Catalogs API Overview

This API enables you to create, retrieve, update, and delete catalogs. Catalogs are useful when you want to enrich your alerts and incidents with information that's missing from your raw events. Enriching your alerts with catalog data has the following benefits:

  • Added flexibility for correlating your alerts into incidents — you can correlate using enrichment data, not just data in the raw ingested events.

  • Makes your alerts more informative and easier to troubleshoot.

A catalog is a tabular collection of data. Each row specifies a node (the lookup field) and the enrichment data for that node. After you create your catalog, you can set up a Query Catalog action that checks each new event, checks the catalog, and maps the enrichment data to the event if it finds a match. This data gets included in the resulting alert and incidents.

Workflow

  1. Specify your enrichment data in a CSV file. Specify node names in one column and the enrichment data associated with that node in the other columns. The node names should correspond to the source field in your events. For example:

     host, app, aws-region, cluster
     ip-172-31-37-159.ec2, music-match, us-west-1, cluster-1
     ip-172-23-21-112.ec2, music-maker, us-east-2, cluster-7
    
  2. Upload the CSV to your Moogsoft instance via the following POST operation or the UI.

  3. Create an automated workflow with a Query Catalog action.

Related Topics