Moogsoft Docs

Alerts Overview

Alerts represent new instances of events or de-duplicated events that have been created by AIOps .
You can be view these in filterable and sortable lists, via the Side Menu links, from the Search bar or by looking within Situation Rooms ​​​​​​​.
The highest severity alert within a Situation determines the severity of a Situation. Alerts follow the same severity levels as Situations.

My Alerts/Open Alerts Views

The My Alerts View displays all of the alerts that have been assigned to you.
The Open Alerts view displays all open Alerts created in AIOps and are yet to be resolved.

Alert View Menu

You can select the different columns displayed in the View screens using the View menu.
For more information on the different options see the Configure an Alert View section below.

Alert Tools Menu

All other actions you can perform on an alert or group of alerts can be done using the Tools menu or Right-Click menu.
This can be accessed by clicking Tools or by right-clicking on the alert list. For more information see the Alert Tools Menu section.

Alert Details

You can explore the forensic details of an alert in Alert Details:
The individual column names and their descriptions are listed in the table below:
Name
Description
Active Situations
All active Situations to which this Alert is linked
Agent Host
The IP address or co-ordinates of the geographic location where the Events were detected
Agent Name
The name of the monitor that detected the Events. Frequently a sub-category of Manager
Alert Id
This is the numeric identifier given to the Alert
Class
The subcategory of the Agent
Count
The number of events in the Alert.
Description
A text summary or description of the Alert
Entropy
The entropy value (between 0 and 1)
External Id
The external ID given by another management system to reference the Alert
First Event Time
The time of the first Event that was recorded by Moogsoft AIOps
Host
The source where the Alert originated
Internal Last Event Time
The internal time recorded within the last Event itself
Last Change
The time of the last change to the Alert
Last Event Time
The time of the last Event that was recorded by Moogsoft AIOps
Manager
The system sending the Alert
Owned By
The username of the User who owns the Alert
Severity
The severity of the Alert
Significance
The significance of the Alert
Situations
The Situations that the Alert is associated with
Source Id
The unique number of the source being managed
Status
The status of the Alert
Type
The Alert type. E.g DBFail, HTTPDDown, LinkDown etc.
You can copy the Alert Details by clicking and dragging across the text to highlight it. You can use Ctrl + C ( + c on Mac) to copy the text. This can be pasted in an external editor or tool as required.

Custom Info

You can view custom fields for the Alert in the Custom Info tab.
This appears in a page tree format. Click the blue-drop down arrows to view the properties beneath each branch.

Note

Please note: Custom Info fields can be added by Admins during system configuration. They can also be added with a Situation Client Tool using a JSON snippet under the 'Merge Custom Info' field

Configure an Alert View

Use the View menu to customize which field columns are displayed in My Alerts/ Open Alerts or an Alert filter view.
Click View in the top right corner of the screen to view and select the different options in the drop-down menu.

View Options

The top option, 'Alert Row Striping', will change the filter display and each Alert row will appear as colored stripes. This is shown in the screenshot below:
The Alert columns that can be added and removed are listed in the table below:
Column
Description
Active Situations
Any active Situations the Alerts are linked to
Agent Host
The IP address or co-ordinates of the geographic location where the Events were detected
Agent Name
The name of the monitor that detected the Events. Frequently a sub-category of Manager
Alert Id
The numeric Alert Id
Class
The subcategory of the Agent
Count
The number of times this Alert has been counted
Description
A text summary or description of the Alert
Entropy
The entropy value (between 0 and 1).
External Id
The external ID given by another management system to reference the Alert
First Event Time
The time when the Alert's first Event was recorded
Host
The source where the Alert originated
Internal Last Even Time
The last time and date there was an internal change to the Alert
Last Change
The last time and date there was a change to the Alert
Last Event Time
The time when the Alert's last Event was recorded
Manager
The system sending the Alert
Owned By
The User that owns the Alert
Significance
The Significance of an Alert (Collateral, Related, Impacting or Causal).
Situations
All of the Situations that the Alert is linked to
Source Id
The unique name of the source being managed
Status
The Alert status (Unassigned, Assigned, Acknowledged)
Type
The Alert type. E.g DBFail, HTTPDDown, LinkDown etc.

Move View Columns

You can change the width of each column by hovering your mouse cursor over the column order and clicking and dragging it to increase or decrease the width.
To change the order of the columns, click the column title cell of the column you want to move and drag it to a new location in the top row. Two green arrows will indicate if the move is valid.
You can also configure the order in which the Alerts are shown by clicking the column title cell to rearrange them in ascending or descending alphabetical or numerical order.
For example, click the 'Severity' column to arrange the Alerts in ascending or descending order of severity.

