This
Workflow for Configuring the SyncPack
The following workflows describe how to configure SL1 and PowerFlow to work with the "ThousandEyes" SyncPack.
Configuring ThousandEyes
Configuring SL1
Configuring PowerFlow
- Create a configuration object
- Align the configuration object and configure the ThousandEyes PowerFlow application
Configuring ThousandEyes
To integrate PowerFlow with ThousandEyes, you must create an alert webhook in ThousandEyes. After you create the webhook, you will need to configure the webhook for your PowerFlow application.
To create and configure a webhook in ThousandEyes:
- Follow the ThousandEyes documentation to create a webhook. For more information on creating webhooks in ThousandEyes, see https://docs.thousandeyes.com/product-documentation/integration-guides/custom-webhooks.
- In ThousandEyes, navigate to the Alert Rules page (Alert > Alert Rules).
- Expand an Alert Rule and select the tab.
- In the WEBHOOKS field, click . Alternatively, if you have already configured webhooks, click and then . The Edit Webhooks page appears.
- Enter values in the following fields:
- Name. Type a name for your webhook.
- URL. Enter your PowerFlow hostname or IP in the following URL: https://[enter-powerflow-hostname-or-ip]/api/v1/applications/thousandeyes_process_alert/run
For example, if the IP for your PowerFlow system is 192.0.2.0, you should enter the following URL: https://192.0.2.0/api/v1/applications/thousandeyes_process_alert/run
- Username. Type your PowerFlow username.
- Password. Type your PowerFlow password
- Optionally, you can click to test your webhook.
- Click to save your new webhook.
Configuring SL1
The following topic covers how to set up your SL1 instance to work with the "ThousandEyes" SyncPack.
Defining API Event Policies
You can create event policies that match your ThousandEyes alerts. You can use the configuration object in this SyncPack to specify how an event message is constructed and then create one or more API event policies to match the specification. The integration then processes the ThousandEyes alert information and makes an API request.
All alerts generated using the /alert resources are matched against event policies of type "API".
When you create API event policies, the event messages are generated by inserting messages into the main database. These messages can be inserted by a snippet automation action, a snippet Dynamic Application, or by a request to the ScienceLogic API.
You can create one ore more API event policies to trigger an SL1 event based on your ThousandEyes alerts. Once you have created a configuration object and defined its event_format variable, you can determine how alerts match to events by creating an API event policy. The event_format variable from your configuration object matches against the Match String and optional Second Match String defined in your API event policy.
To define an API event policy:
- Go to the Event Policies page (Events > Event Policies).
- Click the Event Policy Editor appears. button. The tab of the
- On the tab, enter the following information:
- Policy Name. Type a name for the event policy.
- Enable Event Policy. Turn this toggle on to enable the event policy, or toggle it off to disable the event policy.
- Policy Description. Type a description of the event policy.
- Click the tab, then enter the following information:
- Event Source. Specifies the source for the event. Select API.
- After selecting and defining your Event Source, enter values in the fields on the right side of the Match Logic tab:
- String/Regular Expression. Use this drop-down to select String or Regular Expression.
- Match String. Type a text string or a regular expression to match against the originating log message field of each alert generated through the API. The event will be generated if the message matches the Match String and the optional Second Match String values. This string can be up to 512 characters and length and can be any combination of alpha-numeric and multi-byte characters.
TIP: If you are using the default setting in your configuration object, the simplest match logic configuration is to enter "ThousandEyes" in the Match String field. This configuration will match all ThousandEyes alerts.
If you do not supply a value in the Match String field, your event policy will match all alerts generated through the API.
SL1's expression matching is case-sensitive.
- Second Match String (Optional). Optionally, a second text string or regular expression to match against the originating log message field of each alert generated through the API. The event will be generated if the message matches the Match String and the Second Match String values.
The ThousandEyes integration accepts partial matching, so the Second Match String field is optional.
The other fields on this page can be used to define specific event behavior or enable advanced event features. For a description of every option on this page,
- Click the tab, then enter the following information:
- Event Message. Define the message that appears in the Event Console page or the Viewing Events page when this event occurs.
TIP: It is best practice to set this field to "%M" to view the full message value.
For more information about the Event Message field and descriptions of the other fields on this page that can be used to define the event severity, event masking, and other options,
- Optionally, you can click the tab, where you can define specific devices or device groups for which the event should not appear.
