Problem Definitions
These are recipes that describe the queries an Agent should run and how the content of a case should be formulated.
Problem Definitions are written using YAML.
A Problem Definition has two or three phases:
Gather
Analyze (optional)
Manage
To understand these phases, here are two common scenarios:
A single query that should be turned into cases
Multiple queries against multiple data sources, analyzing the results of those queries, and then creating cases from that analysis.
Single Query to Cases
For this example, we'll assume the data comes from a SQL Server database.
The Problem Definition will consist of two phases:
Gather
Manage
In the Gather phase, a single SQL Server step will be used:
<- YAML ->
Column names are provided explicitly, making writing the case template easier later. Notice that the output of the stage is a Parquet file.
In the Manage step, you can see that we're using Markdown to format the columns in the Parquet file. One case will be created for each row in the Parquet file that was the output from the Gather phase.
<- YAML ->
Multiple Queries to Cases
For this example, let's assume that you have data in a SQL Server relational database and in a Cosmos DB non-relational database.
The Problem Definition will consist of three phases:
Gather
Analyze
Manage
The Gather phase will have two steps:
One to run a query against a SQL Server database and store the results in a Parquet file;
Another to run a query against a Cosmos database and store the results in another Parquet file.
<- YAML ->
The Analyze phase then uses the two Parquet files from the Gather stage and performs a LEFT JOIN query between the two using SQL:
<- YAML ->
The flavour of SQL used in the Analyze step is DuckDB. The output from the Analyze stage is another Parquet file.
Finally, in the Manage step, you can see that we're using Markdown to format the columns in the Analyze Parquet file. One case will be created for each row in the Parquet file.
<- YAML ->
Last updated
Was this helpful?