Ops Intelligence Asset Intelligence Observability Robotic Data

Alert Mappings

Alert attribute normalization

PreviousAdvanced Alert Configuration NextAlert Enrichment

Last updated 3 years ago

Alert Mappings

Alert attribute normalization

Alert notifications are ingested from disparate monitoring tools into CloudFabrix AIOps platform and each of them follow different format with different alert attributes. Some of the below attributes (not limited to) are important ones in general related to any incoming alert.

Alert Timestamp
Alert Status
Alert Severity
Alert Source
Alert Message

Below are three sample alert notifications payload from VMware vROps, Nagios & AppDynamics. As shown in the below, the alert attributes are completely different from each other.

In CloudFabrix AIOps platform, it is a prerequisite to normalize these alert attributes coming from different monitoring tool sources to a common data model. Below are list of attributes which are used as part of the alert mapping process. Every ingested alert will go through Alert mapping process and their's payload attributes are mapped to the below standard attributes.

Not all below attributes are mandatory to be mapped. The attributes that are flagged with * are mandatory ones.

alertCategory: An attribute which can be used to categorize the alert
alertType: An attribute to classify type of alert
assetId: An attribute which can be used to identify the source of alert (Endpoint identity)
assetIpAddress: An attribute that is used to identify the IP Address of the end point
assetName*: An attribute that is used to identify the AssetName of the end point (ex: Hostname / Devicename)
assetType: An attribute that is used to identify type of the Asset or the end point (ex: VM / Server / Storage / CPU / Memory etc)
clearedAt*: Alert timestamp that is used to identify when the alert was cleared
componentId: An attribute to associate a sub-component ID of an endpoint from which the alert was generated
componentName: An attribute to associate a sub-component name of an endpoint from which the alert was generated
message*: Alert message that states the symptom or problem which has caused the alert
raisedAt*: Alert timestamp that is used to identify when the alert was occured
severity*: Alert's severity (Ex: Critical, Warning, Minor etc..)
status*: Alert's state (Open / Closed / Active / Recovered / Cancelled)
alertkey*: Alert's unique identifier which is used to identify an incoming alert and to apply alert de-duplication process. It can be taken from a single alert attribute or a combination of alert's attributes

Alert ingestion with alert mapping process (normalization) data flow:

PreviousAdvanced Alert Configuration NextAlert Enrichment

Last updated 3 years ago

Alert Timestamp
Alert Status
Alert Severity
Alert Source
Alert Message

Below are three sample alert notifications payload from VMware vROps, Nagios & AppDynamics. As shown in the below, the alert attributes are completely different from each other.

Not all below attributes are mandatory to be mapped. The attributes that are flagged with * are mandatory ones.

alertCategory: An attribute which can be used to categorize the alert
alertType: An attribute to classify type of alert
assetId: An attribute which can be used to identify the source of alert (Endpoint identity)
assetIpAddress: An attribute that is used to identify the IP Address of the end point
assetName*: An attribute that is used to identify the AssetName of the end point (ex: Hostname / Devicename)
assetType: An attribute that is used to identify type of the Asset or the end point (ex: VM / Server / Storage / CPU / Memory etc)
clearedAt*: Alert timestamp that is used to identify when the alert was cleared
componentId: An attribute to associate a sub-component ID of an endpoint from which the alert was generated
componentName: An attribute to associate a sub-component name of an endpoint from which the alert was generated
message*: Alert message that states the symptom or problem which has caused the alert
raisedAt*: Alert timestamp that is used to identify when the alert was occured
severity*: Alert's severity (Ex: Critical, Warning, Minor etc..)
status*: Alert's state (Open / Closed / Active / Recovered / Cancelled)
alertkey*: Alert's unique identifier which is used to identify an incoming alert and to apply alert de-duplication process. It can be taken from a single alert attribute or a combination of alert's attributes

Alert ingestion with alert mapping process (normalization) data flow: