the Alert processing system is written in Javascript and executed in nodejs runtime environment. It is stateless (replacing it leads only to loss of logs and config caches), it is backed by the following database components for persistence:
Elastic Search is used for archiving alerts and storing alert configuration.
REDIS-stack is used primarily to store profiles. There are other minor uses such as creation of shortlinks.
Some ingestion plugins may require use of additional components: for example CUCM requires presence of an SFTP server.
the following indexes are used:
alertconfig -- stores configuration information for tenants. The configuration is accessed using Alert API.
exceeded-YYYY.MM.DD -- archives generated alerts
REDIS Stack is primarily used for storing profiles, other minor uses include creation of shortlinks. All data is stored using JSON support, and keyed uniquely. For profiles, the REDIS key is formed by a combination of keyword "plain" (reserved to indicate plain-text encoding), identification of key (attribute name and value), tenant ID and profile name ("customprofile" for admin-defined keys). The JSON attributes have one-level depth, deeper hierarchies are stored in flattened structure.
"JSON.SET" "plain#attrs.from+attrs.source#sip:MSLETNC9CVDD2VH3TDQ2RTMNHC------@U4LCF19TQJP7RQA45UV8HK9HK4------a277:2d5d:50a4:79ee:b470:ed83:f279:1191#ba86ac2a-7f13-44b3-ba77-4dc29e6f6305#customprofile" "[\"CSM_123456.created\"]" "1727781064" "NX"
Data can be ingested from a variety of sources: cloud APIs and networking equipment. See the list of supported ingestion plugins.
Alerts can be pushed to various RESTFul compliant destinations. See the list of supported restful plugins.