Moogsoft logo Moogsoft AIOps Operator Guide v7.0.0

Situations Overview

AIOps uses machine-learning algorithms called Sigalisers to cluster alerts together based on the similarity of their timestamps, language and/or topology.
These can be viewed in filterable lists in the Side Menu, the Search bar and by looking at which Situations are impacting Services.

My Situations/ Open Situations Views

You may receive Notifications about Situations assignments if notifications are enabled for assignments.
The Open Situations View displays all open Situations that are currently unresolved.
You can find out more about each Situation and open its Situation Room by clicking the colored pill containing the Situation ID. For more information see Work with Situations ​​​​​​​.

Situation View Menu

You can use the View menu to configure which columns are shown in My Situations, Open Situations , or a filtered Situation view.
Click View in the top right corner of the screen and select the different options in the drop-down menu to enable them.

​​​​​​​View Options

You can edit any Situation view to display each Situation row in the color of the severity using the 'Situation Row Striping' option:
You can configure which Situation columns are displayed by clicking to select them in the View menu. Available columns include:
Indicates the type and state of the Situation. Categories include: Closed, Created, Detected, Priority, Spam and Superseded.
Created At
Time and date when the Situation was created.
Text description of the Situation.
First Event
Time and date when the first Event was recorded.
Last Change
Time that the Alert was last updated in the Moogsoft AIOps UI.
Last Event
Time and date when the last Event was recorded.
Owned By
Situation owner's username.
Number of Users participating in the Situation Rooms.
Process Impacted
All processes associated with the Situation that have been impacted.
Queue number the Situation belongs to.
Rating given to the Situation.
Scope of the different source groups affected by the Situation (End-User, All, Network, Applications, Database, Storage, Desktop, Cloud, Other).
Scope Trend
Indicates whether the scope is increasing or decreasing/staying the same.
Service Impacted
All services associated with the Situation that have been impacted.
Sev Trend
Indicates if the severity is becoming more or less severe.
The Situation's current status: Opened, Closed, Resolved, Assigned, Acknowledged etc.
Story ID number that matches the Situation ID number at the top of the Merge tree.
Teams that the Situation are associated with.
Total Alerts
Total number of Alerts associated with the Situation.
User Comments
Number of user comments about the Situation.

Select a Situation

You can click the checkboxes in the far left column to select each Situation individually:
To select multiple Situations at once, hold down Shift and then click the checkboxes of the Situations you want to select. If you select one Situation using this method and then click another Situation further down the list, all Situations between the two will also be selected.
Another method is to left-click and drag down to highlight the Situations you want to select and then right-click to select them and open the Tools Menu (also known as the Right-Click menu).
Click the Select All checkbox in the top left corner to select all Situations. If the checkbox is grayed out, scroll down to load all Situations and activate it.

Move View Columns

You can change the width of each column by hovering your mouse cursor over the column order and clicking and dragging it to increase or decrease the width.
To change the order of the columns, click the column title cell of the column you want to move and drag it to a new location in the top row. Two green arrows will indicate if the move is valid:
You can also configure the order in which the Situations are shown by clicking the column title cell to rearrange them in ascending or descending alphabetical or numerical order.
For example, click the 'Severity' column to arrange the Situations in ascending or descending order of severity.

Situation Tools Menu

Use the Tools menu or right-click menu to perform any other action on one or more selected Situations.
This can be accessed by clicking Tools or by right-clicking on the Situation list.
Select a Situation or multiple Situations by clicking in the checkboxes in the far left column, or use the Select All checkbox. Then click Tools and select one of the following actions:
Create a Situation
Opens a new pop-up window. From here you can create a new Situation
Filename: String
  • CSV (Comma Separated Values)
  • JSON (JavaScript Object Notation)
  • All Rows
  • Selected Rows
Export a row, multiple selected rows or all rows in CSV or JSON format
Makes you the owner of the selected Situation or Situations
Enables you to assign the Situation to a User if you have the correct rights
This de-assigns the Situation from its current owner
This de-acknowledges the Situation so it is no longer in progress
Show Details
This opens Situation Details
This links to any configured Server Tools
Add to Merge...
This adds the selected Situation in a new 'Merge Situations' panel.
Opens a new pop-up window. From here you can add a Situation Rating and journal entry prior to resolving the Situation*
Opens a new pop-up window. From here you can add a Situation Rating and journal entry prior to closing the Situation*
This reopens a resolved or closed Situation
See Resolve Situations for more information.

Situation Severity

There are six default industry-standard severity levels, which are shown and described below:
Clear - indicates that one or more Events have been reported but then subsequently cleared either manually or automatically
Indeterminate - indicates the severity level could not be determined
Warning - indicates that a number of potential or imminent service affecting faults have been detected
Minor - indicates there is a non-service affecting fault but action could be required to prevent it becoming a more serious issue
Major - indicates a service affecting fault has developed and corrective action is urgently required
Critical - indicates that a serious service affecting fault has occurred and corrective action is required immediately
The color severity of the My Situations and Open Situations icons on the Side Menu indicates the highest severity level of the Alerts within each list.
A Situation's severity will be determined by its Alert with the highest severity level. If this Alert is cleared then the Situation will adopt the severity level of the Alert with the next highest severity.

Situation Details

The Situations Details window allows you to explore the forensic details of a Situation.
​​​​​​​The individual column names and their descriptions are listed in the table below:
The category of the Situation. These include:
  • Closed - Situations that are closed
  • Created - Situations created by a User
  • Detected - Situations generated by an algorithm/Sigaliser
  • Priority - An automatically created Situation with Alerts that match a user-defined template
  • Superseded - Situations that have been merged with another Situation
Created At
The time the Situation was created (the number of seconds, minutes, hours, days ago)
The text description of the Situation
First Event Time
The time of the first Event (the number of seconds, minutes, hours, days ago)
The Situation ID
Last Change
The time of the last change that was made to the Situation
Last Event
The time that the last Event was recorded (the number of seconds, minutes, hours, days ago)
Owned By
The username of the User who owns the Situation
The number of participants in the Situation. A User becomes a participant after commenting in the Situation Rooms
Process Impacted
The number of processes the Situation is impacting
The scope of the different source groups that are affected by the Alert or Situation (End-User, All, Network, Applications, Database, Storage, Desktop, Cloud, Other)
Scope Trend
Whether the scope is increasing or decreasing/staying the same. This is indicated by an up or down arrow
The severity of the Situation
The status of the Situation
The story is the Situation ID at the top of the merge tree
The teams that are impacted by the Situation
Total Alerts
The total number of Alerts associated with the Situation
User Comments
​​​​​​​The number of User comments in the Situation Room
You can copy out the Situation Details by clicking and dragging across the text to highlight it. You can use Ctrl + C ( + c on Mac) to copy the text. This can be pasted in an external editor or tool as required.

Custom Info

Custom Info is where you can view custom fields for the Situation.
This will appear in a page tree format. Click the blue-drop down arrows to view the properties beneath each branch.
Administrators can add Custom Info to alerts during system configuration. Otherwise you can add Custom Info using the Situation Client Tool using a JSON snippet under the 'Merge Custom Info' field