Alert Tools Menu

All other actions that can be performed to an Alert or group of Alerts can be done using the Tools menu or Right-Click menu.
This can be accessed by clicking Tools or by right-clicking on the Alert list.
Select an alert or multiple alerts by clicking in the checkboxes in the far left column.
Next click Tools to perform one of the following actions available in the Tools menu:
Action
Options
Description
Export
Filename: String
Format:
​​​​​​​
  • CSV (Comma Separated Values)
  • JSON (JavaScript Object Notation)
Export:
  • All Rows
  • Selected Rows
Export a row, multiple selected rows or all rows in CSV or JSON format
Own
-
Makes you the owner of an Alert or Alerts
Assign
-
Assigns an Alert or Alerts to a user, subject to permissions
De-Assign
-
Deassigns an Alert or Alerts from a user
Acknowledge
-
Acknowledge an Alert and assume responsibility for it
De-Acknowledge
-
De-acknowledge an Alert to indicate you are no longer responsible for it
Set Severity
Critical
Major
Minor
Warning
Indeterminate
Clear
Enables you to change the severity of an Alert or Alerts
Set Significance
Causal
Impacting
Related
Collateral
Sets the relative significance of an Alert, initially calculated based on its entropy (a measure of the rarity or uniqueness of this alert) with 'Causal' being the most unique, and 'Collateral' being the least.
​​​​​​​Show Details
-
Opens the Alert Details pop-up window with more information about the Alert
Show Timeline
-
Displays the timeline view for the Alert showing you the time extent of the alert, from when it first began to its last change
Tools
Server Tools...
SSH to Host
Lists the client-side Alert tools that can be run
Connect to the host using Secure Shell (SSH)
Add to Situation...
-
Opens a new pop-up window. From here you can add the Alert(s) to a Situation.
Remove from Situation...
-
Opens a new pop-up window. From here you can remove the Alert(s) from a Situation
Move to Situation...
-
Opens a new pop-up window. From here you can move the Alert(s) to a Situation
Resolve...
-
Resolves an Alert and prompts you to submit an entry to the Journal thread of all Situations the Alert is a member of
Close...
-
Closes an Alert. Once an Alert has been changed to a closed state it cannot be revived

Add Alerts to Situations

A single or multiple alerts can be added to a Situation if a User thinks they are related or it makes sense to do so.
To do this from the alert filter view such as My Alerts or Open Alerts , follow the numbered steps below:
  • Select the alert or alerts you want to add to a Situation by clicking the checkbox(es) in the far left column.
  • Right-click on the alerts or click Tools to open the Tools menu and then click Add to Situation...
  • Use the Filter to find the relevant Situations and select the Situation or Situations to add the Alert(s) to. Click Done to continue.

Alert Workflow

Alerts can be assigned to different Moogsoft AIOps users, owned by Administrators and added to Situations.
The standard method of working with Alerts is to have an Administrator who assigns Alerts to the Users within a team. An alternative is to have a single Administrator who owns Situations and deals with all of their associated Alerts.
The sections below outline the standard workflow that can be applied to both of these methods.

Assigned Alerts

Once an Alert has been assigned to you, you will either receive a Notification or it will appear in your My Alerts filter.
After identifying which alerts have the highest priority, typically the alert with the highest severity, the next step is to Acknowledge them to let others know that you are aware of it. A standard way of working would be to work through all of the days 'Critical' alerts and resolve those first before working on the days 'Major' and then 'Warning' alerts to prevent them becoming 'Critical' alerts.
To do this, right click in the alert's row or tag it using the checkbox in the far left column and then click Tools > Acknowledge .

Timeline

To access an alert's timeline, right click on it and select Show Timeline.
The timeline shows a graphical view of an alert and a breakdown of the events that were de-duplicated to create the alert. It also displays the severity of each event and the times at which they occurred.
Click the Zoom In or Zoom Out options to focus in on a particular time period or group of events. Alternatively use the blue sliders to focus in on an area of interest.
The severity of each event is indicated by the color of the line (e.g. the Events in the screenshot above are a mixture of indeterminate and critical Events).

Note

Please note: The alert's severity is defined by the severity of the latest event rather than the event with the highest severity
Click any of the colored lines for more information on any event in the timeline. This will open the Event Details window:
The Events Details window allows you to explore the forensic details of an event or events.
The individual column names and their descriptions are listed below:
Name
Description
Agent
The name of the monitor that detected the events. Frequently a sub-category of Manager
Agent Location
The IP address or co-ordinates of the geographic location where the events were detected
Alert Id
This is the numeric identifier given to the alert
Class
The subcategory of the Agent
Count
The number of times this alert has been counted
Description
A text summary or description of the alert
Entropy
The entropy value (between 0 and 1)
Event Id
The ID given to the event
Event Time
The time of the event
Event Type
The type of event
First Event Time
The time of the first event that was recorded by Moogsoft AIOps
Internal Last Event Time
The time that the last event was recorded by Moogdb
Last Event Time
The time of the last event that was recorded by the Agent.
This may be set by the LAM or the Alert Builder. The default is when the LAM first registered the event.
Last State Change
The time of the last event state change
Manager
The system sending the event
Owner
The username of the user who owns the alert and its events
Severity
The severity of the event
Significance
The significance of the alert
Source
The name of the source machine.
Source Id
The unique identifier for the source machine.
State
The state of the event
Type
The alert type. E.g DBFail, HTTPDDown, LinkDown etc.

Collaborate

Go to Collaborate in the Situation Room and share comments or ideas with your colleagues to find a resolution.
Ultimately, the aim is to resolve high severity alerts before you resolve the Situation. If anyone proposes a solution, this can be tested using Tools or going back to the My Alerts view and clicking on the Host column to SSH into it.

Resolving Steps

If you or another user finds a solution that fixes the problem, then the comment should be marked as the Resolving Step. To do this, click the check icon next to the post in Comments or under Collaborate:
The comment which has been marked as the Resolving Step will be highlighted with a green line. Now a resolution has been found, this Situation can be resolved.
To do this click on the Resolve button under Status in the Situation Room. The 'Resolve Situation' pop-up window will appear:
Add a star rating to indicate the relevance and quality of information given in the Situation along with a journal entry comment. Click Done to continue.