Introduction
You may already be familiar with Impact, which is often described as Netcool’s “Swiss army knife.” In this blog, I’d like to explain how Impact can be configured to enrich alerts within CP4AIOps, specifically enriching the custom alert attributes held under its details object.
Take, for example, the following use case. An AIOps administrator would like to enrich all critical events in AIOPs by adding the custom fields CI_CiNum, CI_Description, CI_OwnerShortGroup, and CI_ImpactFlag. Alerts entering the AIOPs instance are forwarded from an on-prem Netcool instance. The two are integrated via the Netcool Connector.
Typically, Impact would retrieve the values of these custom fields from some third-party system (e.g., a database, CMDB etc). Still, for the sake of simplicity, we will use hardcoded values in our example.
Below is a snippet of the JSON of the details section of the alert we will be enriching:
As you can see from the JSON, the alert already has some custom attributes defined, these are set via the Netcool connector mapping file. Our Impact enrichment policy will not alter these existing custom attributes but will add some new ones.
Impact Policy
The first thing we need to do is create an impact policy to perform the enrichment. Here’s one I prepared earlier.
Note that the policy must be of type JavaScript.
|
// Example policy to demo how to enrich custom attributes
// *********************************************Section 1*********************************************
Load('AIOPS_Utils');
var Host = EventContainer.alert.resource.name;
var Severity = EventContainer.alert.severity;
{
Log (0,"Node Name = " + Host);
var CI_CiNum = "Some Cinum";
var CI_Description = "Some Description";
var CI_OwnerShortGroup = "Some OwnerGroup";
var CI_ImpactFlag = 1;
}
// *********************************************Section 2*********************************************
var details = Object.assign({}, EventContainer.alert.details, {
CI_CiNum: CI_CiNum,
CI_Description: CI_Description,
CI_OwnerShortGroup: CI_OwnerShortGroup,
CI_ImpactFlag: CI_ImpactFlag
});
var patchData = {
details: details
};
aiopsUtils.patchAlertNoWait(EventContainer.alert.id, patchData);
|
Section 1 of the Impact policy is relatively straightforward. Here, we’re simply defining two variables (Host and Severity) and setting them to the values found in the incoming event. Then, we check if the Severity variable is not equal to severity level 0 (clear severity). If it is, we define a bunch of “CI” variables and use them to set our custom attribute values.
It’s the next section, section 2, where we can see how you can add our new custom attributes.
We make use of the JavaScript “Object.assign()” function to merge the current (EventContainer) alert.details object data with data that defines our new custom attributes and stores the resulting merged JSON object definition in a variable called “details”.
Each new custom attribute is defined as <Attribute Name> : <Attribute Value>.
Then, we define the “patchData” variable which will hold the JSON definition of the alert object we want to update, in this case, the details object. If we were to look at the contents of the details variable at this point, it would now look something like this:
|
{
"alertGroup": "MyAlertGroup",
"alertKey": "MyAlertKey",
"ttNumber": "",
"location": "",
“CI_CiNum”: "Some Cinum",
“CI_Description”: "Some Description",
“CI_OwnerShortGroup”:"Some OwnerGroup",
“CI_ImpactFlag “: “1”
}
|
If we went ahead and tried to update the alert details object without first performing the merge operation, for example, if we tried to use the following function call to add our new custom attributes:
|
aiopsUtils. aiopsUtils.patchAlertNoWait (EventContainer.alert.id, {"details":
{
“CI_CiNum”: "Some Cinum",
“CI_Description”: "Some Description",
“CI_OwnerShortGroup”:"Some OwnerGroup",
“CI_ImpactFlag “: “1”
}
});
|
While we would succeed in adding the new custom attributes to the alert details object, we would also remove any pre-existing ones.
Invoke the Impact Policy from AIOps
Once the Impact policy is in place the next step would be to create a Policy in AIOps to push alerts to Impact for enrichment processing.
From the CP4AIOps main page select Automation and under the Policies tab select “Create Policy”. From the templates provided, select “Invoke IBM Tivoli Netcool/Impact” and use the wizard to define the policy details (e.g. alert matching conditions and execution order etc).
More information on setting up AIOps Impact invocation policies can be found here https://www.ibm.com/docs/en/cloud-paks/cloud-pak-aiops/4.8.1?topic=policies-invoke-impact-policy
We can then test the enrichment policy by inserting an event into AIOps and by looking at the RAW JSON we can see the test event has been successfully enriched.
In Summary
In this blog, we have gone through the simple steps needed to enrich the custom attributes of AIOPs alerts and provided a sample of an Impact policy to get you started on your alert enrichment journey.
I hope you’ve enjoyed reading though this blog and if you have any questions or areas of clarification you need, then please don’t hesitate to contact me.
