Normalization of messages

Messages consist of nested key-value pairs. The user interface can be used to follow the message flow through 1Gateway, visualizing the message content. The File Writer plugin can be used for debugging and viewing message content. An example of a message coming in from Citrix, converted into a NormalizedMetric and finally converted into a message that the CeeView plugin can process. The different stages of the message are stacked to prevent information loss. Whenever a message is modified (mapped), a new message is created and bundled together. This makes the mapping process lossless. There are three types of normalized messages: normalized alarms, normalized metrics and normalized incidents.

Normalized messages

Normalized messages are identified by their message type and have a predefined structure. They can be processed by any plugin with the help of a mapper. Mappers translate endpoint-specific messages into normalized messages and vice versa. Normalized alarms and metrics contain a ci/ branch in the message.

Normalized configuration items (CIs)

Element	Description
ci/id	The identifier of the CI
ci/name	The name of the CI (e.g. hostname)
ci/fqdn	Fully qualified domain name
ci/ip	IP address for this ci
ci/domain	Network domain
ci/description	The description of the CI
ci/element	The element of the CI (e.g. mount point)
ci/elementid	The id of the element
ci/elementtype	Type of element (e.g. disk)
ci/type	The type of the CI (e.g. server)
ci/parent	The id of the parent CI

Normalized alarms

Normalized alarms or events.

Element	Description
event/id	A unique identifier for the event
event/text	The message text
event/description	The description of this type of event
event/severity	The event severity, 0 (clear) to 5 (fatal)
event/type	The type of event (free form)
event/metricid	If this event was caused by a metric, the id of that metric
event/code	A code for the type of event that can be linked to a runbook or KB
event/impact	The impact
event/correlationid	Format pluginaddress.id in case this event is synchronized with another system
event/timestamp	Timestamp of the event (epoc in seconds)
event/suppressionkey	ID of the event used to suppress

{
	"type": "NormalizedAlarm",
	"ci": {
		"name": "(*REQUIRED*) ci name, e.g. server name",
		"id": "(*REQUIRED*) unique id for this ci",
		"type": "(*REQUIRED*) type of ci, e.g. server",
		"grouping": "Bulk events will be published for each value",
		"element": "(*REQUIRED*) ci element, e.g. mount point",
		"elementid": "ci elementid, id of the element",
		"elementtype": "(*REQUIRED*) type of element, e.g. disk",
		"fqdn": "fully qualified domain name",
		"ip": "ip address for this ci",
		"domain": "network domain"
	},
	"event": {
		"severity": "(*REQUIRED*) The event severity, 0 (clear) to 5 (fatal)",
		"suppressionkey": "(*REQUIRED*) used to suppress",
		"text": "(*REQUIRED*) display text",
		"id": "Unique id of this event (i.E. product.pluginName.internalId)",
		"type": "(*REQUIRED*) event type",
		"timestamp": "(*REQUIRED*) time of event (epoc sec)"
	}
}

C#

Normalized metrics

Element	Description
metric/id	Unique id for this metric
metric/value	Metric value
metric/descritpion	The description of the metric type
metric/unit	Metric unit (e.g. Gigabytes)
metric/shortunit	Abreviated metric unit (e.g. GB)
metric/timestamp	Timestamp when the metric was generated in epoc seconds
metric/type	Metric type (e.g. space)
metic/subtype	Optional further classification of the metric type (e.g. free)
metic/interval	Time between metric values in seconds
metric/changed	Indicates whether this incident was updated since the last time we saw it. True / false

{
	"type": "NormalizedMetric",
	"ci": {
		"name": "(*REQUIRED*) ci name, e.g. server name",
		"id": "(*REQUIRED*) unique id for this ci",
		"type": "(*REQUIRED*) type of ci, e.g. server",
		"grouping": "Bulk events will be published for each value",
		"element": "(*REQUIRED*) ci element, e.g. mount point",
		"elementid": "ci elementid, id of the element",
		"elementtype": "(*REQUIRED*) type of element, e.g. disk",
		"fqdn": "fully qualified domain name",
		"ip": "ip address for this ci",
		"domain": "network domain"
	},
	"metric": {
		"unit": "metric unit, e.g. Gigabytes",
		"subtype": "metric subtype, e.g. free",
		"description": "free text",
		"interval": "sample interval in seconds",
		"id": "unique id for this metric",
		"type": "(*REQUIRED*) metric type, e.g. space",
		"shortunit": "abreviated metric unit, e.g. GB",
		"value": "(*REQUIRED*) Metric value",
		"changed": "true or false",
		"timestamp": "(*REQUIRED*) time this metric was taken in epoc seconds"
	}
}

