Setting up Express

The following steps describe the high-level workflow for setting up Moogsoft Express.

  1. Install the Moogsoft Collector on your Linux servers.

    To install the collector, you download and run an auto-generated script. You can then immediately see metrics and anomalies in the UI. See Moogsoft Collector.

  2. Set up your external monitoring tools to send event notifications to the Events API.

    Express can ingest events from any monitoring tool that can send JSON objects over HTTPS. You can set up one or more scripts to post events, or set up the integration as an endpoint for an external webhook. See Events API.

  3. (Optional) If you have other external tools that collect time series metrics of interest, set them up to send their metric data to the Metrics API webhook.

  4. (Optional) If you have an AWS CloudWatch account, set up the CloudWatch integration to send cloud-performance metrics.AWS Cloudwatch old

  5. Define the enrichment data that you want to add to your your alerts.

    Express aggregates events and metrics into alerts, and then correlates alerts into incidents. This step is required if you need to correlate alerts based on a field (such as service) that isn't present in all ingested data. Enrichment is also useful for making your incidents more readable and informative. See Data Enrichment.

  6. Define the correlation logic to cluster your alerts into meaningful incidents.

    A correlation definition specifies the alert fields to consider for correlation and, for each field, the degree of similarity required to determine that a specific alert correlates with a specific incident. To define your correlations, you need to decide how you want to cluster your alerts — such as by node, service, or location — and the alert data fields that contain the node, service, location, or other fields of interest. See Correlation Engine.