updateTempus
A Graze API POST request that updates an existing Tempus Moolet.
Back to Graze API EndPoint Reference.
Request arguments
Endpoint updateTempus
takes the following request arguments. You must
supply the name of the Tempus algorithm plus at least one other argument that you want to change.
Name |
Type |
Required |
Description |
---|---|---|---|
|
String |
Yes |
A valid |
|
String |
Yes |
Name of the Tempus algorithm. Must be unique. |
|
String |
No |
Description of the Situations Tempus generates. |
|
List |
Yes |
Defines the source of the alerts that Tempus processes. |
|
Boolean |
No |
Whether this Tempus algorithm should start when Moogfarmd starts. |
|
Number |
No |
Minimum entropy value for an alert to be clustered into a Situation. Tempus does not cluster any alerts with an entropy value below the threshold into Situations. |
|
Number |
No |
Executes Tempus after a defined number of seconds. |
|
Number |
No |
Determines the length of time when Tempus analyzes alerts and clusters them into a Situation each time it runs. |
|
Number |
No |
Determines the time span of each bucket in which alerts are captured. Default bucket size is 5 seconds. |
|
Number |
No |
How similar alerts must be to be considered for clustering. |
|
Number |
No |
Minimum number of alerts that match the clustering criteria before the Tempus algorithm creates a Situation. When Tempus determines the number of alerts required to create a Situation, it compares the alert threshold values in Tempus and in the merge group that Tempus belongs to, and it uses the higher value. If you are using the default merge group which has an alert threshold of 2, Tempus will never create a Situation containing a single alert. If you want Moogsoft AIOps to create Situations with a single alert, consider changing the alert threshold in the default merge group to 1 or creating custom merge groups. See Merge Groups for more information on updating the default merge group and setting up custom merge groups. |
|
String |
No |
Splits clustering according to the entered component. After alerts have been clustered
and before they enter merging and resolution, you can split clusters into sub-clusters
based on a component of the events. For example, you can use the NoteMoogsoft does not recommend partitioning by components. |
|
Boolean |
No |
Partitions event streams before clustering. You specify a component field on which the event stream will be partitioned before clustering occurs. The alerts in the resulting Situations each contain a single value for the component field chosen. |
|
String |
No |
Calculation that determines how significant a cluster of alerts or a potential
Situation must be for Tempus to detect it. |
|
Number |
No |
Sets the maximum significance score for Tempus to create a Situation. The score is proportional to the probability that the alert cluster or potential Situation was coincidence. The lower the score, the more significant the cluster and the least likely it was a coincidence. This score ranges from 0 to 100. |
|
String |
No |
Detection algorithm that Tempus uses, one of: |
Response
Endpoint updateTempus
returns the following response:
Examples
The following examples demonstrate typical use of endpoint updateTempus
:
Request example
Example cURL request to update the detection algorithm on Tempus algorithm "newTempus":
curl -X POST -u graze:graze -k "https://localhost/graze/v1/updateTempus" -H "Content-Type: application/json; charset=UTF-8" --data '{ "name" : "newTempus", "detection_algorithm": "LouvainMulti" }'