OCSF integration

Install the infrastructure agent

To use the OCSF integration, you need to also install the infrastructure agent on the same host. The infrastructure agent monitors the host itself, while the integration you'll install in the next step extends your monitoring with OCSF-specific data.

Enable the OCSF integration with nri-flex

1. Create a file named nri-ocsf.yml in the integrations directory:

   bash

   Copy

   $
   touch /etc/newrelic-infra/integrations.d/nri-ocsf.yml

2. Add the following snippet to your nri-ocsf.yml file to enable the agent to capture OCSF data:

   integrations:
     - name: nri-flex
       config:
         name: ocsfExample
         global:
           base_url: http://ip-address:PORT
           headers:
             accept: application/json
         apis:
           - event_type: ocsfSampleEvent       # use this name to query the data
             url: /customEndpoint               # endpoint with OCSF data
           - event_type: ocsfCustomEvent1      
             url: /customEndpoint2

   Copy

Restart the New Relic infrastructure agent

Use the instructions in our infrastructure agent docs to restart your infrastructure agent. This is command that should work for most people:

$
sudo systemctl restart newrelic-infra.service

Find your data

You can use our pre-built dashboard template to monitor your OCSF application metrics. Follow these steps to use our pre-built dashboard template:

1. Go to one.newrelic.com > All capabilities > + Integrations & Agents.

2. Select Dashboards to access the pre-built resources.

3. Search OCSF and select the dashboard.

To instrument the OCSF quickstart and to see metrics and alerts, you can also follow our OCSF quickstart page by clicking on the Install now button.

Here is an example NRQL query to view the OCSF master uptime:

SELECT * FROM ocsfSampleEvent