Skip to main content

Configure and Retrain Probable Root Cause

Probable root cause (PRC) for Moogsoft Onprem is enabled by default. This means that you can mark Situation alerts as having a root cause or not and Moogsoft Onprem shows a root cause estimate in Next Steps in the Situation Room.

Navigate to Settings > Probable Root Cause to enable or disable PRC.

To configure which users can mark alerts for PRC, go to Security > Roles. Select the role you want to edit and under Permissions, move 'prc_feedback' to 'Selected' using the direction arrows. This permission is enabled for Administrator and Super User roles by default.

Root Cause

The PRC Model gives each alert within a Situation a probable root cause estimate. Retrain recalculates the estimates with the current data. You can choose which features your model uses when predicting the probable root cause of an alert. The default PRC configuration uses two types of Severity. The other features are listed below:

Feature

Description

Agent

The agent of the alert represented as an enumeration. Each value of 'agent' is considered to be independent from all other values.

Alert Arrival Order

Represents the arrival order of the alert in a Situation.

Alert Time

Represents the alert time as the components of the 'time of day', for example, hours of day, minutes of hour.

Class

The class of the alert, represented in a way that identifies naming conventions in the class name.

Description

Tokenizes the description into words and uses those words to identify key words and phrases that may indicate root cause.

Host

The host of the alert, represented in a way that identifies naming conventions in the class name.

Manager

The manager of the alert represented as an enumeration. Each value of 'manager' is considered to be independent from all other values.

Severity & Arrival Order (default )

The severity of the alert represented as independent values and when the alert arrived for each value of severity. For best results use in conjunction with 'Severity Raw'.

Severity Enum

The severity of the alert represented as independent values. For best results use in conjunction with 'Severity Raw'.

Severity Raw (default)

The severity of the alert represented as a continuous value such that 'Warning' < 'Major' < 'Critical'. For best results use in conjunction with 'Severity Enum' or 'Severity & Arrival Order'.

Situation Alert Time

Represents the alert time as the components of time, for example, hours of day, minutes of hour, relative to the first alert in the Situation.

Type

The type of the alert, represented in a way that identifies naming conventions.