Skip to main content



AIOps has its own terminology, and Moogsoft Enterprise adds some of its own. It can therefore be useful to get familiar with the concepts featured in the Moogsoft documentation.


A deduplicated event or an instance of new data coming into Moogsoft Enterprise. Alerts are generated by the Alert Builder Moolet.

See: Alerts Overview.

Alert Builder Moolet

A Moolet that generates alerts by identifying new events or deduplicating existing events. Alerts are published to the Message Bus and Moogfarmd passes them to other Moolets.

See: Configure Alert Builder.

Alert Rules Engine Moolet

A Moolet that controls when alerts are passed on to a Sigaliser.

It selectively prevents alerts passing downstream to other Moolets, usually Sigalisers, depending on the how the triggers and action states are configured.

See: Alert Rules Engine.


A command line utility to archive and delete old alert and Situation data from MoogDb.

See: Archive Situations and Alerts.


A feature that enables users to run tools, such as executing utilities on remote hosts, from the Collaborate tab in a Situation Room.

See: Configure ChatOps Shortcuts.


The lowest severity of an alert or Situation. Indicates that one or more events have been reported but have subsequently cleared either manually or automatically.

See: Severity Reference.


Status used when the reporter of the issue is satisfied with the initial resolution. A Situation can also be closed automatically after a period of time has passed and the status has changed to Resolved.

See: Situation Status.


Algorithms including the Cookbook Sigaliser create clusters of alerts called Situations.

See: Cookbook and Recipe Examples.


A Sigaliser that creates Situations in a deterministic way using configurable Recipes.

See Configure Deterministic Alert Clustering with Cookbook.Cookbook


A technique used to group similar alerts and Situations. Situations are also correlated with external systems to maintain the bi-directionality between a Situation and an external system, such as a ticketing integration. Examples include:

  • Configure Deterministic Alert Clustering with Cookbook: Clusters alerts into Situations by correlating them based on similarities in certain characteristics such as their description, host or location.Cookbook

  • Graze API: Endpoints addSigCorrelationInfo , getSigCorrelationInfo , and removeSigCorrelationInfo allow you to add, retrieve or remove the external systems associated with a Situation.


The highest severity of an alert or Situation. Indicates that a serious service affecting fault has occurred and corrective action is required immediately.

See: Severity Reference.


A customizable management tool in the Moogsoft Enterprise user interface that display overview information in portlets such as Situation Overview, Service Impacted, Events per Situation, etc.

See Moogsoft Enterprise UI Reference.


A method of reducing network noise by eliminating event duplicates and identifying unique events.


The status given to an old Situation that has been merged with one or more others to create a new Situation.

See: Situation Status.


The connection between two vertices in a graph or nodes in a network.

See: Graph Topology.


A lack of order or predictability measured on a scale between 0 and 1 with 0 meaning very certain and 1 meaning very uncertain. For example, the entropy of an alert is the measure of probability that the alert will arrive in the system at any given time.

See: Entropy.


Any log file, status or change event generated by third party monitoring tools.

General Availability Release (formerly known as Enterprise Stability Release) (GA)

A release that is subject to extended internal testing in enterprise-like environments and conditions. It is intended for enterprise customers who value product stability and reliability over leading edge features.


The Moogsoft Enterprise API that acts as an integration point for external services, such as ServiceNow etc, and exposes selected functionality to authorized external clients.

See: Graze API.


A jump between two directly connected nodes in a network.


A severity level that indicates the level of seriousness could not be determined.

See: Severity Reference.


A JavaScript module associated with each LAM. LAMbots reside in the $MOOGSOFT_HOME/bots/lambots directory.

See: LAMbot Configuration.


A connection between two directly connected nodes, also known as an 'edge' in graph theory.

See: Graph Topology.

Linked Access Module (LAM)

A module that connects third party monitoring tools to Moogsoft Enterprise. LAMs listen for and ingest raw data from these monitoring tools. The output of every LAM is text in JSON format which is published on the Message Bus.

See: Graze API.


A severity that indicates a service-affecting fault has developed and corrective action is urgently required.

See: Severity Reference.

Mean Time To Acknowledge (MTTA)

The mean time it takes for a participant to acknowledge a Situation in minutes.

See: Stats API.

Mean Time To Resolve (MTTR)

The mean time it takes for a participant or team to resolve a Situation in minutes.

See: Stats API.


A minor severity indicates there is a non-service affecting fault but action could be required to prevent it becoming more serious.

See: Severity Reference.


A user who has owned or been assigned a Situation, so has become the moderator of that Situation.

