Frequently asked questions

Data collection rates

What is the time granularity AKA data collection rate of Moogsoft data?

The integrations where Moogsoft actively collects data, the collection rates are:

  • Collectors — Every 1 minute or 5 minutes, can be configured as desired.Collectors

  • AWS CloudWatch integration ► —Every 1 minute for both metrics and alarms.

  • Datadog integration ► — The metric polling rate is 1 minute (rate limited) and the event polling rate is 30 seconds (not rate limited).Datadog integration ►

For integrations that push data to Moogsoft, the data source can push data as frequently as needed. In most cases you can send data every minute. Sending data at higher rates, such as every second, is generally not recommended.

Collector compression and encryption

Does the collector compress and encrypt the data that it sends to Moogsoft?

Yes. The collector compresses data using gzip and sends all data over HTTPS.

Enriching data after ingestion

Can I enrich my raw data with additional information after ingestion?

Yes. You can define event workflows that enrich and process your data immediately after ingestion. Enrichment is strongly recommended and has the following benefits:

  • You can fine-tune how Moogsoft clusters your alerts into incidents.

  • You can make your alerts more informative and readable.

  • You can normalize events that come from different sources and have different formats.

Time series metrics — features and capabilities

What metric features does Moogsoft have that makes it different from other products?

Moogsoft includes the following metric features:

  • Metrics API

    You can send metrics from all your monitoring services to one endpoint. The metric schema is highly flexible, with a few required fields, several more optional fields, and a tags field for custom information.

  • Collectors are lightweight, easy-to-install agents that collect time series metrics on Linux or Windows servers and send the metrics and anomalies to Moogsoft.Collectors

  • Anomaly detection at the source

    The Moogsoft Collector detects anomalies immediately on the collector host. This reduces the latencies involved in transferring and analyzing raw data from many different sources in a central location.

  • Predefined anomaly detection

    Moogsoft detects anomalies by default and without configuration. You don't need to define thresholds or other parameters.

  • Customizable anomaly detection for individual metrics

    You can customize how Moogsoft detects anomalies for individual metrics with special characteristics. For example, you might want to fine-tune the anomaly-detection logic for metrics with very large or very small data ranges.

Metric and event updates

Does Moogsoft update metrics and events after ingestion?

Moogsoft ingests raw events and events generated from metric anomalies. You can enrich and normalize events at ingestion using event workflows. For example, you can enrich events with information such as the apps or services that generated specific events. You can also process events from different sources so that all your event fields are formatted consistently.

Once your workflows finish processing events, Moogsoft deduplicates the events into alerts. When it adds a new event to an alert, Moogsoft it updates the alert with the latest information from the event. Thus you can think of events as hard-coded snapshots of an issue, while alerts get updated with each new event.

Alert and incident updates

Does Moogsoft update alerts or incidents automatically?

Moogsoft updates alerts and incidents as follows:

  • Sets an alert to Closed from any state after 72 hours.

  • Sets an alert to Closed 30 minutes after it is resolved.

  • Sets an incident to Closed 53 minutes after all alerts in that incident are closed.

  • Sets incidents from any state to Closed after 7 days.

You can change the default settings using Auto Close.Auto Close