Configure a Cookbook
Cookbook is a deterministic clustering algorithm in Moogsoft Onprem that creates Situations defined by the relationships between alerts.
Cookbook requires at least one active Recipe to function and cluster alerts into Situations. See Configure a Cookbook Recipe for more details.
Before you begin
Before you set up your Cookbook via the UI, ensure you have met the following requirements:
You have set up the Recipes you want your Cookbook to use. See Configure a Cookbook Recipe for details.
Your LAMs or integrations are running and Moogsoft Onprem is receiving events.
Create a Cookbook
To create a new Cookbook:
Go to Settings > Cookbooks.
Click the + icon to create a new Cookbook.
Fill in the properties to name and describe the Cookbook:
Name: Name of the Cookbook.
Description: Text description of the Cookbook.
Configure the Cookbook's input and clustering behavior:
Process Output Of: Defines the source of the alerts for the Cookbook.
Cluster By: Determines Cookbook's clustering behavior. You can select one of the following:
First Matching Cluster: Cookbook adds alerts to the first cluster in a Recipe over the similarity threshold value. This is the default behavior for Cookbook.
Closest Matching Cluster: Cookbook adds alerts to the cluster with the highest similarity greater than the similarity threshold value. This option may be less efficient because Cookbook needs to compare alerts against each cluster in a Recipe.
Entropy Threshold: Select the type of entropy threshold that you want Cookbook to use:
Use the Global Entropy Threshold: This is a single entropy threshold that Cookbook applies to all alerts to eliminate noisy alerts with a lower entropy value.
Use the Manager-Specific Entropy Thresholds: Use entropy thresholds set up for individual managers. If the manager for an alert has an entropy threshold set, Cookbook uses this value to eliminate noisy alerts with a lower entropy value. If an alert's manager does not have an entropy threshold, Cookbook uses the global entropy threshold to filter out alerts.
Use a Specific Entropy Threshold: Set a specific entropy threshold value that you want Cookbook to use to eliminate noisy alerts with a lower entropy value. Enter the value you want to use. Unlike the other two dynamic thresholds that react to changes in the distribution of events, this threshold is static and you should periodically revise it.
Do Not Use an Entropy Threshold: Select this option if you do not want Cookbook to filter out any alerts based on their entropy value.
See Configure Entropy Thresholds with Alert Analyzer for more information on setting global and manager-specific entropy thresholds.
Cook For: Maximum time period that Cookbook clusters alerts for before the Recipe resets and starts a new cluster. See Cookbook and Recipe Examples for more information.
If you set a different Cook For time for a Recipe, it overrides the Cookbook value. Recipes without a Cook For time inherit the value from the Cookbook.
Cook For Extension: Time period that Cookbook can extend clustering alerts for before the Recipe resets and starts a new cluster. Setting this value enables the cook for auto-extension feature for this Cookbook. As Cookbook receives related alerts, it continues to extend the total clustering time until the Max Cook For period is reached. You can use this time period in conjunction with the Max Cook For value to ensure that Cookbook continues to cluster alerts together that are related to the same failure. It only applies to new related alerts, not to existing alerts that are updated with new events. See Cookbook and Recipe Examples for more information.
If you set a different Cook For Extension time for a Recipe, it overrides the Cookbook value. Recipes without a Cook For Extension time inherit the value from the Cookbook.
Max Cook For: Maximum time period that Cookbook clusters alerts for before the Recipe resets and starts a new cluster. It works in conjunction with the Cook For Extension time to help ensure that Cookbook continues to cluster alerts together that are related to the same failure. If Cook For Extension is set and this value is not set, it defaults to three times the Cook For value. See Cookbook and Recipe Examples for more information.
If you set a different Max Cook For time for a Recipe, it overrides the Cookbook value. Recipes without a Max Cook For value inherit the value from the Cookbook.
Scale By Severity: If checked, Cookbook ignores alerts with a severity of 0 (Clear).
Configure which Recipes the Cookbook uses and how it uses them:
Single Recipe Matching: Enables you to set a priority order for Recipes in the Cookbook. If you select this option, Cookbook assigns each alert to the highest priority Recipe where it satisfies the clustering criteria. If an alert appears in a Situation that a recipe with a low priority order creates, it may reappear in a Situation that a Recipe with a higher priority creates. If unselected, Cookbook assigns an alert to all Recipes where the alert satisfies the clustering criteria.
Selected Recipes: Move the Recipes from the Available column to the Selected column to to include them in the Cookbook. If you have selected Single Recipe Matching Only, put the Recipes in the correct order so that Cookbook can determine which Recipe an alert should be assigned to. You should place the highest priority Recipe at the top of the list.
Click Save Changes to create the Cookbook.
Activate the Cookbook
After completing the configuration, activate the new Cookbook to run alongside any existing active Cookbooks:
Go to Settings > Cookbook Selection.
Move the new Cookbook from the Available Cookbooks column to the Active Cookbooks column to make it active.
Click the Advanced tab if you want to configure Moogsoft Onprem to remove closed and superseded Situations from Moogfarmd. Define how often you want the removal to occur in hours and minutes.
Click Save Changes to activate the Cookbook.
Moogsoft Onprem applies the changes to the Cookbook as soon as you save the configuration.
If you change a Cookbook, see Cookbook Configuration Changes for information on how these changes affect the clusters that Cookbook creates.