Configure a Cookbook Recipe

A Cookbook Recipe is a set of configurable filters, triggers, and calculations that defines the type of alerts and the alert relationships that Cookbook detects and clusters into Situations.

Cookbook requires at least one active Recipe in order to function and cluster alerts into Situations.

You can configure the following two recipe types from the UI:

  • Value Recipe v2: Default Recipe that extracts and analyzes groups of consecutive characters, called shingles, to measure text similarity between alerts.

  • Value Recipe: First version of the Value Recipe that uses a string comparison mechanism to determine text similarity between alerts.

See Recipe Types for more details on the different types of Recipes available in Cookbook. If you want to implement a Bot Recipe that allows you to call Moobot functions, you can use the Graze API.

Before you begin

Before you set up your Recipe via the UI, ensure you have met the following requirements:

  • Your LAMs or integrations are running and Moogsoft AIOps is receiving events.

  • If you want to use Vertex Entropy or hop limit in your Recipes, you have imported your network topology. See Import a Topology .

Create a Cookbook Recipe

To create a new Cookbook Recipe from the Moogsoft AIOps UI:

  1. Navigate to the Settings tab.

  2. Click Cookbook Recipes in the Algorithms section.

  3. Click the + icon to create a new Recipe.

  4. On the Recipe tab, enter the properties to name and describe the Recipe:

    • Name: Name of the Recipe. Use a unique and descriptive name.

    • Situation Description: Description that appears in Situations that the Recipe creates.

    • Recipe Type: Type of recipe. The options are Value Recipe and Value Recipe v2. See Recipe Types for more information.

  5. Configure the Recipe behavior and filters that define the alert relationships:

    • Trigger Filter: Determines the alerts that Cookbook considers for Situation creation. Cookbook includes alerts that match the trigger filter. By default Cookbook only includes alerts with a severity of 'Critical'. For details on creating a filter, see Filter Search Data. To set a vertex entropy trigger filter, see Set Up Vertex Entropy for more information.Set Up Vertex Entropy

    • Exclusion Filter: Determines the alerts to exclude from Situation creation. Cookbook ignores alerts that match the exclusion filter. For details on creating a filter, see Filter Search Data. To set a vertex entropy exclusion filter, see Set Up Vertex Entropy for more information.Set Up Vertex Entropy

    • Seed Alert Filter: Determines whether to create a Situation from a seed alert. The seed alert must meet both the Trigger Filter, Exclusion Filter and Seed Alert Filter criteria to create a Situation. Cookbook considers subsequent alerts for clustering if they meet the trigger and exclusion filter criteria. Alerts that arrive prior to the seed alert that met the trigger and exclusion filter criteria do not form Situations. For details on creating a filter, see Filter Search Data. To set a vertex entropy seed alert filter, see Set Up Vertex Entropy for more information.Set Up Vertex Entropy

      The seed alert filter is a mechanism to ensure that only specific events create Situations. For example, if you create a seed alert filter where the description matches 'Switch failure', alerts are eligible for clustering into a Situation only after a seed alert with the matching description arrives.

    • Rate Filter: Determines whether Cookbook clusters alerts into Situations based on the rate the alerts arrive and the minimum and maximum sample size. To add a rate filter, check the checkbox and complete the following fields:

      • Rate: Rate, in number of alerts per minute. Cookbook clusters alerts if they arrive at the rate specified here or higher.

      • Min Sample Size: Number of alerts that must arrive before the Cookbook starts to calculate the alert rate.

      • Max Sample Size: Maximum number of alerts that are considered in the alert rate calculation. When more than this number of alerts have arrived, Cookbook discards the oldest alerts and calculates the alert rate based on the number of alerts in the Max Sample Size.

    • Alert Threshold: Minimum number of alerts in a candidate cluster required before Cookbook creates a Situation. If left as '1', a single alert can generate a new Situation.

      To determines the number of alerts required to create a Situation, Cookbook compares the alert threshold values in the Cookbook Recipe to those of the merge group that the Cookbook Recipe belongs to. It uses the higher value.

