Configuring PowerFlow Applications for the ThousandEyes SyncPack

This section describes how to set up the PowerFlow application for the "ThousandEyes" SyncPack.

Workflow for Configuring the SyncPack

The following workflows describe how to configure Skylar One and PowerFlow to work with the "ThousandEyes" SyncPack.

Configuring ThousandEyes

1. Create and configure a Webhook in ThousandEyes

Configuring Skylar One

1. Define the API event policies

Configuring PowerFlow

1. Create a configuration object
2. Align the configuration object and configure the ThousandEyes PowerFlow application

Configuring ThousandEyes

To integrate PowerFlow with ThousandEyes, you must create an alert webhook in ThousandEyes. After you create the webhook, you will need to configure the webhook for your PowerFlow application.

To create and configure a webhook in ThousandEyes:

1. Follow the ThousandEyes documentation to create a webhook. For more information on creating webhooks in ThousandEyes, see https://docs.thousandeyes.com/product-documentation/integration-guides/custom-webhooks.
2. In ThousandEyes, navigate to the Alert Rules page (Alert > Alert Rules).
3. Expand an Alert Rule and select the Notifications tab.
4. In the WEBHOOKS field, click Configure Webhooks. Alternatively, if you have already configured webhooks, click Edit webhooks and then Add New Webhook. The Edit Webhooks page appears.
5. Enter values in the following fields:

• Name. Type a name for your webhook.
• URL. Enter your PowerFlow hostname or IP in the following URL: https://[enter-powerflow-hostname-or-ip]/api/v1/applications/thousandeyes_process_alert/run

For example, if the IP for your PowerFlow system is 192.0.2.0, you should enter the following URL: https://192.0.2.0/api/v1/applications/thousandeyes_process_alert/run

• Username. Type your PowerFlow username.
• Password. Type your PowerFlow password

5. Optionally, you can click Test to test your webhook.
6. Click Add New Webhook to save your new webhook.

Configuring Skylar One

The following topic covers how to set up your Skylar One instance to work with the "ThousandEyes" SyncPack.

Defining API Event Policies

You can create event policies that match your ThousandEyes alerts. You can use the configuration object in this SyncPack to specify how an event message is constructed and then create one or more API event policies to match the specification. The integration then processes the ThousandEyes alert information and makes an API request.

All alerts generated using the /alert resources are matched against event policies of type "API".

When you create API event policies, the event messages are generated by inserting messages into the main database. These messages can be inserted by a snippet automation action, a snippet Dynamic Application, or by a request to the ScienceLogic API.

You can create one ore more API event policies to trigger a Skylar One event based on your ThousandEyes alerts. Once you have created a configuration object and defined its event_format variable, you can determine how alerts match to events by creating an API event policy. The event_format variable from your configuration object matches against the Match String and optional Second Match String defined in your API event policy.

To define an API event policy:

1. Go to Event Policies page (Events > Event Policies).

2. In the Event Policies page, click the Create Event Policy button. The Event Policy Editor page appears, displaying the Basic tab:
3. On the Basic tab, enter the following information:

• Event Policy Name. Type a name for the event policy.
• Enable Event Policy. Turn this toggle on to enable the event policy, or toggle it off to disable the event policy.

• Event Source. Specifies the source for the event. Select API.

5. After selecting your Event Source, enter values in the following fields:

• Type of Match. Use this field to select String or Regular Expression.
• Match String (Optional). Type a text string or a regular expression to match against the originating log message field of each alert generated through the API. The event will be generated if the message matches the Match String and the optional Second Match String values. This string can be up to 512 characters and length and can be any combination of alpha-numeric and multi-byte characters.

TIP: If you are using the default setting in your configuration object, the simplest match logic configuration is to enter "ThousandEyes" in the Match String field. This configuration will match all ThousandEyes alerts.

If you do not supply a value in the Match String field, your event policy will match all alerts generated through the API.

Skylar One's expression matching is case-sensitive.

• Second Match String (Optional). Optionally, a second text string or regular expression to match against the originating log message field of each alert generated through the API. The event will be generated if the message matches the Match String and the Second Match String values.

The ThousandEyes integration accepts partial matching, so the Second Match String field is optional.

The other fields on this page can be used to define specific event behavior or enable advanced event features. For a description of every option on this page, see the section on The Basic Tab.

• Event Message. Define the message that appears in the Event Console page or the Viewing Events page when this event occurs.

TIP: It is best practice to set this field to "%M" to view the full message value.

