Auto Close
The Auto Close feature lets you define criteria for automatically closing alerts and Situations. Auto Close enables you to use filtering rules to organize your data and keep it current so you can focus on the most important active alerts and Situations.
You also see performance improvements because automatically closing old alerts and Situations reduces the amount of data involved in statistic calculations.
Auto Close lets you define the conditions using filters and determine how often Moogsoft Onprem checks which alerts and Situations to close. Any alerts and Situations older than a certain time and that meet the defined criteria are closed.
Configure Auto Close for Situations
The Housekeeper Moolet must be configured and running within Moogfarmd in order for Auto Close to work.
To configure which Situations should be auto closed, create a filter as follows:
In the Auto Close > System Settings window, click Edit Filter to open the filter editor.
Clear the filter using Empty Filter and Add Clause. Alternatively, you can manually type in your filter rules. You can set up as many auto close rules as you like. In a rule, you can either include or exclude Situations for auto closing but you cannot use both together. See Filter Search Data for reference.
Apply the changes to continue and click Done.
After you add the filter, define the behavior for automatically closing Situations as follows:
Close the Situation and all the alerts it contains.
Close the Situation and all the unique alerts it contains. Unique alerts are any alerts that are not part of any other Situations.
Close the Situation only.
You can create tasks to configure:
The age when Situations are suitable for Auto Close.
The number of Situations to close in each Auto Close run.
Situations only close if all associated alerts are closed.
Edit the default task or click Add Task. The available settings are as follows:
Setting | Input | Options | Description |
Situation Age | Integer | Minutes Hours Days | Defines how old a Situation must be for Moogsoft Onprem to auto close it. To calculate age, the system looks at both the Situation's last_event_time and last_state_change. Must be a number greater than 1. |
All Alerts closed | Boolean | - | If enabled, only Situations with no open alerts qualify for automatic closure. |
Match filter | Filter | - | Defines the criteria a Situation must meet to qualify for automatic closure. |
Batch size | Integer | - | Defines the maximum number of Situations to auto close in each Auto Close run. Defaults to 1000. Must be a number greater than 1. |
Once saved, the Auto Close task runs after a set period of time. This time period is between five minutes and four hours depending on the age of the Situation. The older the Situation age, the closer the frequency of the task gets to four hours (see the example below). There is no limit on the number of tasks, so you can add any as many as you need meet your requirements.
The example below demonstrates how you can configure an Auto Close task to close a maximum of 1000 Situations per run that meet the following criteria:
Older than 23 hours.
All associated alerts are closed.
Have a clear severity.
Configure Auto Close for Alerts
To configure which alerts should be auto closed, on the System Settings > Auto Close window, select the Alerts tab and create a filter as follows:
Click Edit Filter to open the filter editor.
Clear the filter using Empty Filter and Add Clause. Alternatively, you can manually type in your filter rules. You can set up as many auto close rules as you like. In a rule, you can either include or exclude alerts for auto closing but you cannot use both together. See Filter Search Data for reference.
Apply the changes to continue and click Done.
You can create tasks to configure:
The age when alerts are suitable for Auto Close.
The number of alerts to close in each Auto Close run.
Edit the default task or click Add Task. The available settings are:
Setting | Input | Options | Description |
Alert age | Integer | Minutes Hours Days | Defines how old the alert must be for Moogsoft Onprem to auto close it. To calculate age, the system looks at the last time an event was received from a LAM for that alert. Must be a number greater than one. |
Match filter | Filter | - | Defines which alerts to include in the batch being auto closed. |
Batch size | Integer | - | Defines the maximum number of alerts to auto close in each Auto Close run. Must be a number greater than one. This is 1000 by default. |
Once saved, the Auto Close task runs after a set period of time. This time period is between five minutes and four hours depending on the age of the alert. The older the alert age, the closer the frequency of the task gets to four hours.
There is no limit on the number of tasks, so you can add any as many as you need meet your requirements.
The example below demonstrates how you can configure a task to Auto Close a maximum of 1000 alerts per run that meet the following criteria:
Older than 45 minutes.
Have a clear severity or a minor severity.