AlertOps and Moogsoft:
AlertOps’ alert/incident management system can be integrated with Moogsoft to receive and respond to critical alerts/incidents through email, SMS, push notification or phone alerts. AlertOps would ensure that the alert would reach the appropriate team by using proper workflows, escalation policies and schedules. Based on your ruleset, incidents can be automatically opened and closed, depending on whether Moogsoft reports a problem or a recovery.
In general, a monitoring environment could monitor tens of thousands of hosts, services and platforms that scale up and down so quickly. Customers would not know the relationships between these hosts and services (quite simply because there is so much). This is where Moogsoft comes into picture, such that it “intelligently” correlates incidents and as such, this could be handled/managed seamlessly with AlertOps. AlertOps and Moogsoft can work together bidirectionally as well owing to AlertOps' flexbility and OpenAPI config/workflow features.
AlertOps Inbound Integrations:
We can define an inbound integration in AlertOps for Moogsoft Incidents. AlertOps would ensure based on these alerts or incidents received, it would always reach out and assign to the correct person/team by utilizing its escalation policies, schedules, and workflow features.
AlertOps provides Inbound Integrations to integrate with numerous monitoring, chat and ITSM tools.
In the menu on the left pane, select Integrations > Inbound Integrations > Add API Integration.
There are numerous integration options available in AlertOps, select Moogsoft,
Once you select the type of integration you want, you can then specify basic settings like the integration name, escalation policy, names of the recipients/groups for which the alerts must be assigned to.
Advanced configuration settings can be defined to create specific alerts and incidents for different states received from Moogsoft.
On clicking SAVE, the API Integration will be created, and you will be given a unique URL which acts the access point and needs to be configured at the source (in this case Moogsoft), to send alerts. You can find the integration you just created, and you can give advanced settings and define various configurations for the alerts to be received and processed. For example, you can define when to open and close alerts based on the response obtained from the API call, filters etc.
In the ‘Advanced Settings’ tab, you can get Moogsoft payload which you send from Moogsoft to be mapped accordingly under ‘URL Mapping’. AlertOps gives you the flexibility to map variables coming from Moogsoft as and how you want. You can also test the integration with sample data.
Configuration of Moogsoft for AlertOps Integration:
To send an outbound alert or incident from Moogsoft – an Outbound Webhook can be defined in. To create an outbound webhook, in the Integrations pane – select ‘Webhook’ in ‘Outbound Integrations’ - ‘Add a Webhook’.
The next set of steps is self-explanatory. You can select whether you want to send alerts or incidents and send data in JSON format embedded with Moogsoft Macro defined fields (source, service etc.).
Make sure you configure it as per the screenshot below or copy/paste the payload specified below. Save. There is a 'TEST' button, so you can send out a sample incident to AlertOps.
"description": " $description",
Thats it! , You have configured an integration for Moogsoft Incidents. Any incident in Moogsoft would create an Alert in AlertOps for incident management and can be found in "Inbound Logs"/"Alerts" in the AlertOps environment.
Alert Triggering Information:
AlertOps will automatically create an incident when a new alert is received from Moogsoft when the status field contains “open”, “in progress” or “error”.
If an alert with status “open”, “in progress” or “error” matches an existing Open Alert, AlertOps will recognize the new alert as a duplicate and ignore the alert. The alert will be recorded in the Inbound Messages table as “Mapped Appended.”
AlertOps will automatically close the same incident when an alert with a message contains “resolved” or “closed”