C#

Normalized incidents

Element	Description
incident/id	The incident id
incident/name	The name of the Incident (i.E. ServiceNow=number, PureService=id)
incident/type	Type of incident, one of incident, feature-request, service-request, change, problem, task
incident/category	Optional classification of the incident (i.E inquiry, database, hardware, network, software)
incident/subject	The incident subject
incident/description	The incident description
incident/status	The incident state, 1-9
incident/impact	The effect an incident has on business, 1-5
incident/urgency	The extent to which the incident's resolution can be delay, 0-5
incident/priority	How quickly the service desk should address the incident, 0-5
incident/assignedusername	The Incident assigned User
incident/assigneduserid	The Incident assigned User id
incident/assignedgroupname	The Incident assigned Group
incident/assignedgroupid	The Incident assigned Group id
incident/createdon	Timestamp when the incident was generated (epoc sec)
incident/updated	Indicates whether this incident was updated since the last time we saw it. True / false
incident/correlationid	Identifier used to synchronize a ticket with other systems

{
    "type": "NormalizedIncident",
    "incident": {
        "id": "(*REQUIRED*) The id of the incident (i.E. product.pluginName.internalId)",
        "name": "(*REQUIRED*) The name of the Incident (i.E. ServiceNow=number, PureService=id)",
        "type": "(*REQUIRED*) Type of incident, one of incident, feature-request, service-request, change, problem, task",
        "category": "Optional classification of the incident (i.E inquiry, database, hardware, network, software)",
        "subcategory": "Optional further classification of the incident (i.E. Memory, Cpu...)",
        "requesterid": "ID of User who has opened the Incident",
        "requestername": "Name of User who has opened the Incident",
        "contact_type": "The created type of the incident, one of email, phone, self-service, virtual_agent, monitoring",
        "subject": "(*REQUIRED*) The incident subject (String)",
        "description": "The incident description (String)",
        "status": "(*REQUIRED*) The incident state, one of 1 (New), 2 (Assigned), 3 (InProgess) , 4 (PendingInternal), 5 (Pending3rdParty), 6 (PendingCustomer), 7 (Resolved), 8 (Closed), 9 (Canceled)",
        "impact": "(*REQUIRED*) The effect an incident has on business, one of 0 (not defined), 1 (very low), 2 (low), 3 (medium), 4 (high), 5 (very high)",
        "urgency": "(*REQUIRED*) The extent to which the incident's resolution can be delay, one of 0 (not defined), 1 (very low), 2 (low), 3 (medium), 4 (high), 5 (very high)",
        "priority": "(*REQUIRED*) How quickly the service desk should address the incident, one of 0 (not defined), 1 (very low), 2 (low), 3 (medium), 4 (high), 5 (very high)",
        "assignedusername": "The Incident assigned User",
        "assigneduserid": "The Incident assigned User",
        "assignedgroupname": "The Incident assigned Group",
        "assignedgroupid": "The Incident assigned Group",
        "createdon": "(*REQUIRED*) Timestamp when the incident was generated (epoc sec)",
        "publicnote": [{
            "authorname": "Name of the Author who has created this note",
            "authorid": "ID of the Author who has created this note",
            "timestamp": "(*REQUIRED*) Timestamp when the comment was generated (epoc sec)",
            "comment": "(*REQUIRED*) The comment (String)",
            "id": "ID of the comment"
        }],
        "privatenote": [{
            "authorname": "Name of the Author who has created this note",
            "authorid": "ID of the Author who has created this note",
            "timestamp": "(*REQUIRED*) Timestamp when the comment was generated (epoc sec)",
            "comment": "(*REQUIRED*) The comment (String)",
            "id": "ID of the comment"
        }],
        "updatedbyname": "User Name who updated the incident last",
        "updatedbyid": "User ID who updated the incident last",
        "updatedon": "When was the incident updated last (epoc sec)",
        "updated": "(*REQUIRED*) true/false",
        "resolvedbyname": "User Name who closed the incident last",
        "resolvedbyid": "User ID who closed the incident last",
        "resolvedon": "When was the incident closed (epoc sec)",
        "resolvenote": "Note which will be added if the Ticket will be closed",
        "closedbyname": "User Name who closed the incident last",
        "closedbyid": "User ID who closed the incident last",
        "closedon": "When was the incident closed (epoc sec)",
        "closenote": "Note which will be added if the Ticket will be closed"
    }
}

C#