8.0.x Improvements

Moogsoft Enterprise 8.0.x contains the following improvements. See Graze API and MoogDb V2 for details of improved endpoints and methods.


Release Note


The following header directive options are now configured by default in the browser, to reduce the security risk of attempted access by unauthorised users:

  • X-Content-Type-Options

  • Content-Security-Policy (CSP)

  • X-XSS-Protection

  • Referrer-Policy

This will break any existing Situation Room Plugins to external vendors. To allow these sites, see the upgrade instructions depending on your implementation type: RPM - Upgrade UI components or Tarball - Upgrade UI components.


Visualize GA-ready UI improvements:

  • The reference alert is now pinned to the top of the Visualize alert list and highlighted with an orange dot marker.

  • Once you adjust the slider values you can now click a button to save the changes directly to the Cookbook Recipe that generated the Situation.

  • When multiple alerts are represented by a single dot, the alert details panel now displays all matched alerts when you click on the centre of the graphic. New tabs allow you to move between the alerts.

  • Alerts that are grayed out when you adjust the similarity threshold are now also filtered out of the alert list. Alerts are only filtered out when they are grayed out in ALL diagrams.

  • You can now adjust Visualize diagrams by clicking and dragging the threshold boundary ring.

  • Alert fields used for Situation clustering are now ordered first in the Visualize alert list. The clustered alert columns' colours also match those of their respective graphs.

  • The Visualize tab now automatically updates when new alerts are added to a Situation.

  • The fields represented as diagrams in the Visualize tab now appear at the top of the alert details pane, in the same colours as the diagram.

  • A vertical line on the diagram slider now identifies the previous Recipe threshold value, if it has changed since the Situation was created.

  • The feature now supports Situations created using custom_info based clustering rules.

  • Quick jump buttons now allow you to step to the next highest or lowest alert similarity value.


Alert and Situation list improvements:

  • Situation preview settings now persist if you log out or navigate away from the Situation list and then back to it.

  • Default column ordering for Situation lists has changed to Severity, Situation ID, Owned By, Total Alerts, Description, Services Impacted, Created At, Status.

  • Default column ordering for alert lists has changed to Severity, Host, Manager, Type, Description, First Event, Last Event, Count.

  • Some column names have changed (First Event Time is now First Event, Last Event Time is now Last Event, Created At is now Created). Last Change is no longer present in the default view.

  • The display of filter options on a Situation list has been improved when split pane view is in use.

  • Hover-over tooltips have been improved.

  • Time fields are now displayed with format HH:MM DD:MM.


Selective copy improvements:

  • The copy dialog now supports pressing <Enter> as an alternative to clicking <Ok>. To quit you can use the Escape key or click <Cancel>.

  • The selective copy function now retains your last selection. Checkboxes now default to unchecked instead of checked.

  • You can now trigger selective copy with the Shift key plus a Hotkey set to Copy. By default the Copy Hotkey is “C”.


Provides a toggle to switch the Situation Timeline view so that it shows or hides leading events.


The collapsed/expanded state of the left navigation panel in the UI now persists between logins.


You can now scroll the left hand side navigation and the main area of the UI independently.


The performance of the database splitter utility is improved. We have reduced database lock waits, deadlocks and issues with replication while the splitting is running.


The UI browser tab icon is now a pink version of the logo, to be clearly visible in both macOS themes, light and dark.


The MySQL thread_stack parameter has been increased to 512k to allow stored procedures to complete more reliably.


The moog_archiver utility no longer includes the -o --retain_open option. It is no longer valid because the utility now always runs against the historic database. Using the option produces a message to this effect and displays the help text for the utility.


The topology_builder utility has been replaced by the topology_loader utility which can upload a .csv file to the topology API.


The signature column from the moogdb sig_alerts table has been moved to its own table named “signatures”.


Cookbook and recipe data is now stored in the “cookbook” and “recipe” tables in moogdb, and not in the “system_config” table.


The database splitter is now configured to run once a day, rather than at fixed intervals. This reduces the overhead of running the process within core hours and minimizes the impact on live systems.


The UI Situation and alert lists now use modern vue.js technology as opposed to legacy ext.js libraries.


Updates OpenJDK to v11.0.6. Nine dependencies updated to resolve Common Vulnerabilities and Exposures (CVEs).


Various HTTP security-related headers are now returned for API responses.


OpenJDK dependency is now more flexible. You can now upgrade to any version of open-jdk >= 11.0.5 without updating the Moogsoft Enterprise RPMs.


When a user is added to a team or removed from a team, the username and user ID are now logged for auditing purposes.


You can now configure the Tool Runner port using the new property “toolrunnerport” in the servlets.conf file. By default the Tool Runner uses port 22.