      If you are using the default merge group which has an alert threshold of 2, Cookbook will never create a Situation containing a single alert. If you want Moogsoft AIOps to create Situations with a single alert, change the alert threshold in the default merge group to 1 or create a custom merge group. See Merge Groups for more information on updating the default merge group and setting up custom merge groups.

    • Cook For: Minimum time period, in seconds, that Cookbook clusters alerts for before the Recipe resets and starts a new cluster. See Cookbook and Recipe Examples for more information.

      If you set a different Cook For time for a Recipe, it overrides the Cookbook value. Recipes without a Cook For time inherit the value from the Cookbook.

    • Cook For Extension: Time period that Cookbook can extend clustering alerts for before the Recipe resets and starts a new cluster. Setting this value enables the cook for auto-extension feature for this Recipe. As Cookbook receives related alerts, it continues to extend the total clustering time until the Max Cook For period is reached. Used in conjunction with the Max Cook For value, the Cook For Extension period helps to ensure that Cookbook continues to cluster alerts together that are related to the same failure. The Cook For Extension period only applies to new related alerts; it does not apply to existing alerts that are updated with new events. See Cookbook and Recipe Examples for more information.

      If you set a different Cook For Extension time for a Recipe, it overrides the Cookbook value. Recipes without a Cook For Extension time inherit the value from the Cookbook.

    • Max Cook For: Maximum time period that Cookbook clusters alerts for before the Recipe resets and starts a new cluster. It works in conjunction with the Cook For Extension time to help to ensure that Cookbook continues to cluster alerts together that are related to the same failure. If Cook For Extension is set and this value is not set, it defaults to three times the Cook For value. See Cookbook and Recipe Examples for more information.

      If you set a different Max Cook For time for a Recipe, it overrides the Cookbook value. Recipes without a Max Cook For value inherit the value from the Cookbook.

  6. Configure the alert matching properties for the Recipe:

    • Cluster By: Defines how Cookbook matches alerts to clusters. You can select the default option to cluster alerts based on Cookbook's First Recipe Match Only setting. The First Matching Cluster option adds alerts to the first cluster above the similarity threshold value. The alternative is Closest Matching Cluster to add alerts to the cluster with the highest similarity greater than the similarity threshold value. The latter option might be less efficient because it needs to compare alerts against each cluster in a Recipe.

    • Hop Limit: Maximum number of hops between the alert source nodes in order for the alerts to qualify for clustering. Moogsoft AIOps measures hop limit from the first alert that formed the Situation and always follows the shortest possible route in the network. A hop is the jump between two directly connected nodes in a network. For more information on hops, see Vertex Entropy. To set a hop limit, see Set Up Vertex Entropy for more information.Set Up Vertex Entropy

      You can only use a hop limit if you have imported your network topology into the system. See Import a Topology for details. If you have imported a topology but do not set a hop limit, the Cookbook Recipe will not use the topology to cluster alerts.

  7. On the Clustering tab, add the fields that you want Cookbook to factor in when clustering alerts:

    • Click the + icon and select a field in the drop-down list.

    • Use the slider to set the similarity threshold for each field. The value determines the required percentage similarity for Cookbook to cluster a set of alerts.

    • If you want to use custom info fields, configure the Match List Items option. See Match List Items in Recipes for details.

    • If you are configuring a Value Recipe, check Case Sensitive if you want the text similarity calculation to factor in case sensitivity. See Recipe Types for more information.

    • If you are configuring a Value Recipe V2, select whether you want Cookbook to calculate text similarity using shingles or words. You can select Shingles from the drop-down list in the Language Processing field and enter a Shingle Size. The default value is the optimal shingle size for that field. Alternatively, you can select Words. See Recipe Types for more information.

  8. Click Save Changes.

When you have completed the configuration, Moogsoft AIOps applies the changes to any active Cookbooks that use the Recipe as soon as you save the changes. If the Recipe has not been added to an active Cookbook, go to Settings > Cookbook and move the Recipe under Selected Recipes for that Cookbook.

If you change a Cookbook Recipe, see Cookbook Configuration Changes for information on how these changes affect the clusters that Cookbook creates.