For more information about the
- After entering information in each tab, click to save your new event policy.
For more information on generating API event policies, see the
Configuring PowerFlow
The following topics cover how to set up your PowerFlow instance to work with the "ThousandEyes" SyncPack.
Creating a Configuration Object in PowerFlow
A configuration object supplies the login credentials and other required information needed to execute the steps for a PowerFlow application. The Configurations page () of the PowerFlow user interface lists all available configuration objects for that system.
To use this SyncPack, you will need to either use an existing configuration object in the PowerFlow user interface or create a new configuration object in the PowerFlow user interface and align that configuration object to the application that processes ThousandEyes alert information and creates an event in SL1.
For this SyncPack, you can make a copy of the "ThousandEyes Base Config" configuration object, which is the sample configuration file that was installed with the "ThousandEyes" SyncPack.
The "ThousandEyes Base Config" configuration object contains all of the required variables. Simply update the variables from that object to match your SL1 and ThousandEyes settings.
To create a configuration object based on the "ThousandEyes Base Config" configuration object:
- In the PowerFlow user interface, go to the Configurations page ().
- Click the Edit. The Configuration pane appears. button () for the "ThousandEyes Base Config" configuration object and select
- Click Create Configuration pane appears. . The
- Complete the following fields:
- Friendly Name. Type a name for the configuration object that will display on the Configurations page.
- Description. Type a brief description of the configuration object.
- Author. User or organization that created the configuration object.
- Version. Version of the configuration object.
-
In the Configuration Data field, update the default variable definitions to match your PowerFlow configuration:
- event_format. The string to specify how the event message is constructed for the event.
- yname_format. The string to specify how the sub-entity name (yname) is constructed for the event.
- device_match. The value to specify which alert value in ThousandEyes will be matched to a device in SL1. You can enter the following values:
- Match test ID to custom attribute. The ThousandEyes alert test ID is matched to the custom attribute defined in the configuration object.
- Match test name to custom attribute. The ThousandEyes alert test name is matched to the custom attribute defined in the configuration object.
- Match test name to device name. The ThousandEyes test name is matched to the device name in SL1.
- Always use default device. The ThousandEyes alert is matched to the default device defined in the configuration object.
- match_attribute. The name of the SL1 custom attribute to match to when using the "Match test ID to custom attribute" or "Match test name to custom attribute" options.
- default_device. The device ID to align SL1 events to if no device match is found.
- sl1_host. The hostname or IP address for your SL1 system.
- sl1_user. The username for your SL1 system.
- sl1_password. The password for your SL1 system.
If you want to match multiple test names or test IDs to one device in SL1, you can enter each test in a comma-separated list in this attribute for that device. For example, enter "test1,test2,test3".
- Click . You can now align this configuration object with the application.
Aligning a Configuration Object and Configuring the Application
When ThousandEyes triggers an outbound HTTP request, the SyncPack uses that request to collect ThousandEyes alert information, which the PowerFlow application then processes and uses to generate a corresponding event in SL1.
To run this SyncPack, you must "align" the configuration object to run with the "ThousandEyes: Process Alert" PowerFlow application and, if needed, update any other fields on the Configuration pane for the applications.
To align the configuration object with the relevant PowerFlow application:
-
On the Applications page of the PowerFlow user interface, open the "ThousandEyes: Process Alert" PowerFlow application and click . The Configurations pane for that application appears.
-
From the Configurations drop-down, select the configuration object you want to use.
The values for sl1_host and the other parameters that appear in the Configuration pane with a padlock icon () are populated by the configuration object you aligned with the application. Do not modify these values. If you encounter an error, make sure your configuration object is configured properly.
- Select an option to specify how ThousandEyes alerts will be matched to a device in SL1. You can choose from the following options:
- Match test ID to custom attribute. The ThousandEyes alert test ID is matched to the custom attribute defined in the configuration object.
- Match test name to custom attribute. The ThousandEyes alert test name is matched to the custom attribute defined in the configuration object.
- Match test name to device name. The ThousandEyes test name is matched to the device name in SL1.
- Always use default device. The ThousandEyes alert is matched to the default device defined in the configuration object.
- Update any of the remaining fields on the Configurations pane as needed.
- Click to align that configuration with the application.