Skip to main content

Severity Reference

Severity is a measure of the seriousness of an event and indicates how urgently it requires corrective action.

Moogsoft Enterprise LAMs and integrations use six industry standard severity levels as follows:

  • 0: Clear - One or more events have been reported but then subsequently cleared, either manually or automatically.

  • 1: Indeterminate - The severity level could not be determined.

  • 2: Warning - A number of faults with the potential to affect services have been detected.

  • 3: Minor - A fault that is not affecting services has been detected. Action may be required to prevent it from becoming a more serious issue.

  • 4: Major - A fault is affecting services and corrective action is required urgently.

  • 5: Critical - A serious fault is affecting services and corrective action is required immediately.

The severity mapping is set in each LAM configuration file:

severity:
{
    "CLEAR"         : 0,
    "INDETERMINATE" : 1,
    "WARNING"       : 2,
    "MINOR"         : 3,
    "MAJOR"         : 4,
    "CRITICAL"      : 5,
}

The LAM takes the severity string in a received event and translates it into one of the above integer values using the mapping in its configuration file:

sevConverter:
{
    lookup  : "severity",
    input   : "STRING",
    output  : "INTEGER"
},
mapping:
    rules:
    [
        { 
            name: "severity", 
            rule: "$severity",
            conversion:"sevConverter"
        }
    ]

You can customize the severity section of the LAM configuration file according to the severities used in the system sending events to Moogsoft Enterprise. In the following example, events sent to the LAM with non-standard severities 'info' and 'Information' are mapped to 'INDETERMINATE' in Moogsoft Enterprise:

severity:
{
    "info"               : 1,
    "Information"        : 1,
    "user"               : 1,
    "warning"            : 2,
    "Warning"            : 2,
    "error"              : 5,
    moog_lookup_default  : 1
}

The moog_lookup_default property specifies a default value to use when the severity does not match any of the defined strings. If you do not set a default, events with an unmapped severity are not processed. For more information on mapping see "Conversion Rules" in Data Parsing.

Moogsoft Enterprise determines a Situation's severity from the member alert with the highest severity level.