Moogsoft Docs

Probable Root Cause Configure and Retrain


Getting Started

Go to System Settings > Configure & Retrain .

PRC is enabled by default. This means that you can mark Situation Alerts as having a root cause or not and AIOps will show a root cause estimate in Next Steps in the Situation Room.

To configure which users can mark Alerts for PRC, go to Security > Roles . Select the role you want to edit and under Permissions, move 'prc_feedback' to 'Selected' using the direction arrows.

This permission is enabled for Administrator and Super User roles by default.

Root Cause

The PRC Model gives each Alert within a Situation a root cause estimate. Retrain recalculates the estimates with the current data.

You can choose which features your model uses when predicting the root cause of an Alert. The default PRC configuration uses two types of Severity. The other features are listed below:

Feature Description
Agent The agent of the Alert represented as an enumeration. Each value of 'agent' is considered to be independent from all other values
Alert Arrival Order Represents the arrival order of the Alert in a Situation
Alert Time Represents the Alert time as the components of the 'time of day' e.g. hours of day, minutes of hour
Class The class of the Alert, represented in a way that identifies naming conventions in the class name
Description Tokenises the description into words and uses those words to identify key words and phrases that may indicate root cause
Host The host of the Alert, represented in a way that identifies naming conventions in the class name
Manager The manager of the Alert represented as an enumeration. Each value of 'manager' is considered to be independent from all other values
Severity & Arrival Order (default ) The severity of the Alert represented as independent values and when the alert arrived for each value of severity. For best results use in conjunction with 'Severity Raw'
Severity Enum The severity of the alert represented as independent values. For best results use in conjunction with 'Severity Raw'
Severity Raw (default) The severity of the alert represented as a continuous value such that 'Warning' < 'Major' < 'Critical'. For best results use in conjunction with 'Severity Enum' or 'Severity & Arrival Order'
Situation Alert Time Represents the Alert time as the components of time e.g. hours of day, minutes of hour but relative the first event in the Situation
Type The type of the Alert, represented in a way that identifies naming conventions