Empty Moolet
The Empty Moolet enables Moogsoft Onprem integrators to intercept and handle Message Bus events without impacting upon the existing alert flow logic and processing. This provides a mechanism for you to implement your own alert processing rules. The Empty Moolet can also be used to provide general augmentation of alert and Situation details, for example, enrichment.
An Empty Moolet can be passed an alert or a Situation by one of the following mechanisms:
Process output of: The Empty Moolet exists in the alert processing chain.
Event handler: The Empty Moolet listens for specific message types on the bus.
Direct forwarding: The Empty Moolet is handed an object by another Moolet, for example, Moolet A forwards an alert to Moolet B.
A single Empty Moolet uses one or more of these mechanisms.
Configure Empty Moolet
The Empty Moolet takes messages off the Message Bus according to message type and passes them to a Moolet. The configuration includes the message types to register interest for and the name of the Moolet to pass them to. For example, to integrate with an incident management system such as ACMEIncidentManager, the Empty Moolet must:
Listen to
NewThreadEntry
events (the topic on Message Bus is/sig/thread/entry/new
) andSigStatus
events (the topic on Message Bus is/sigs/status topic
).Interrogate the events to select only those in which the incident management system has registered an interest via the Graze API
addSigCorrelationInfo
request.Filter out those events which were originated by the incident management system via the Graze API to avoid sending duplicate information.
Extract relevant information from the event including the incident management system entity reference.
Send the information to the incident management system via the REST.V2 Moobot module which supports the sending of simple RESTful POST requests using basic HTTP authentication.
The following example demonstrates an Empty Moolet configuration for this scenario:
{ name : "ACMEIncidentManager", classname : "CEmptyMoolet", run_on_startup : true, moobot : "ACMEIntegration.js", event_handlers : [ "NewThreadEntry". "SigStatus" ] }
This example shows one way of integrating Moogsoft Onprem with another system. Each integration is dependent upon the individual use cases and systems being integrated.
See Alert Manager for a further example of an Empty Moolet configuration.
Note
Not all event handlers are required for every integration. Only specify required handlers.
Customize Empty Moolet
To invoke custom javascript for a particular set of actions related to Situations, you can leverage the Empty Moolet to listen for these actions and use the data within the Situations involved. For example, when a Situation is closed you may want to notify an external entity via the REST.V2 module.
Edit the configuration file moog_farmd.conf
to associate the CustomTaskRunner Moobot with the Empty Moolet, and listen for SigAction events:
{ name : "CustomTaskRunner", classname : "CEmptyMoolet", run_on_startup : true, metric_path_moolet : false, moobot : "CustomTaskRunner.js", event_handlers : [ "SigAction" ] }
This is an example of Moobot code that runs a function when a supported Situation action occurs in Moogsoft Onprem:
CustomTaskRunner.js
var events = MooBot.loadModule('Events'); var logger = MooBot.loadModule('Logger'); var constants = MooBot.loadModule('Constants'); logger.debug("Empty Moolet Started."); /** * ### situationAction * * Listen for specific "sigAction" * * @param {object} situation - A situation object from Events */ function situationAction(situation) { logger.warning("Checking Action event..."); var sitn_id = situation.value("situation_id"); var action = situation.payload().valueOf("action"); if (action !== null) { var details = situation.getActionDetails(); // The name of the URL Tool has to match to trigger action if (action == "Ran Tool") { if (details.tool == urlToolName) { runFunction(sitn_id); } } } } /** * ### runFunction * * Run some function * * @param {number} sitn_id - The Situation Id */ function runFunction(sitn_id) { logger.info('Run some function for Situation Id ' + sitn_id); } // // Listen for SigAction event to see if certain URL tool has been run // events.onEvent("situationAction",constants.eventType("SigAction")).listen();
The urlToolName
must match the name of the Situation URL tool. The Situation ID is available in the event payload, because the tool is run in the context of a particular Situation.