Updates the shipped version of the Java-based utility commons-beanutils to resolve security vulnerabilities.


Updates the shipped version of Jackson data-bind to resolve several security vulnerabilities.


POST requests to the MoogSvr API are now rejected with a 400 error if they contain any query (URI) parameters other than request.


Transport Layer Security (TLS) 1.3 is now supported.


Adds cross-site request forgery support.


You can now configure Moogsoft Enterprise to connect to Elasticsearch using encrypted credentials.


The new “getThreadEntry” API endpoint and MoogDb method retrieves specific thread entry details using the entry ID.



The new Graze API endpoints and Moogdb methods "updateClosedAlert" and "updateClosedSituation” enable users to update alerts and Situations during the grace period.


A new function in the Moobot Constants module “getNameSpace” returns the name and details of a specified namespace.


Adds two new views to monitor database performance, “top_used_tables” and “worst_queries”. These views query the MySQL performance schema to provide information about a running system.


A new UI page Settings > Vertex Entropy allows you to disable the graph analyser process that calculates Vertex Entropy.


Logging has been improved to indicate when a Moogfarmd process has finished starting/loading.


The Workflow Engine sweep up filter now supports an optional relative time window, which filters objects updated or created within a specified timeframe.


The Workflow Engine sweep up filter now excludes closed alerts and Situations.


Database splitter logging is improved to give more detailed information on the data that was moved, and any locks that occurred.


The UI summary dashboard now updates every 30 seconds.


You can now search for workflows in the Workflow Engine UI.


Archive logging now includes loose alerts (those not clustered in any Situation).


The new Graze API endpoint “getSituationSeverityChanges” returns Situation severity changes and the timestamp when the severity changed.


Two new statistics have been added to the db_stats section of the Moogfarmd health log: “top_blocking_query” and “top_blocking_query_count”.


Increases in Situation severity are now recorded in the moogdb database sig_journal table with code 40.


Adds support for an encrypted keystore password in the security.conf file.


The Graze API endpoint “getSituationVisualization” now returns the original threshold values for the Recipe at the point of the Situation creation. If a threshold was removed from the Recipe after Situation creation, it is not returned in the response. If a threshold was added to the Recipe since Situation creation, the current and original values are returned.


Previous services detail has been added to the SigUpdate event payload.


When SAML processing fails the log now contains the encoded SAML response.


Moogsoft Enterprise now logs errors when it fails to fetch database connections.


When creating a Cookbook Recipe, alert filters now provide suggestions for equality operators that are relevant to the field being used for filtering.


User login and logout is now captured for audit logging.


The start, stop and restart actions for Moogfarmd and LAMs have been removed from the Self Monitoring feature in the UI. Start and stop services are now only available from the command line. More support has been added for automatic restart if changes are made to Cookbooks/Recipes via the UI.


Two new Graze API endpoints and MoogDb methods access session audit log information:

  • “getUserSessionInfo” returns session information for an individual user.

  • “getAllSessionInfo” returns session information for users over a period of time.


The events_analyser and moog_archiver utilities now log to a file by default. You can specify a different log file name using the --logfilename option. To log to console instead of a file, use the --logconsole option.


The preview mode UI setting is now remembered for each user, for the duration of the session and after logging out and back in.


The Grafana dashboard widgets for Teams and Services have been updated for improved clarity.


A new configuration property “refresh_interval” is now available in the “search” section of the system.conf configuration file. It defines how often an Elasticsearch index refreshes. A newly indexed document is not visible in search results until the next time the index refreshes. Defaults to 30 seconds.


When searching for Situations and alerts in the UI, the order in which results are now displayed is:

  1. Relevant Situations

  2. Relevant alerts

  3. Situations related to the relevant alerts


In Situation preview mode, clicking through the Situation list now opens new tabs to show a Situation’s alerts.


Graze API endpoints that return a filter now return the filter in SQL format rather than JSON.


Administrators can now block file uploads to the Situation Room for specified file extensions.


The version of Hazelcast used by Moogsoft Enterprise has been upgraded to v3.12.2.


The process_cntl utility can now be used to set the loglevel of Moogsoft processes to TRACE as well as WARN, INFO and DEBUG.


The moog_indexer utility now has a 4 second timeout by default. If Moogfarmd does not respond before the timeout, the indexer stops waiting. Use the --timeout property to increase or decrease the length of the timeout.


The Cookbook UI now shows an option for 'Single Recipe Matching' instead of 'First Matching Cluster' which makes it consistent with the Graze API and configuration files.


There is a new login image for the UI background screen.


REST-based LAMs now run as active/active in HA deployments by default.


In distributed systems, the Controller now decides which instances to activate and deactivate for manual failover.


Tool Runner configuration is no longer required to install and configure integrations from the UI.


Refactored the HP NNMi integration and added proxy support.


The ServiceNow ticketing integration now supports OAuth authentication.


Added proxy support to the vRealize Log Insight integration.


You can now configure the SASL authentication mechanism for the Kafka integration in the UI. The options are PLAIN, SCRAM and OAUTHBEARER.


Added proxy authentication to the Email integration.


The Presend property is disabled by default in the configuration file and UI for the Site24x7, Catchpoint and WebSphere MQ integrations. To provide custom logic from the Lambot, use the LAM from the backend and enable the Presend property in the configuration file.


Validated the JIRA integration with JIRA Service Desk v4.7.1, JIRA Software v8.7.1 and JIRA Cloud Rest API v2.


Validated the SolarWinds integration with v12.2, v12.3 and v2019.4.


Validated the VMware vCenter and VMware vSphere integrations with v6.7.


The following integrations have new fields that are set to default on upgrade:

  • HP NNMi: Recovery interval (20 seconds) and Timeout (120 seconds).

  • Dynatrace APM Polling: Recovery interval (20 seconds).

  • EMC Smarts: Connection recovery interval (60 seconds).

  • Jira Software and Jira Service Desk: Add and assign components to Jira tickets for impacted services (True)

  • Jira Service Desk: Refresh Jira components cache (30 minutes)

  • Kafka: SASL configuration (False)

  • ServiceNow: OAuth authentication (False).


Updated rule mapping for the Site24x7 integration.


Refactored the Java Messaging Service (JMS) integration and added proxy support.


Validated the Zabbix Polling integration with Zabbix v4.0 and v4.4 and updated the UI.



UI and backend LAM integration state is now stored in the moog_intdb.integration_state table. This state can be modified by the running the integration or via the integrations REST API. The newly available REST endpoints are:

  • GET }}https://<host>{{>/integrations/api/v1/integration-states/<process_group>

  • PUT }}https://<host>{{>/integrations/api/v1/integration-states/<process_group>

where process_group is the integration’s HA group.


UI integrations can now be configured to run on remote brokers. This does not apply to inbound REST integrations, ie. webhooks.


The RabbitMQ integration is now available in the UI. This integration allows events to be ingested from a direct queue or a topic queue.


Validated the SCOM integration with SCOM 2019.


Validated the Zenoss integration with Zenoss v6.3.2.


Added proxy support to the Dynatrace APM integration. Remove the time_from and time_till configuration properties.


You can now perform the following actions on an integration's data mapping screen in the UI:

  • Specify the current time in agent time mapping, available for all monitoring integrations.

  • View unmapped custom info fields and map them if required.

  • Map to a specified location in an array.

  • Map fields with default values.

  • Unmap custom info fields.


Adds a new 'dnsLookup' function to the Utility module (applicable to both LAMbots and Moobots). This function attempts to lookup DNS information given an address and returns an object with the following structure:

{ "fqdn":"my.domain.com", "address":"", "name":"domain.com" }


The integrations controller now responds to the ha_cntl -v command and exists under the servlets group.


Splunk integration supported versions are now v6.5, v6 6, v7.0, v7.1, v7.2, v7.3 and v8.0.


UI integrations and back end LAMs no longer require a database connection. To obtain their state and HA state, they communicate with the Controller over RabbitMQ.


The Programmatic LAM now supports Retry Config, meaning that it can be retried with the retry_interval.


The Constants module no longer supports load and save functions. If your existing LAMbots use them, remove them or the reported error prevents Events from being published and polling will not occur.


Validated the AWS SNS integration Node.js v10.x and Node.js 12.x Lambda runtime engines.


A new “stringToJSON” conversion type has been added for LAMs.


In the Jira Software integration, all services assigned to a Situation are now linked with the JIRA ticket as components. Services and components are in sync. Workflows are now bidirectionally synced between Moogsoft Enterprise and JIRA so a change in ticket status in one system is reflected in the other.


Improved logging on MySQL and RabbitMQ connection initialization.


REST client's results path now supports nested paths using the standard dot notation.


The RabbitMQ LAM now retries its initial connection to the target RabbitMQ. You can configure this in the rabbitmq_lam.conf file.


The previous xMatters integration has been deprecated and replaced with a new version that is more straightforward to configure and provides some additional features:

  • The integration now sends username and a descriptive state for alerts and Situations rather than numerical representations.

  • Added proxy configuration in the UI.

  • Improved in-Situation logging for status change from either side.

  • Improved in-Situation logging when the integration is misconfigured.

  • A configuration option is now available to terminate an xMatters event on Situation Resolve; alternatively you can use the WFE 'resolveNotification' action to automate resolution of an xMatters event.