Ops Intelligence
Asset Intelligence
Observability
Robotic Data
Introduction
How it Works
Getting Started
Glossary
Implementer Guide
cfxDimensions Installation
cfxOIA Installation
cfxOIA Application Services
Release Notes
KEY FEATURES GUIDE
Incident Management
Alert Management
Advanced Alert Configuration
Alert Mappings
Alert Enrichment
Alert Correlation & Suppression
ML Driven Operations
Data Exploration
RDA (Robotic Data Automation)
Analytics
UI & PORTAL FEATURES GUIDE
Filters Management
Customizing Table Views
Exporting Data
Administrator Guide
User Roles & RBAC
Collaboration
Projects
INTEGRATIONS GUIDE
Integrations Overview
Featured Integrations
Powered by GitBook

Alert Mappings

Alert attribute normalization

Alert notifications are ingested from disparate monitoring tools into CloudFabrix AIOps platform and each of them follow different format with different alert attributes. Some of the below attributes (not limited to) are important ones in general related to any incoming alert.

  • Alert Timestamp

  • Alert Status

  • Alert Severity

  • Alert Source

  • Alert Message

Below are three sample alert notifications payload from VMware vROps, Nagios & AppDynamics. As shown in the below, the alert attributes are completely different from each other.

In CloudFabrix AIOps platform, it is a prerequisite to normalize these alert attributes coming from different monitoring tool sources to a common data model. Below are list of attributes which are used as part of the alert mapping process. Every ingested alert will go through Alert mapping process and their's payload attributes are mapped to the below standard attributes.

Not all below attributes are mandatory to be mapped. The attributes that are flagged with * are mandatory ones.

  • alertCategory: An attribute which can be used to categorize the alert

  • alertType: An attribute to classify type of alert

  • assetId: An attribute which can be used to identify the source of alert (Endpoint identity)

  • assetIpAddress: An attribute that is used to identify the IP Address of the end point

  • assetName*: An attribute that is used to identify the AssetName of the end point (ex: Hostname / Devicename)

  • assetType: An attribute that is used to identify type of the Asset or the end point (ex: VM / Server / Storage / CPU / Memory etc)

  • clearedAt*: Alert timestamp that is used to identify when the alert was cleared

  • componentId: An attribute to associate a sub-component ID of an endpoint from which the alert was generated

  • componentName: An attribute to associate a sub-component name of an endpoint from which the alert was generated

  • message*: Alert message that states the symptom or problem which has caused the alert

  • raisedAt*: Alert timestamp that is used to identify when the alert was occured

  • severity*: Alert's severity (Ex: Critical, Warning, Minor etc..)

  • status*: Alert's state (Open / Closed / Active / Recovered / Cancelled)

  • alertkey*: Alert's unique identifier which is used to identify an incoming alert and to apply alert de-duplication process. It can be taken from a single alert attribute or a combination of alert's attributes

​

Alert ingestion with alert mapping process (normalization) data flow:

KEY FEATURES GUIDE - Previous
Advanced Alert Configuration
Next
Alert Enrichment
Last updated 3 weeks ago