Alert Processing

Moogsoft AIOps processes alerts using the following backend components. For alert processing capabilities using Workflow Engine in the Moogsoft AIOps UI, see Workflow Engine and its related topics.

These components are responsible for performing analysis, adding information to alerts, and noise reduction techniques.

  • Events Analyser: A standalone process that analyses tokens in events and assigns each token an entropy value. The Events Analyser can use any text field in an event but, by default, it uses the event's description. This process runs periodically and does not form a part of the alert processing workflow.

  • Alert Builder: Processes events from the Message Bus. It:

    • Deduplicates events into alerts.

    • Calculates the entropy of alerts.

  • Enricher: Enriches alerts with additional information.

  • Maintenance Window Manager: Marks alerts as 'In maintenance' if they match a scheduled maintenance window filter. You can set up maintenance windows for planned maintenance, such as scheduling a fix or regular maintenance of a system.

  • Alert Rules Engine: Allows conditional processing of alerts, such as managing link up/link down processing. Before you configure the Alert Rules Engine, read about the Workflow Engine which is a powerful and flexible tool for data processing available in the Moogsoft AIOps UI.

  • Empty Moolet: An optional component that enables further processing of alerts or Situations. It usually runs as a standalone process but it can also be embedded in the processing chain. Moogsoft AIOps provides an example Empty Moolet in the form of an Alert Manager.

The following diagram shows the alert processing components in a typical implementation of a workflow chain in Moogsoft AIOps:


Each component comprises a Moolet supplemented by Moobots.