For more information about the Event Message field and descriptions of the other fields on this page that can be used to define the event severity, event masking, and other options, see the section on The Event Message Tab.

7. Optionally, you can use the configuration options under Suppressions to define specific devices or device groups for which the event should not appear.

8. After entering information in each tab, click Save to save your new event policy.

Configuring PowerFlow

The following topics cover how to set up your PowerFlow instance to work with the "ThousandEyes" SyncPack.

Creating a Configuration Object in PowerFlow

A configuration object supplies the login credentials and other required information needed to execute the steps for a PowerFlow application. The Configurations page () of the PowerFlow user interface lists all available configuration objects for that system.

To use this SyncPack, you will need to either use an existing configuration object in the PowerFlow user interface or create a new configuration object in the PowerFlow user interface and align that configuration object to the application that processes ThousandEyes alert information and creates an event in Skylar One.

For this SyncPack, you can make a copy of the "ThousandEyes Base Config" configuration object, which is the sample configuration file that was installed with the "ThousandEyes" SyncPack.

The "ThousandEyes Base Config" configuration object contains all of the required variables. Simply update the variables from that object to match your Skylar One and ThousandEyes settings.

To create a configuration object based on the "ThousandEyes Base Config" configuration object:

1. In the PowerFlow user interface, go to the Configurations page ().
2. Click the Actions button () for the "ThousandEyes Base Config" configuration object and select Edit. The Configuration pane appears.
3. Click Copy as. The Create Configuration pane appears.
4. Complete the following fields:

• Friendly Name. Type a name for the configuration object that will display on the Configurations page.
• Description. Type a brief description of the configuration object.
• Author. User or organization that created the configuration object.
• Version. Version of the configuration object.

5. In the Configuration Data field, update the default variable definitions to match your PowerFlow configuration:

• event_format. The string to specify how the event message is constructed for the event.
• yname_format. The string to specify how the sub-entity name (yname) is constructed for the event.
• device_match. The value to specify which alert value in ThousandEyes will be matched to a device in Skylar One. You can enter the following values:
• Match test ID to custom attribute. The ThousandEyes alert test ID is matched to the custom attribute defined in the configuration object.
• Match test name to custom attribute. The ThousandEyes alert test name is matched to the custom attribute defined in the configuration object.
• Match test name to device name. The ThousandEyes test name is matched to the device name in Skylar One.
• Always use default device. The ThousandEyes alert is matched to the default device defined in the configuration object.
• match_attribute. The name of the Skylar One custom attribute to match to when using the "Match test ID to custom attribute" or "Match test name to custom attribute" options.

If you want to match multiple test names or test IDs to one device in Skylar One, you can enter each test in a comma-separated list in this attribute for that device. For example, enter "test1,test2,test3".

• default_device. The device ID to align Skylar One events to if no device match is found.
• sl1_host. The hostname or IP address for your Skylar One system.
• sl1_user. The username for your Skylar One system.
• sl1_password. The password for your Skylar One system.

6. Click Save. You can now align this configuration object with the application.

Aligning a Configuration Object and Configuring the Application

When ThousandEyes triggers an outbound HTTP request, the SyncPack uses that request to collect ThousandEyes alert information, which the PowerFlow application then processes and uses to generate a corresponding event in Skylar One.

To run this SyncPack, you must "align" the configuration object to run with the "ThousandEyes: Process Alert" PowerFlow application and, if needed, update any other fields on the Configuration pane for the applications.

To align the configuration object with the relevant PowerFlow application:

1. On the Applications page of the PowerFlow user interface, open the "ThousandEyes: Process Alert" PowerFlow application and click Configure. The Configurations pane for that application appears.

2. From the Configurations drop-down, select the configuration object you want to use.

   The values for sl1_host and the other parameters that appear in the Configuration pane with a padlock icon () are populated by the configuration object you aligned with the application. Do not modify these values. If you encounter an error, make sure your configuration object is configured properly.

3. Select an option to specify how ThousandEyes alerts will be matched to a device in Skylar One. You can choose from the following options:

• Match test ID to custom attribute. The ThousandEyes alert test ID is matched to the custom attribute defined in the configuration object.
• Match test name to custom attribute. The ThousandEyes alert test name is matched to the custom attribute defined in the configuration object.
• Match test name to device name. The ThousandEyes test name is matched to the device name in Skylar One.
• Always use default device. The ThousandEyes alert is matched to the default device defined in the configuration object.

4. Update any of the remaining fields on the Configurations pane as needed.
5. Click Save to align that configuration with the application.