Moogsoft Docs

Cookbook Recipe Examples

The following examples show how you can configure the different types of Recipe in the Cookbook clustering algorithm.

See Recipe Types for more details on the different Recipes available.

CValueRecipeV2 Example

The following example shows a Value Recipe V2 that clusters alerts with:

  • Alert source IDs that are 75% similar when breaking the source ID into shingles of four characters.

  • Alert descriptions that are 75% similar.

A shingle value of -1 or less means the Recipe compares the text similarity of entire words, rather than breaking the text into shingles. See Recipe Types for more details about the calculation.

{
    chef: "CValueRecipeV2",
    name: "SplitBySourceAndDescription",
    description: "Value Recipe outage",
    recipe_alert_threshold: 0,
    exclusion: "severity < 5",
    trigger: "severity > 3",
    seed_alert: "vertex_entropy > 0.8",
    rate: 0,
    #Given in events per minute
    min_sample_size: 5,
    max_sample_size: 10,
    cook_for: 5000,
    cluster_match_type : "first_match",
    matcher : {
        components: [
              { name: "source_id",   similarity: 0.75, shingle_size: 4 }, 
              { name: "description", similarity: 0.75, shingle_size: -1 }
                        ]
       }
 },
CValueRecipe Example

The following Value Recipe example shows a Recipe that splits alerts into clusters with either an identical source_id (hostname) or a description that is 50% similar. It also only creates a Situation from a seed alert with a Vertex Entropy value of 0.75, which indicates a node of high topological importance. See Vertex Entropy for more information.

{
    chef: "CValueRecipe",
    name: "SplitBySourceAndDescription",
    description: "Value Recipe outage",
    recipe_alert_threshold: 0,
    exclusion: "severity < 5",
    trigger: null,
    seed_alert: "vertex_entropy = 0.75",
    rate: 0,
    #Given in events per minute
    min_sample_size: 5,
    max_sample_size: 10,
    cook_for: 5000,
    cluster_match_type : "first_match",
    matcher : {
        components: [
              { name: "source_id",   similarity: 1.0, case_sensitive: true }, 
              { name: "description", similarity: 0.5, case_sensitive: true }
                        ]
       }
 },

The following CValueRecipe example shows a Recipe that can be used alongside a New Relic integration.

This recipe clusters alerts that have an identical source_id (hostname) every fifteen minutes:

{
    chef: "CValueRecipe",
    name: "New Relic Hostname Recipe",
    description: "Recipe to create situations based on 100% similarity of the hostname received from New Relic",
    recipe_alert_threshold: 1,
    exclusion: null,
    trigger: null,
    seed_alert: null,
    rate: 0,
    #Given in events per minute
    min_sample_size: 5,
    max_sample_size: 10,
    cook_for: 900,
    matcher: {
       components: [
              { name: "source_id",   similarity: 1.0, case_sensitive: true },
                ] 
        }
},
CBotRecipe Example

The example Bot Recipe below shows a recipe that uses methods in the Cookbook.js Moobot to cluster by topological similarity.

It excludes alerts that have a severity of less than minor and clusters alerts that are 80% similar.

{
    chef: "CBotRecipe",
    name: "MaxwellDaemon",
    description: "Maxwell Recipe outage",
    recipe_alert_threshold: 0,
    trigger: null,
    exclusion: "severity < 3",
    rate: 1,
    #Given in events per minute
    min_sample_size: 5,
    max_sample_size: 10,
    cluster_match_type : "first_match",
    matcher: {
        initialise_function: "initBuckets",
        member_function: "checkBucket",
        similarity: 0.8
    },
    cook_for: 2000
}