See: Manage Roles.


A JavaScript program used to control or customize the behavior of a Moolet.

See: Moobot Modules.


The Moogsoft service harness or master service that controls all other services and manages which algorithms and Moolets are running in Moogsoft Enterprise. Also referred to as Farmd.

See: Moogfarmd Reference.


An intelligence module that is used to perform specific services in Moogsoft Enterprise.

See: Moolets.


The Moogsoft Messaging System, also known as the Message Bus or bus, is the publish-subscribe messaging system. It is implemented with RabbitMQ and publishes the data from the LAMs in JSON format. That data is subscribed to by the various Moolets.

See: Message System Troubleshooting.


An HTTP server used by Moogsoft Enterprise to provide static UI content and act as a proxy for Apache Tomcat.

See Configure Logging.Configure Logging


A device or base unit that forms part of a larger network, known as a 'vertex' in graph theory.

See: Graph Topology.


The Moogsoft Enterprise internal messaging system which you can configure to notify users of invitations, assignments, and critical Situations assigned to your teams.

See: Moogsoft Enterprise Notifications.


The search engine software used by Moogsoft Enterprise to index data and provide search functionality.

See Configure Logging.Configure Logging


The default role given to Moogsoft Enterprise standard users. Operators can create and edit Situations, alerts and filters but cannot perform Moderator functions such as assigning alerts and Situations.

See: Manage Roles.


Configurable components of the Dashboard that offer different overviews and statistics related to alerts and Situations.


A set of definitions that determine which alerts are clustered into Situations by the Cookbook Sigaliser.

See: Cookbook and Recipe Examples.


The status given to a Situation when the Operator or user believes they have found a resolution to the Situation. An internal status that will be reviewed by the reporter of the issue.

See: Situation Status.

Resolving Step

The comment, suggestion or action in the Collaboration section of a Situation Room or Team Room that has been marked as the solution to a Situation.

See: Workflow for Resolving Situations.


Moogsoft Enterprise uses rules in the integration configuration files to define the mapping of fields in incoming events to Moogsoft Enterprise fields. Examples include Dynatrace and Splunk .

The Alert Rules Engine uses business logic rules that define how it processes alerts based on events that happen later. Example implementations of the Alert Rules Engine are the Heartbeat Monitor and Link Up-Link Down functionality.

See: Alert Rules Engine.


A supportable unit that provides a set of functionality. A single service can incorporate multiple applications.

See: Services.


Severity is the seriousness of an alert or a Situation and acts an indicator of how urgently corrective action will be required. The severity index is: clear (0), intermediate (1), warning (2), minor (3), major (4), critical (5).

See: Severity Reference.


The Sigalisers are the algorithms which group alerts based on factors such as time, language, topology and similarity. These include: Configure Deterministic Alert Clustering with Cookbook and Time-based Clustering with Tempus.


A measure of the relative significance of an alert, initially calculated based on its entropy (a measure of the rarity or uniqueness of the alert).

Sink Node

With the source node, one of the pair of nodes defining a link in a topology. The sink node and the source node are interchangeable, as topology links are bidirectional.


A cluster of alerts that have been run through one or more of the Sigalisers and have been grouped together depending on the similarity of their timestamps, language and/or topology.

Situation Manager Moolet

A Moolet that listens for new Situations being created and passes them to its Moobot to allow for automatic notification, automatic invitation of the users into the Situation, and any change to the Situation parameters.

See: Situation Manager.

Situation Rating

A rating out of five stars that a user has given a Situation for its relevance and the quality of the information it provided. Ratings are particularly important if you are using the Feedback Sigaliser as they are taken into account when future Situations are created.

See: Workflow for Resolving Situations.

Situation Room

The virtual meeting place where collaboration takes place between members of a team in order to reach a resolution.

See: Situation Rooms.Situation Rooms

Source Node

With the sink node, one of the pair of nodes defining a link in a topology. The sink node and the source node are interchangeable, as topology links are bidirectional.


Superseded Situations are Situations that have been merged and replaced with a newer Situation.


A time-based algorithm that clusters alerts into Situations based on the similarity of their timestamps.

See: Time-based Clustering with Tempus.


The time sequence of events that make up each alert in a Situation. You can access the Timeline tab from the Situation Room.

See: Analyze the Situation Timeline.


The physical or logical arrangement of the various components in a system (nodes, servers, switches, links etc).

See: View Situation Topology.


A severity level that indicates that a number of potentially service-affecting faults have been detected.

See: Severity Reference.