Skip to main content

getEnrichment

A Workflow Engine function that retrieves data from the enrichment data store through the Moogsoft Onprem Enrichment API. Returns true if the request is successful. This function supports eventless operation. When used in an Inform-based workflow engine, getEnrichment targets the workflowContext path rather than custom_info (example: workflowContext.enrichment).

You can also provide an explicit workflowContext path as the target (example: workflowContext.data). This offers the opportunity to use or modify enrichment data without first writing it to an event.

This function relates directly to the API details from your Enrichment API integration.

This function is available as a feature of the Add-ons v1.4 download and later.

This function is available for event, alert, and Situation workflows.

This function does not modify the in-scope object when it retrieves enrichment data.

The workflow sweep up filter applies to this function.

Back to Workflow Engine Functions Reference.

Arguments

Workflow Engine function getEnrichment takes the following arguments:

Name

Required

Type

Description

attribute

Yes

String

Name of the attribute to lookup. For example, "hostname".

value

Yes

String

Name of the field or workflowContext key holding the data to lookup.

To specify a workflowContext key, prefix with "workflowContext". For example, "workflowContext.lookupkey".

target

No

String

Optional subkey under custom_info.enrichment to assign the result to. For example, "data".

If the optional target argument is omitted, results are written directly under custom_info.enrichment and will overwrite any existing data.

Wildcard Search

You can perform a wildcard search if the event field or workflowContext contains a wildcard string. Valid wildcards are as follows:

Wildcard Type

Example

Description

Ends with

“*searchString”

Matches strings ending with the string “searchString”.

Begins with

“searchString*”

Matches strings beginning with the string “searchString”.

Contains

“*searchString*”

Matches strings containing the string “searchString”.

The following conditions apply when performing a wildcard search on an attribute or value:

Attribute Wildcard

The only supported wildcard for an attribute parameter is a single asterisk “*”, which searches all records in the enrichment datastore and returns the first.

Value Wildcard

For a fixed attribute, a wildcard search performs over the values of that attribute if the contents (of the value field or workflowContext) includes a supported wildcard.

For example, you have set the following:

  • attribute “source”

  • value “custom_info.lookupkey”

Where "custom_info.lookupkey" contains the string "host2*". In this scenario, the function matches records for the attribute "source" and values “host2”, “host201”, and “host2a”, and returns the first record in this list, "host2".

Example

The following example demonstrates typical use of Workflow Engine function getEnrichment.

Within your Enrichment API endpoint you have an attribute called "source". You want to retrieve data from the lookupkey field of this attribute and assign the result to a subkey called "data". Set the following:

  • attribute: source

  • value: custom_info.lookupkey

  • target: data

The UI translates your settings to the following JSON:

{"attribute":"source","value":"custom_info.lookupkey","target":"data"}

The function sends a request to the datastore configured in the Enrichment API endpoint for attribute "source" and the contents of the “custom_info.lookupkey” field as the value to search. If successful, the function returns true, and any enrichment data in this field returns as JSON, which the function assigns to custom_info.enrichment.data.

The field or workflowContext key you specify for value must contain either a string or an array of strings. For an array of strings, the function looks up each string and keys the aggregated results by value.

For example, in the same configuration, now consider that custom_info.lookupkey holds the following array:

["host1", "host2"]

Assuming the request is successful and returns true, the function assigns enrichment data to custom_info.enrichment.data in the following format:

{
  "host1": { .. enrichment data for host 1 .. },
  "host2": { .. enrichment data for host 2 .. }
}