Skip to main content

Data Processing Flow

Before you configure or customize data processing in Moogsoft Enterprise, take some time to learn the components that comprise the basic flow for processing event, alert, and Situation data.

Except for the Link Access Modules (LAMs) that perform data ingestion, the rest of the data processing components are individual Moolets that run as part of the Moogfarmd. For more information, see Moogfarmd and Core Data Processing.

The following diagram shows a general data processing flow. Your specific flow may be different depending on your use case and any customizations you apply:

data-processing.png

A) LAMs / Data Ingestion

The LAMs or Integrations ingest raw event data from your monitoring sources. LAMs do one of the following with the event data:

  • Map raw events into Moogsoft Enterprise events.

  • Discard events based upon system configuration. For example a blacklisting rule.

See Introduction to Integrations for more information.

B) Event Workflow Engine

The Event Workflow Engine listens for events on the message bus and processes them based upon any active workflows.Workflow Engine

See Workflow Engine for an overview of how the Workflow Engine UI works. See Workflow Engine Moolets for information on the Moolet.Workflow Engine

C) Alert Builder

The Alert Builder deduplicates events into alerts and calculates the entropy value for alerts. Deduplicated events are visible in the UI after passing through the Alert Builder.

See Configure Alert Builder for more information.

D) Enricher

The Enricher is an optional moolet that you can use to enrich alert data from external data sources such as a CMDB. See Enrichment Overview for information about the enrichment process.

See Enricher Moolet for information on the Moolet.

E) Enrichment Workflow Engine

The Enrichment Workflow Engine listens for alerts on the message bus and processes them based upon any active workflows. For an example enrichment workflow, see Enrich Alerts Using a JDBC Data Source.Workflow Engine

See Workflow Engine for an overview of how the Workflow Engine UI works. See Workflow Engine Moolets for information on the Moolet.Workflow Engine

F) Maintenance Window Manager

The Configure Alert Behavior During a Maintenance Window prevents alerts from creating Situations during known maintenance downtimes.

To learn how to create a maintenance window, see Schedule Maintenance Downtime. See Configure Alert Behavior During a Maintenance Window for information on the Moolet.

G) Alert Workflow Engine

The Alert Workflow Engine listens for alerts on the message bus after they have passed through the Maintenance Window Manager. It processes alerts based upon any active workflows you have created. If you want to set up alert routing to a different clustering algorithm, you can use the Alert Workflow Engine. For example, you can forward alerts to Tempus.Workflow Engine

See Workflow Engine for an overview of how the Workflow Engine UI works. See Workflow Engine Moolets for information on the Moolet.Workflow Engine

H) Alert Rules Engine

If you upgraded from a previous version, you may have data processing configurations that use the Alert Rules Engine . The Alert Rules Engine lets you define criteria to process alerts according to different Transitions to move these alerts to different Action States. Before you start an implementation with the Alert Rules Engine, see if the Workflow Engine meets your needs.

See Alert Rules Engine for more information.

I) Clustering Algorithms

The clustering algorithms (Sigalisers) in Moogsoft Enterprise group related alerts into Situations.

See the Clustering Algorithm Guide for an overview of the algorithms. To configure a clustering algorithm, see Configure Clustering Algorithms.Clustering Algorithm Guide

J) Situation Manager

The Situation Manager listens for Situation creation, update, and closure actions and lets you automate processes like data enrichment, assignment, or notification to a ticketing system.

The Situation Manager Labeler is part of the Situation Manager. See Situation Manager for more information.

K) Teams Manager

The Teams Manager Moolet listens for new Situation creation, update, and closure actions. It handles the team assignments you create in the Settings UI. See Manage Teams.

See Teams Manager Moolet for information on the Moolet.

L) Situation Workflow Engine

The Situation Workflow Engine listens for Situations on the message bus after they have passed through the Situation Manager. It processes Situations based upon any active workflows you have created.Workflow Engine

See Workflow Engine for an overview of how the Workflow Engine UI works. See Workflow Engine Moolets for information on the Moolet.Workflow Engine

The following video further explains the data processing flow: