Review the initial clustering result with the operators

 

Ask the operators if the content and context of the presented Situation are correct. If not what exactly does not make sense? Is it that the content of the situations is correct - ie the alerts have been clustered meaningfully - but the context is wrong - ie. the situation description is wrong and does not match the content of the situation? Or vice versa.

  • Are the content and context of the presented Situation are correct? Does this situation contain the alerts that you recognize?

  • Does this situation contain the alerts that you action today? Are there any alerts you could drop from clustering altogether? For example in AlertRulesEngine or Workflow Engine.

  • Does this situation give you enough information - including situation description and additional situation custom_info?

  • Should you look into increase the cook_for period to extend the scope of Situations? But be mindful of it since increasing the cook_for time will decrease the number of situations but potentially will cause unrelated alerts to be clustered together.

  • What is the percentage of outliers in Situations? Having a few outliers in it does not necessarily make it a bad Situation as long as the content and context match.

  • UseMoogsoft Enterprise Operator Training to onboard operators.  Not all operators participating at this stage may have been part of the POV. As they validate your alert clustering they may be logging into Moogsoft Enterprise for the first time. The operator training is self-paced and a quick way to onboard them to the product.

  • Interview users to identify more specific use cases missed in the initial design. Test and refine further.

Add Specific Use Cases

Once you confirm the result generally captures what the teams are interested in seeing, move on to the specific cases missed in the initial design.

Going through the audit -> design -> implementation once never completes the Situation design. Expect to perform the discovery of the implementation process multiple times.