Moogsoft Docs

Cookbook and Recipe Reference

This is a reference for the Cookbook Sigaliser algorithm and its associated Recipes. The Cookbook configuration properties are found in $MOOGSOFT_HOME/config/moog_farmd.conf.

Moolet

name: Name of the Cookbook Sigaliser algorithm. Do not change.

Type : String
Required :
Yes
Default : "Cookbook"

class: Moolet class name. Do not change.

Type : String
Required :
Yes
Default : "CCookbook"

run_on_startup : Determines whether Cookbook runs when Moogsoft AIOps starts. If you enable this property, Cookbook captures all alerts from the moment the system starts, without you having to configure or start it manually.

Type : Boolean
Required : No
Default : false

persist_state : Enables Cookbook to save its state for High Availability systems so if a failover occurs, the second moogfarmd can continue from the same point.

Type : Boolean
Required : No
Default : false

metric_path_moolet : Determines whether Moogsoft AIOps includes Cookbook in the Event Processing calculation for Self Monitoring .

Type : Boolean
Required : No
Default : true

moobot : Specifies which associated Moobot the Cookbook Moolet loads at startup.

Type : String
Required : Yes
Default : " Cookbook.js"

process_output_of : Defines the Moolet source of the alerts for Cookbook.

Type : List
Required : Yes
One of: AlertBuilder, AlertRulesEngine, MaintenanceWindowManager, EmptyMoolet
Default : " MaintenanceWindowManager"

Algorithm

membership_limit : Maximum number of Situations an alert can be part of. This does not impact alerts in merged Situations. Smaller limits result in fewer Situations with many alerts and many Situations with fewer associated alerts. Larger limits result in many Situations with few alerts and a few Situations with many alerts. The optimal value is between 1 and 5.

Type : Integer
Required : Yes
Default : 1

scale_by_severity : Cookbook treat alerts with a high severity like alerts with a high entropy value. Moogsoft AIOps divides the severity number by the maximum severity (5) to calculate the scale. For example, for an alert with minor severity, the entropy would be 3/5.

Type : Boolean
Required : No
Default : False

entropy_threshold : Minimum entropy value that an alert must have for Cookbook to consider it for clustering into a Situation. Cookbook does not include any alerts with an entropy value below the threshold in Situations. Set to a value between 0.0 and 1.0 . The default of 0.0 means Cookbook processes all alerts.

Type : Decimal
Required : No
Default : 0.0

single_recipe_matching : Enable single_recipe_matching for Cookbook to treat Recipes in priority order , based on the order of configuration in moof_farmd.conf . The first recipe in the list takes highest priority . If an alert appears in a Situation that a recipe with a low priority order creates, it may reappear in a Situation that a Recipe with a higher priority creates.

Type : Boolean
Required : No
Default : false

cluster_match_type : Defines how Cookbook matches clusters. You can select the first_match in order so Cookbook adds alerts to the first cluster over the similarity threshold value. This is the default behavior for Cookbook. Alternatively, select closest_match to add alerts to the cluster with the highest similarity greater than the similarity threshold value. This option may be less efficient because Cookbook needs to compare alerts against each cluster in a Recipe. The Recipe-level match type configuration overrides the Cookbook-level definition.

Type : List
Required : No
One of : first_match, closest_match
Default : "first_match"

cook_for : Time period for which Cookbook clusters alerts before the recipe resets and determines when to start a new cluster. Different cook_for times per Recipe are useful for monitoring systems with different fail rates, to ensure the Recipe clusters all the relevant Events relating to a failure. For example:

  • A Recipe monitoring for network link failures, which have a fast fail rate and many events in a short time, should have a short cook_for time.
  • A Recipe monitoring for disc or CPU issues, which have a slower fail rate as the issue builds, should have a longer cook_for time.

Recipes without cook_for values inherit the value from the Cookbook. Leave empty if you want Recipes to determine the cook_for value.

Type : Integer
Required : No
Default : "5000",

Recipes

Recipes determine how Cookbook detects relationships between alerts and considers them for clustering into Situations. You can configure Recipes with different event filters, triggers and similarity comparisons using these parameters:

chef : The recipe type: CValueRecipeV2, CValueRecipe or CBotRecipe. T he Value Recipes cluster according to the recipe definitions whereas Bot Recipes follow custom clustering logic defined by a Moobot. See Configure a Cookbook Recipe for more details.

