Situation Visualization

Caution

The Visualize tab is a "Labs Feature". Enable the Visualize feature in Labs to view it in the Situation Room. See Configure Labs Feature for details. Your role must have the "sig_visualize" permission to use this feature. See Manage Roles for details.

The Visualize tab in Situation Rooms allows administrators and implementers to see:

  • The Cookbook and Recipe used to create the Situation.

  • A visual representation of the similarity of the alerts within the Situation to the reference alert. The reference alert is either the seed alert, if a Cookbook Recipe is configured this way, or it is the first alert that the clustering algorithm assigned to the Situation.

  • A list of all the associated alerts in the Situation.

You can use this information to adjust your Moogsoft AIOps configuration to improve the relevance of the Situations it creates.

To view the Visualize feature, go to a Situation Room and click the Visualize tab.

Note

Currently, Moogsoft AIOps does not fully handle alerts that a user has manually added to a Situation. For example, manually added alerts do not display in a similarity diagram if their similarity to the reference alert is below the threshold for a component but they will appear in another diagram if their similarity is above the threshold for that component.

Currently, the similarity diagrams only work with core alert fields. If Moogsoft AIOps uses custom info fields to cluster alerts, the similarity diagrams do not display.

Similarity diagrams

The Visualize tab shows diagrams of the alerts in the Situation according to how the Cookbook Recipe has clustered them. In the example below, this Situation has ten alerts which are clustered by two components: Description and Source ID. The Cookbook Recipe clusters alerts whose Description is at least 20% similar to the reference alert and whose Source ID is also at least 20% similar to the reference alert. The reference alert may be a seed alert or simply the first alert that the Cookbook Recipe added to the cluster.

Each diagram shows the similarity of the alert to the reference alert for one of the components. Each alert displays as a dot on the diagram on a spoke representing the sequence it was clustered into the Situation. The reference alert has a similarity of 100% and displays at the center of the circle. Alerts with a high similarity display closer to the center of the circle and alerts with a low similarity display nearer the edge of the circle. In the example below, alerts that are only 20% similar would display at the edge of the circle.

Visualize_Tab.png

Representation of the alert in the center of each diagram is as follows:

  • Yellow dot: Single reference alert, with no other alerts having 100% similarity.

  • Blue dot with a single concentric blue circle: Reference alert plus one alert which has a 100% similarity match to the reference alert.

  • Blue dot with two concentric blue circles: Reference alert plus two or more alerts which have a 100% similarity match to reference alert.

You can perform the following actions on the similarity diagrams:

  • Hover over an alert in a diagram to display the similarity of that alert to the reference alert for that field.

  • Click on an alert in a diagram to display the details of that alert in a pane on the right hand side of the window.

  • Use the sliders below each diagram to increase the similarity value. Alerts that are outside the selected similarity appear gray. This feature enables you to determine whether a higher similarity would improve the Situation. In the example above, the Cookbook Recipe clusters alerts into a Situation if the Description has more than 20% similarity to the reference alert. You may find that alerts with a similarity of less than 29% are not really relevant to the Situation. In this case, you could consider changing the Description similarity to 29%.

Alert list

The Visualize tab displays a list of all the alerts in the Situation. The reference alert always displays at the top of the alert list.

You can enter a filter in the Filter field to display alerts in the Situation that match it. See Filter Search Data for information on creating filters.