Skip to main content

Configure Entropy to Reduce Operational Noise

Entropy is a measure of how unexpected or unpredictable an event or an alert is. The guiding principle of entropy in Moogsoft Enterprise is that a more unpredictable alert with a higher entropy value is of more interest because it probably indicates unexpected behavior from your environment.

The Alert Analyzer utiitiy assigns each alert a numeric entropy value between 0 and 1 to indicate how common or unusual the words in certain attributes are. Moogsoft enables you to visualize and understand the benefits of using entropy to reduce operational noise. See Entropy for an overview of entropy in Moogsoft Enterprise and Alert Analyzer Utility for more information on how it calculates entropy values.

You can use entropy thresholds to reduce operational noise in Moogsoft Enterprise. The interactive entropy threshold graphs in the Alert Analyzer show a summary of the distribution of alerts in the system by entropy value. Adjust the slider for the entropy threshold to visualize how the threshold will reduce operational noise without omitting alerts of interest.

Entropy thresholds can be a value or a percentage. You can set a global default entropy threshold and you can set specific entropy thresholds for specific managers. The graphs display how many alerts exist with a given entropy value and how many exist below a given entropy value. You can select an entropy value and review it to ensure you are including and excluding the appropriate alerts. See Configure Entropy Thresholds with Alert Analyzer for details.

You can configure the information that you want to include in your entropy generation calculations. See Configure Entropy Generation for more information.