Situation Design
Situation design for Moogsoft Enterprise is a methodology to help you create insightful, informative Situations for your users and teams.
Before you concentrate on Situation design, you should have completed your basic system implementation. This means:
You can successfully ingest data into Moogsoft Enterprise.
Moogsoft Enterprise is processing raw events and deduplicating them into alerts and the amount of deduplication makes sense: the events within alerts belong together.
Moogsoft Enterprise is populating alert fields and deriving the signature for events for all your monitoring sources correctly.
Situation design is unique to your organization. There is no single formula that works for all cases. It is a cyclical, iterative process of discovery and implementation wherein the decision-making depends on operator input.
For example, consider two organizations that have exactly the same event streams. The Situation design and requirements will vary depending on how they take action on incidents. In the first, the operation divides into teams by applications, and so they need to group alerts by impacted application. The second bases teams upon service level, which means that clustering settings depend upon impacted services.
Consider the following key concepts when you design Situations:
Content: The alerts which comprise each Situation.
Context: How to present alerts in an informative manner which provides details of the Situation. You supply context through labeling.
Audience: The target users of the Situation. Is the Situation for an individual user, a specific team, or a notification? Do they require high-level tags or granular details?
Quality Situations provide both content and context that have their audience in mind. Situations lacking either are unlikely to be useful to their audience.