Type : String
Required : Yes
One of: CValueRecipeV2, CValueRecipe, CBotRecipe
Default : "CValueRecipeV2",

name : Name of the Recipe. Use a unique or descriptive name.

Type : String
Required : Yes
Default : "SplitBySourceAndDescription",

description: Description of the Recipe.

Type : String
Required : No
Default : "Value Recipe outage",

recipe_alert_threshold : Maximum number of alerts to cluster before Cookbook creates a Situation. If left as '0', a single alert can generate a new Situation.

Type : Integer
Required : Yes
Default : 0,

exclusion : Filter that determines the alerts to exclude from Situation creation. By default Cookbook excludes all alerts with a severity less than critical. For details on creating a filter, see Filter Search Data .

Type : String
Required : No
Default : "severity < 5",

trigger : Filter that determines the alerts that Cookbook considers for Situation creation. Cookbook ignores alerts that match the exclusion filter.

Type : String
Required : No
Default : "null",

seed_alert : Filter that determines whether to create a Situation from a seed alert if it meets both trigger and seed_alert filter criteria. Cookbook considers subsequent alerts for clustering if they meet the trigger filter criteria. Alerts that arrived prior to the seed alert that met the trigger filter criteria do not form Situations.

The seed_alert filter is a mechanism to ensure that only specific events create Situations . For example, if you create a seed_alert filter if the description matches 'Switch failure', alerts are eligible for clustering only after a seed alert with the matching description arrives to create a Situation.

Type : String
Required : No
Default : "null",
Example : 'Description' MATCHES "Switch failure",

rate : Filter that determines the minimum event rate per minute required for Cookbook to create a Situation. Cookbook only calculates the rate after the cluster meets the threshold defined by min_sample_size or max_sample_size .

Type : Integer (Number of events per minute).
Required : No
Default : "0",

min_sample_size : Minimum number of events contained in a cluster before Moogsoft AIOps calculates the rate.

Type : Integer
Required : No
Default : "5",

max_sample_size : Maximum number of events contained in a cluster before Moogsoft AIOps calculates the rate.

Type : Integer
Required : No
Default : "10",

cook_for : Time period for which Cookbook clusters alerts before the recipe resets and determines when to start a new cluster. Different cook_for times per Recipe are useful for monitoring systems with different fail rates, to ensure the Recipe clusters all the relevant Events relating to a failure. For example:

  • A Recipe monitoring for network link failures, which have a fast fail rate and many events in a short time, should have a short cook_for time.
  • A Recipe monitoring for disc or CPU issues, which have a slower fail rate as the issue builds, should have a longer cook_for time.

Recipes without cook_for values inherit the value from the Cookbook.

Type : Integer
Required : No
Default : "5000",

cluster_match_type : Defines how Cookbook matches alerts to clusters. The first_match default option adds alerts to the first cluster above the similarity threshold value. The alternative is closest_match to add alerts to the cluster with the highest similarity greater than the similarity threshold value. The latter option might be less efficient because it needs to compare alerts against each cluster in a Recipe.

Type : String
Required : No
Default : "first_match",

Matcher

hop_limit: Maximum number of hops between the alert source nodes in order for the alerts to qualify for clustering. Moogsoft AIOps measures hop limit from the first alert that formed the Situation and always follows the shortest possible route in the network. You can only use hop limit if you have imported your network topology into the system. See Import a Network Topology for details.

A hop is the jump between two directly connected nodes in a network. For more information on hops, see Vertex Entropy .

Type : Integer
Required : No
Default : "2",

components : Values that alerts must match for Cookbook to include them in a Situation. You can provide multiple values such as source, description, service or using custom_info fields .

The Value Recipe V2 uses the shingle_size component to determine the similarity between different strings. See Recipe Types for more details.

You can enable or disable case sensitivity with CValueRecipe V1. You can also configure Cookbook to match each value in the list individually. See CValue Recipe for details.

Type : String
Required : No
Default : { name: "source_id", similarity: 0.75, shingle_size: 4 },
{ name: "description", similarity: 0.75, shingle_size: -1 }