Enrich Events with Additional Data

Moogsoft ingests raw events based on alert notifications and metric anomalies. In most cases, you will want to enrich your events with additional data after ingestion. Enrichment has the following benefits:

  • You want to fine-tune how Moogsoft clusters your alerts into incidents.

    You can enrich sources with information about their associated clusters, apps, services, teams, locations, and so on. You can leverage data from a CMDB or other central repository to define the relationships between different nodes. Once you define these relationships in your enrichment data, you can define a simple, smart correlation pattern to cluster your alerts.

  • You want to make your alerts more informative and readable.

    In some cases, your raw events and metrics might not include all the information necessary for a user to investigate and troubleshoot an Incident.

  • You want to normalize events that come from different sources and have different formats.

    For example, one event stream uses IPs as the source while another stream uses domain names. You can use enrichment to ensure that all events are formatted consistently. This can make deduplication and correlation much simpler.

Watch how to Add External Data to the Events in Moogsoft.