Configure a Cookbook

Cookbook is a deterministic clustering algorithm in Moogsoft Enterprise that creates Situations defined by the relationships between alerts.

Cookbook requires at least one active Recipe in order to function and cluster alerts into Situations. See Configure a Cookbook Recipe for more details.

Before you begin

Before you set up your Cookbook via the UI, ensure you have met the following requirements:

  • You have set up the Recipes you want your Cookbook to use. See Configure a Cookbook Recipe for details.

  • Your LAMs or integrations are running and Moogsoft Enterprise is receiving events.

Create a Cookbook

To create a new Cookbook from the UI:

  1. Navigate to the Settings tab.

  2. Click Cookbooks in the Algorithms section.

  3. Click the + icon to create a new Cookbook.

  4. Fill in the properties to name and describe the Cookbook:

    • Name: Name of the Cookbook.

    • Description: Text description of the Cookbook.

  5. Configure the Cookbook's input and clustering behaviour:

    • Process Output Of: Defines the source of the alerts for the Cookbook.

    • Cluster By: Determines Cookbook's clustering behavior. You can select First Matching Cluster so Cookbook adds alerts to the first cluster in a Recipe over the similarity threshold value. This is the default behavior for Cookbook. Alternatively, select Closest Matching Cluster to add alerts to the cluster with the highest similarity greater than the similarity threshold value. This option may be less efficient because Cookbook needs to compare alerts against each cluster in a Recipe.

    • Entropy Threshold: Minimum entropy value an alert must have in order for Cookbook to consider it for clustering it into a Situation. Cookbook does not include any alerts with an entropy value below the threshold in Situations. If you set it to 0.0, Cookbook processes all alerts.

    • Cook For: Minimum time period that Cookbook clusters alerts for before the Recipe resets and starts a new cluster. See Cookbook and Recipe Examples for more information.

      If you set a different Cook For time for a Recipe, it overrides the Cookbook value. Recipes without a Cook For time inherit the value from the Cookbook.

    • Cook For Extension: Time period that Cookbook can extend clustering alerts for before the Recipe resets and starts a new cluster. Setting this value enables the cook for auto-extension feature for this Cookbook. As Cookbook receives related alerts, it continues to extend the total clustering time until the Max Cook For period is reached. Used in conjunction with the Max Cook For value, the Cook For Extension period helps to ensure that Cookbook continues to cluster alerts together that are related to the same failure. The Cook For Extension period only applies to new related alerts; it does not apply to existing alerts that are updated with new events. See Cookbook and Recipe Examples for more information.

      If you set a different Cook For Extension time for a Recipe, it overrides the Cookbook value. Recipes without a Cook For Extension time inherit the value from the Cookbook.

    • Max Cook For: Maximum time period that Cookbook clusters alerts for before the Recipe resets and starts a new cluster. It works in conjunction with the Cook For Extension time to help ensure that Cookbook continues to cluster alerts together that are related to the same failure. If Cook For Extension is set and this value is not set, it defaults to three times the Cook For value. See Cookbook and Recipe Examples for more information.

      If you set a different Max Cook For time for a Recipe, it overrides the Cookbook value. Recipes without a Max Cook For value inherit the value from the Cookbook.

    • Scale By Severity: If checked, Cookbook ignores alerts with a severity of 0 (Clear).

  6. Configure which Recipes the Cookbook uses and how it uses them:

    • First Recipe Match Only: Enables you to set a priority order for Recipes in the Cookbook. If you select this check box, Cookbook assigns each alert to the highest priority Recipe where it satisfies the clustering criteria. If unselected, Cookbook assigns an alert to all Recipes where the alert satisfies the clustering criteria.

    • Selected Recipes: Move the Recipes from the Available column to the Selected column to include them in the Cookbook. If you have selected First Recipe Match Only, put the Recipes in the correct order so that Cookbook can determine which Recipe an alert should be assigned to. You should place the highest priority Recipe at the top of the list.

  7. Click Save Changes to create the Cookbook.

Activate the Cookbook

After completing the configuration, you can activate the new Cookbook to run alongside any existing active Cookbooks:

  1. Navigate to the Settings tab.

  2. Click Cookbook Selection in the Algorithms section.

  3. Move the new Cookbook from the Available Cookbooks column to the Active Cookbooks column to make it active.

  4. Click the Advanced tab if you want to configure Moogsoft Enterprise to purge closed and superseded Situations from Moogfarmd. Define how often you want the purge to occur in hours and minutes.

  5. Click Save Changes to activate the Cookbook.

When you have completed the configuration, Moogsoft Enterprise applies the changes to the Cookbook as soon as you save the changes.

If you change a Cookbook, see Cookbook Configuration Changes for information on how these changes affect the clusters that Cookbook creates.