank>
First match only: <leave unchecked>
Add an action into the workflow called "Forward to JDBC Enrichment Workflow" as follows:
Function:
forwardArguments:
moolet: "JDBC Enrichment Workflows"
Forwarding Behavior: Always Forward
Add an action into the workflow called "Stop workflow processing" to prevent additional alert processing before the enrichment completes.
Function:
stopArguments: Stop All Workflows.
When this workflow is active, it forwards new alerts that have not been previously enriched to the JDBC Enrichment Workflow Engine.
Learn more
To continue with the JDBC enrichment example, go to step 4: Create a JDBC Enrichment Workflow.