Moogsoft Docs

Vertex Entropy

Vertex Entropy is a Moogsoft AIOps algorithm that indicates the critical nodes within your network and their tendency to produce important events.

You can use Vertex Entropy if you want to cluster alerts into Situations based on their topological importance. Once the calculation is run against a topological map of the connected nodes in your network, it applies a Vertex Entropy value for each node or "vertex".

29962191.png

This diagram shows the Vertex Entropy values for a network of 12 connected nodes. A Vertex Entropy value of 1.0 indicates a node of highest topological importance.

Note

Node - a device or base unit that forms part of a larger network. This is known as a 'vertex' in graph theory.

Link - a connection between two directly connected nodes. This is known as an 'edge' in graph theory.

Hop - a jump between two directly connected nodes.

Before You Begin

Before you perform the Vertex Entropy calculation and enable its associated features, ensure you have met the following requirements:

  • You have a map of the connected nodes in your network in a comma-separated value (.csv) file.

  • Your .csv topology file contains all of the nodes that you expect to send events.

  • You have run the topology builder utility to import your network topology. See Import a Topology.

Calculate the Vertex Entropy

To enable the features associated with Vertex Entropy, follow these steps:

  1. Import your network topology .csv file into the database using the topology builder found at $MOOGSOFT_HOME/bin:

    ./topology_builder -t <file_name>.csv

    The topology builder utility uses the source data to build a topology. If there is no pre-existing topology, topology builder records host names in the entity_catalog table. By default topology builder assigns each node to the 'Network' group and the 'Unix servers' competency. The utility records the topological information in the moog_reference.one_hop_topo and moog_reference.topo_nodes tables. See Import a Topology for more information.

  2. Run the graph analyser from $MOOGSOFT_HOME/bin to calculate the Vertex Entropy for the nodes or "vertices" in your network. This is a one-off calculation:

    ./graph_analyser

    Graph analyser disregards any weight values included in your imported network topology. See Graph Analyser Command Reference for the available arguments.

Once the graph analyser has been run and each node has a Vertex Entropy value, you can start using these values in other areas of Moogsoft AIOps.

Add a Vertex Entropy Filter

You can use Vertex Entropy as either a trigger or an exclusion filter in a Cookbook Recipe. These filters include or exclude alerts with similar importance in terms of network connectivity. For example, you can set a trigger so Cookbook considers alerts with a Vertex Entropy value of over 0.5 for Situation creation.

To do this, follows these steps:

  1. Create a new Recipe under your Cookbook Moolet in $MOOGSOFT_HOME/config/moolets/cookbook.conf

  2. Add the following value for the trigger parameter:

    trigger       :"vertex_entropy > 0.5",

  3. Save the changes and restart Moogfarmd.

Alternatively, you can create an exclusion filter to exclude alerts with a Vertex Entropy value of less than 0.3 from Situation creation:

exclusion :"vertex_entropy < 0.3",

Add a Hop Limit

You can add ahop_limit filter as part of the matcher configuration in a CValueRecipe so Cookbook clusters alerts from nodes within a certain number of hops from each other. This can be used alongside Vertex Entropy trigger or exclusion filters.

29962190.png

In this diagram, a hop limit of '3' means Cookbook includes alerts from all nodes between node A and node D.

The hop_limit filter ensures Cookbook only clusters alerts that originated from nodes that are close together. See Cookbook and Recipe Reference for more information.

Add a Seed Alert

You can add a seed_alert filter to a Recipe to ensure Cookbook only creates a new Situation if an alert matches the provided filter value.

For example, if you only want to create Situations when there is an issue with the most critical nodes in your network, you can set the seed_alert filter to only create Situations from alerts with a Vertex Entropy value of 1.0:

seed_alert :"vertex_entropy=1.0",

If enabled, the initial seed alert must meet both the trigger and seed_alert conditions. See Cookbook and Recipe Reference for more information.

The seed_alert filter is not specific to Vertex Entropy and can be used for other conditions such as severity.

Cookbook Recipe Example

The example Cookbook Recipe below filters for alerts with a high Vertex Entropy:

{
    chef: "CValueRecipe",
    name: "VertexEntropy",
    description: "Recipe for alerts with a high Vertex Entropy",
    recipe_alert_threshold: 0,
    exclusion: "vertex_entropy < 0.3",
    trigger: "vertex_entropy > 0.8",
    seed_alert: "vertex_entropy = 1.0",
    rate: 0,
    #Given in events per minute
    min_sample_size: 5,
    max_sample_size: 10,
    cook_for: 5000,
    cluster_match_type : "first_match",
    matcher: {
                        hop_limit: 2,
                components: [{
                name: "source_id",
                similarity: 1.0
            }
        ]
    }
}
In this section: