Alert Analyzer and Entropy Lab

The Alert Analyzer calculates which events and alerts are most common, based on their descriptions. You can use this information to better understand your data and to exclude the most common alerts--those with low information entropy--from Situations. Low-entropy alerts are often unimportant and may be contributing to noise in your data. You can set thresholds for excluding alerts from further processing by visually examining the entropy distribution of your data.

You should configure the Alert Analyzer after you have completed data ingestion and basic Situation design and are ready to fine-tune your alert processing. For this lab, assume that you are an implementer who is deciding whether you want to use entropy thresholds for your organization, which manages communication and networking infrastructure.

Once you complete this lab you will be able to:

Before You Begin

If you are a Moogsoft partner or customer, you can request a virtual lab instance pre-provisioned with data here. If you are enrolled in a class you will already have your lab instance; otherwise, allow up to two days to receive an email with your instance details. The email will include a URL you can use to access Moogsoft Enterprise in a browser. You will also receive ssh credentials to access the Linux operating system of your instance, but you won't need them for this lab.

Once you have the instance details, go to the URL and click through the security warnings. (If you can't click through the security warnings, try using a different browser.) Log into the user interface using the username 'admin' and the password 'admin'.

Consult the documentation links above and elsewhere in this lab, the entropy feature highlight video, and the overview for each lab section if you want to try doing the lab on your own. Otherwise, read the overview and follow the step-by-step instructions for each section.