Moogsoft Docs

Alert Rules Engine

The Alert Rules Engine uses business logic to process alerts based on certain conditions. The conditions that the Alert Rules Engine works with generally involve a time-based analysis so that it can process an event in the context of events that happen later. You can define rules in the Alert Rules Engine to hold alerts for a period of time, identify missing alerts or change the state of alerts. For example, common uses of the Alert Rules Engine include:

  • Link Up-Link Down: Delays an alert to see if a link recovers.

  • Heartbeat Monitor: Detects any missing network health signals.

  • Closing Events: Closes events of a particular type or severity.

  • Merging: Merges the state of two distinct alerts.

Configure Alert Rules Engine

Edit the configuration file at $MOOGSOFT_HOME/config/moolets/alert_rules_engine.conf.

Refer to Alert Rules Engine Reference to see all available properties.

Example Configuration

The following example demonstrates a simple Alert Rules Engine configuration:

{
    name               : "AlertRulesEngine", 
    classname          : "CAlertRulesEngine", 
    run_on_startup     : false, 
    metric_path_moolet : true, 
    moobot             : "AlertRulesEngine.js", 
    process_output_of  : "MaintenanceWindowManager" 
}
Define Action States and Transitions

The Alert Rules Engine uses Action States and transitions and their properties, to process alerts through business logic defined in the AlertRulesEngine.js Moobot. After you have configured the Alert Rules Engine, set up Action States and transitions in the Moogsoft AIOps UI under Settings > Automation:

  • Action States: Determine the length of time Moogsoft AIOps retains alerts before forwarding them to a Sigaliser or closing them.

  • Transitions: Defines the set of conditions an alert must meet before it moves from one state to another in the Alert Rules Engine. Higher priority transitions take precedence over those with lower priorities.

See Action States and Transitions for further information on how to define them and the properties available.

The initial state for all alerts is the 'Ground' state. After an alert enters 'Ground' state, the Alert Rules Engine transitions it to another state or forwards it to a Sigaliser. If the Action State has a 'Remember Alerts For' set to a positive number, the Alert Rules Engine retains an alert in that state for this period of time.

If you enable 'Cascade on Expiry' and nothing happens to an alert within that period, the Alert Rules Engine returns it to 'Ground' state before forwarding it to a Sigaliser. This is because the 'Ground' state has “Forward Alerts" enabled. If an alert does not match any transitions, the Alert Rules Engine does not return it to 'Ground' state and it is closed.

Note

Action States are not enabled until you have defined a transition.

Alert Rules Engine Examples

The Alert Rules Engine can be set up to process Link Up-Link Down events. It can also be set up to act as a Heartbeat Monitor.