Use Case

This integration allows collecting alerts from SolarWinds to create events in OBM. The template name is SolarWinds alerts to OBM events (OA).

Requirements

Integration Requirements


SolarWinds

Operations Agent

Authentication

  • Username and Password

  • N/A

Permissions

  • Basic Privileges

  • N/A

Environment

  • N/A

Network Requirements


Direction (Port)

Communication

  • ZigiOps → SolarWinds (17778)

  • ZigiOps → Operations Agent (30005)

Actions

Get Alerts

This action sends HTTP requests on a scheduled interval to collect alerts whose event type is one of "0," "1," or "8," and entity type is one of "Orion.Nodes," "Orion.NPM.Interfaces," or "Orion.APM.Applications" from SolarWinds to create events in OBM. You could manage the alerts collection by modifying the values of the {eventtype} and the {alertobjects/entitytype} trigger conditions.

Data Mapping

Below is the default data mapping for this integration template.

Source Entity

Target Entity Attribute

Target Entity Attribute Details

Alerts

Category

SolarWinds

(a static value that the integration sends for the "Category" attribute of the OBM event)

Close Key

{solarwinds/source/url}:{alertobjects/entitynetobjectid}:{alertobjectid}:0

(combination of the SolarWinds "URL", "Entity Object ID" and "Alert Object ID" of the SolarWinds alert if the "Event Type" of the alert is "1" or "8" and the "Severity" of the alert's configuration is "0")

{solarwinds/source/url}:{alertobjects/entitynetobjectid}:{alertobjectid}

(combination of the SolarWinds "URL", "Entity Object ID" and "Alert Object ID" of the SolarWinds alert if the "Event Type" of the alert is not "1" or "8")

Correlation Key

The Integration Hub checks the available values in the following order:

  1. {solarwinds/source/url}:{alertobjects/entitynetobjectid}:{alertobjectid}:{eventtype}:Normal
    (combination of the SolarWinds "URL", "Entity Object ID", "Alert Object ID" and "Event Type" of the SolarWinds alert and the static value "Normal" if the "Event Type" of the alert is "1" or "8" and the "Severity" of the alert's configuration is "0")

  2. {solarwinds/source/url}:{alertobjects/entitynetobjectid}:{alertobjectid}:{eventtype}:Minor
    (combination of the SolarWinds "URL", "Entity Object ID", "Alert Object ID" and "Event Type" of the SolarWinds alert and the static value "Minor" if the "Severity" of the alert's configuration is "1")

  3. {solarwinds/source/url}:{alertobjects/entitynetobjectid}:{alertobjectid}:{eventtype}:Critical
    (combination of the SolarWinds "URL", "Entity Object ID", "Alert Object ID", "Event Type" of the SolarWinds alert and the static value "Critical" if the "Severity" of the alert's configuration is "2")

  4. {solarwinds/source/url}:{alertobjects/entitynetobjectid}:{alertobjectid}:{eventtype}:Major
    (combination of the SolarWinds "URL", "Entity Object ID", "Alert Object ID", "Event Type" of the SolarWinds alert and the static value "Major" if the "Severity" of the alert's configuration is "3")

  5. {solarwinds/source/url}:{alertobjects/entitynetobjectid}:{alertobjectid}:{eventtype}:Warning
    (combination of the SolarWinds "URL", "Entity Object ID", "Alert Object ID", "Event Type" of the SolarWinds alert and the static value "Warning" if the "Severity" of the alert's configuration is "4")

Description

{alertobjects/alertconfigurations/description}

(the "Description" of the SolarWinds alert configuration)

Related CI

The Integration Hub checks the available values in the following order:

  1. {extracthostdns}
    (the "DNS" of the affected host if the "DNS" of the affected host is available)

  2. {extracthostsysname}
    (the "Sys Name" of the affected host if the "Sys Name" of the affected host is available)

  3. {extracthostnodename}
    (the "Node Name" of the affected host if the "Node Name" of the affected host is available)

Severity

The Integration Hub checks the available values in the following order:

  1. Normal
    (the value that the Integration Hub sends if the "Event Type" of the alert is "1" or "8" and the "Severity" of the alert's configuration is "0")

  2. Minor
    (the value that the Integration Hub sends if the "Severity" of the alert's configuration is "1")

  3. Critical
    (the value that the Integration Hub sends if the "Severity" of the alert's configuration is "2")

  4. Major
    (the value that the Integration Hub sends if the "Severity" of the alert's configuration is "3")

  5. Warning
    (the value that the Integration Hub sends if the "Severity" of the alert's configuration is "4")

Source CI

{z_self/hostname}

(the hostname of the Integration Hub server)

Source Event ID

{alertobjectid}

(the "Alert Object ID" of the SolarWinds alert)

Subcategory

Alert

(a static value that the Integration Hub sends for the "Subcategory" field of the OBM event)

Timestamp

{timestamp}

(the time when the alert has been created)

Title

The Integration Hub checks the available values in the following order:

  1. {alertobjects/alertactive/triggeredmessage}
    (the "Triggered Message" of the SolarWinds alert if the "Triggered Message" is available)

  2. Alert Reset: {alertobjects/alertconfigurations/name}
    (combination of the static value "Alert Reset:" and "Name" of the alert's configuration if the "Event Type" of the alert is "1")

  3. Alert Triggered: {alertobjects/alertconfigurations/name}
    (combination of the static value "Alert Triggered:" and "Name" of the alert's configuration if the "Event Type" of the alert is "0")

  4. Alert Cleared: {alertobjects/alertconfigurations/name}
    (combination of the static value "Alert Cleared:" and "Name" of the alert's configuration if the "Event Type" of the alert is "8")