Insights Summary

Moogsoft Insights provide a high-level performance summary of your Moogsoft instance. The Summary views show the state of what’s going on in your Moogsoft instance and trends that occur over specified time ranges. You can view summaries for the previous day, previous week, or previous month.These insights can be of value when you need to see an overview or an analytical look at data to:

  • Track your systems activity to meet your agreements, such as system uptime.

  • Know your aggregate incident close rate over time, both automatic and manual. This can help you understand your staffing, tooling, or productivity needs.

  • See data trends showing the difference in magnitude between events, alerts, and incidents over time.

  • Explore correlation trends to see spikes or dips at a specific time and whether they are sustained over time. You can use the insights gained to adjust, for example, your correlation engine configuration.

Moogsoft Insights show how the product works at a high-level so you can see metrics and trends over time. For real-time information, you can go to the Moogsoft > Incidents view and directly track the numbers.

Note

Insights require alert information to provide useful dashboard values. If you have no alerts, the rollup view will not display values.

View your Moogsoft Insights

To view the Moogsoft Insights Summary dashboard:

  1. Log into your Moogsoft instance.

  2. Click the piechart icon in the left navigation bar to see the Summary view.

Each value or trend chart features an info icon  that provides key information or additional details about that metric or trend.

Set the time range for your Insights

To set the time range for your Insights, click the drop-down menu in the upper right. Your choices are:

  • Yesterday - shows metrics from the last 24 hours.

  • Last Week - shows metrics from the last 7 days. This is the default setting.

  • Last Month - shows metrics from the last 30 days.

For the Insights Summary view, the product fetches data at midnight UTC time. For this reason, clicking the refresh button does not change the data, unless you happen to click refresh at midnight UTC. Also, the information is based on your data sources and time frame, if you only have two days of data, the view shows numbers only for the last two days of information even if you select Last Month. The display does not show real-time data.

Time is calculated based on the Universal Time Coordinated (UTC) standard, formerly known as GMT.

Insights Summary

Insights gives you a high-level overview of activity for your data sources. Metrics can appear with negative values based on how they are calculated.

Insights show the following types of information:

  • Events – Total number of events ingested.

  • Alerts – Total number of alerts created, from events or metrics using Moogsoft Deduplication.

  • Incidents – Total number of incidents created, using Moogsoft Correlation.

  • MTTR (Mean Time to Resolve) – The average time (minutes) to close incidents over the time window. Only incidents that were closed over the time window are considered in this average. The calculation is made from the time an incident was opened to the time it was closed, whether closed manually or automatically at a specified time. The metric does not include resolved incidents, only closed incidents. Based on the configuration, MTTR times can vary significantly by instance.

  • Events Deduplicated – The percentage of events that Moogsoft identified as duplicates and grouped into alerts. A high percentage means that Moogsoft ingested a lot of duplicate events. Deduplication percentages are calculated at 1 minus alerts divided by events.

  • Alerts Correlated – The percentage of alerts that Moogsoft correlated into one or more incidents. A high percentage means that most alerts were correlated and that there were few “stand-alone” alerts with no correlations.

    • Correlation rates are calculated at one minus incidents divided by alerts. This rate may appear as a negative value.

    • The correlation rate can go into a negative range, if you configure your correlation definition such that an alert ends up in multiple incidents and the number of incidents is higher than the number of alerts.

  • Noise reduction –This percentage expresses the ratio of raw events to incidents, which includes both Moogsoft Deduplication and Correlations. The percentage encompasses the entire pipeline, from events ingested (start) to the final set of incidents (end).

  • Top 10 Managers – The top 10 event generators in your system. These totals include all ingested events before deduplication and noise reduction. Event generators are your data sources such as the Moogsoft collector, collector plugins and integrations with tools such as AppDynamics, Datadog, Splunk, and others.

Note

You can view multiple types of data sources from one Manager by mapping your Source fields to the Manager field during ingestion or enrichment.

View Trends

The Insight Summary also displays data by trend so that you can gain an understanding of what are the trends over your specified time ranges. You have options to adjust the displayed metrics to see the metrics with more granularity or at a higher-level view.

  • Click on a trend data point to show the metrics at a 1-hour level of granularity.

  • Click the Info icon next to the trend name to get details about the trend.

  • Toggle the trend line items off, such as Noise Reduction, to zoom in on other specific graph lines to get a more detailed look at activities or toggle the item on to return to a high-level view.

Trends show the following information:

  • Volume Daily Trends - Shows EventsAlerts, and Incidents trend lines. Click on the metric names below the chart, such as Events, to toggle that trend line in and out of view.

  • Rate Daily Trends - Shows Deduplication RateCorrelation Rate, and Noise Reduction trend lines. Click on the names below the chart, such as Noise Reduction, to toggle that trend line in and out of view.

  • Incidents and MTTR Daily Trends - Shows Incidents, and MTTR trend lines. Click on the name below the chart, such as Noise Reduction, to toggle that trend line in and out of view. You can toggle one or more item on or off.

  • Top 10 Managers - Shows the top 10 integration sources of data. This bar graph shows you where your event volume is coming from. A Manager entry of Undefined, represents integration sources that have a Manager field set as null. The graph displays data from a Manager as one bar. However, if you have multiple sources of data flowing into a Manager that you want to break out as separate sources, you can define the data source value that the Top Ten Manager bar chart displays, either through Integrations or Enrichment. See the following use case for an example of how to do this activity.

Use Case: Show multiple data sources from one Manager

In Top 10 Managers, you can display multiple data sources from one integration (Manager). The following use case shows how to map Moogsoft source fields to display multiple data sources for an integration in the Top 10 Managers chart.

  1. Click Ingestion > Integration (such as Pingdom or other).

  2. Click on the name of your integration.

  3. Go to Map your Source Fields and locate Source Fields and Moogsoft Target Field.

  4. Click the entry titled Source Fields, it has a label of Default Values, to display a pop-up listing source field names.

  5. Click on all the sources that you want to map to the Manager Target Field on the right column. This mapping defines the sources from your integration as individual data sources such that the Insights > Top 10 Managers graph displays each source as a separate bar in the chart.

Discover more