Moogsoft Docs

Data Processing Flow

Before you configure or customize data processing in Moogsoft AIOps, take some time to learn the components that comprise the basic flow for processing event, alert, and Situation data.

Except for the Link Access Modules (LAMs), the rest of the data processing components are individual moolets that run as part of the Moogfarmd. For more information, see Configure Data Processing.

data-processing.png

A) LAMs / Data Ingestion

The LAMs or Integrations ingest raw event data from your monitoring sources and map them into Moogsoft AIOps events.

See Introduction to Integrations for more information.

B) Event Workflow Engine

The Event Workflow Engine listens for events on the message bus and processes them based upon any active workflows.

See Workflow Engine for an overview of how the Workflow Engine UI works. See Workflow Engine Moolets for information on the Moolet.

C) Alert Builder

The Alert Builder deduplicates events into alerts and calculates the entropy value for alerts.

See Alert Builder for more information.

D) Enricher

The Enricher is an optional moolet that you can use to enrich alert data from external data sources such as a CMDB. See Enrichment for information about the enrichment process.

See Enricher Moolet for information on the Moolet.

E) Enricher Workflow Engine

The Enricher Workflow Engine listens for alerts on the message bus and processes them based upon any active workflows.

See Workflow Engine for an overview of how the Workflow Engine UI works. See Workflow Engine Moolets for information on the Moolet.

F) Maintenance Window Manager

The Maintenance Window Manager prevents alerts from creating Situations during known maintenance downtimes.

To learn how to create a maintenance window, see Schedule Maintenance Downtime. See Maintenance Window Manager for information on the Moolet.

G) Alert Workflow Engine

The Alert Workflow Engine listens for alerts on the message bus after they have passed through the Maintenance Window Manager. It processes alerts based upon any active workflows you have created.

See Workflow Engine for an overview of how the Workflow Engine UI works. See Workflow Engine Moolets for information on the Moolet.

H) Alert Rules Engine

If you upgraded from a previous version, you may have data processing configurations that use the Alert Rules Engine . The Alert Rules Engine lets you define criteria to process alerts according to different Transitions to move these alerts to different Action States. Before you start an implementation with the Alert Rules Engine, see if the Workflow Engine meets your needs.

See Alert Rules Engine for more information.

I) Clustering Algorithms

The clustering algorithms (Sigalisers) in Moogsoft AIOps group related alerts into Situations.

See the Clustering Algorithm Guide for an overview of the algorithms. To configure a clustering algorithm, see Configure Clustering Algorithms.

J) Situation Manager

The Situation Manager listens for Situation creation, update, and closure actions and lets you automate processes like data enrichment, assignment, or notification to a ticketing system.

The Situation Manager Labeler is part of the Situation Manager. See Situation Manager for more information.

K) Teams Manager

The Teams Manager Moolet listens for new Situation creation, update, and closure actions. It handles the team assignments you create in the Settings UI. See Manage Teams.

See Teams Manager Moolet for information on the Moolet.

L) Situation Workflow Engine

The Situation Workflow Engine listens for Situations on the message bus after they have passed through the Situation Manager. It processes Situations based upon any active workflows you have created.

See Workflow Engine for an overview of how the Workflow Engine UI works. See Workflow Engine Moolets for information on the Moolet.