Express features

Moogsoft Express includes the following features.

Usability and scalability

Express is designed specifically for easy setup, deployment, configuration, and analysis. You can set up all your data ingestions, correlations, and other configurations directly in the web UI.

The Express API also supports automated setup, configuration, and analysis. There is no need for manual back-end workflows such as logging in to the instance or editing config files using a CLI.

You can deploy Express at any scale, from a handful of data sources in one location to dozens or hundreds across multiple geographic locations.

Metric and event ingestion

The first step in the data pipeline to ingest monitoring metrics and events of interest from your infrastructure. Expressincludes the following integrations:

  • The Moogsoft Collector, an easy-to-install agent that collects server, Docker, and other metrics on Linux servers. You can deploy collectors on nodes throughout your physical, virtual, and cloud infrastructure.

    The Collector includes an extensible framework that supports data collection from additional services and platforms.

  • An AWS CloudWatch integration for ingesting cloud metrics.

  • A Metric API for ingesting time series metrics from external monitors.

  • An Events API for ingesting data from external tools such as AppDynamics, New Relic, and DataDog.

    The metric and events schemas are both highly generic and flexible. Each schema has a small set of required data fields and support for additional fields.

Metric anomaly detection

Express uses advanced analytics to identify performance anomalies on each time series metric. Each metric anomaly is considered an event of operational significance.

You can configure anomaly detection on a per-metric basis. For example, you can configure Express to ignore "raw" data points and ingest anomalies only for specific metrics. This can greatly reduce bandwidth consumption in high-traffic environments.

The Moogsoft Collector detects anomalies immediately on the installed host. This reduces the latencies involved in transferring and analyzing raw data from many different sources in a central location.

Deduplication and noise reduction

A busy service with multiple monitors can generate a flood of metrics, anomalies, and events. One issue might trigger a large number of repeat and duplicate events. Express analyzes every new piece of data — What is this? When did it happen? What is its severity? How often has it happened before? — and aggregates events for the same issue into alerts. Whenever it adds a new event, Express updates the alert fields — event count, last event time, severity — so the alert always contains the latest information about the underlying issue. This process removes the duplicate, repeat, and obsolete noise from the data stream.

Advanced correlation

The Correlation Engine uses advanced algorithms to detect correlations between different alerts and cluster these alerts into incidents. You can easily define smart correlations that make sense for your organization, even with no previous knowledge of your environment.

Each definition specifies the relevant data fields and the degree of similarity needed to correlate different alerts. Express then uses fuzzy matching, natural-language processing, and your definitions to correlate new alerts with previous ones.

This approach is far more robust and scalable than traditional AIOps approaches based on hard-coded rules and pattern matching. This is especially true for complex environments and dynamic environments that rely on containers and microservices. A rules-based approach often leads to unpredictable results and a long, random list of simplistic and often contradictory rules. Most environments, even very complex ones, require only a handful of correlation definitions. One definition can do the analytical work of hundreds or thousands of rules.

Alert enrichment

Some use cases might depend on information that is not included in your ingested metrics or events. For example, you might want to correlate alerts based on information that isn't included in the raw data. You might also want to include more real-world information in your incidents to make them easier to investigate and troubleshoot. To enrich your raw data, you upload a CSV with your sources (one per row) and the additional data fields for each source: location, team, platform, cluster, roles, and so on.

Security features

Moogsoft is strongly committed to the security of all customer data. Express uses a wide array of security features to prevent anyone from accessing, using, or disclosing your data.

  • All instances are hosted using Amazon Web Services and use the full spectrum of security features included with AWS.

  • All public-facing endpoints, and all web-traffic ingresses into the private network, use TLS v1.2 and 256-bit Advanced Encryption Standard.

  • All services that persist data use encryption at REST.

  • All customer credentials use Cognito, an AWS service that provides secure user sign-up, sign-in, and access control.

Publishing alerts and incidents

Express includes an outbound webhook that you can use to publish alerts and incidents to external systems. For each, you can send incident notifications to Slack and similar apps. You can also send alerts to Moogsoft Moogsoft AIOps and take advantage of the additional correlation and analysis features in that product.