Skip to main content

Identify Probable Root Cause

Probable Root Cause (PRC) is a machine learning process in Moogsoft Onprem that identifies which alerts are responsible for causing a Situation. PRC looks for patterns in user supplied feedback. It does not use 'Root Cause Analysis' techniques. Probable Root Cause offers the following benefits:

  • You can immediately determine where to begin troubleshooting and diagnosis as soon as you open a Situation by looking at the Probable Root Cause alerts.

  • You can resolve Situations quickly by examining the top 3 Probable Root Cause alerts that appear under Next Steps in a Situation Room.

For a brief introduction on Probable Root Cause, watch the following video:

How Does PRC Work?

You manually label alerts as either a Root Cause Alert or a Symptom alert, the Moogsoft Onprem PRC Model uses this data to predict Situation root causes. Watch the following video for more information on labelling alerts:

When Moogsoft Onprem generates Situations, it labels an alert or alerts as having a Root Cause Estimate. A Root Cause Estimate is always assigned even if the data set is small. The more data Moogsoft Onprem has, the more accurate it is.

Note

The data needs to be consistent and the model is only as effective as the data you supply. For example, two conflicting labels will confuse the model. If you do not know the status of an alert, do not label it.

How Does Moogsoft Onprem Learn?

Machine Learning uses features like Severity, Host, Description and Class and takes the values of those features for all labelled alerts and uses a Neural Network to estimate the Root Cause for all the alerts in a newly created Situation. It does this even if that Situation has not been seen before based on the model and labelled data.

See Configure and Retrain Probable Root Cause for more information on training your model.

PRC Column

The PRC column, on Situation and the alerts tabs, shows the Probable Root Cause Estimate as a percentage of the alerts in that Situation and is useful as a prioritization aid. For example, the higher the value an alert has, the higher the probability that the alert is the root cause of the Situation.

As alerts are added to a Situation, the Root Cause is recalculated on the Situation and alerts lists, so the PRC values may change. The more accurate and consistent data you feed your model is, the more accurate the estimate.

Mark Alerts for Probable Root Cause

Follow the steps below to mark individual alerts as a Probable Root Cause (PRC):

  1. Click the circular PRC icon to mark an alert as a Probable Root Cause alert.

    PRC.jpg
  2. When selected, the PRC icon turns blue. Moogsoft Onprem also reports that PRC feedback is in progress.

  3. If there are any alerts you know are not the root cause of the Situation, click the cross icon. This turns red when selected.

  4. Click the Save button. The % PRC is indicated by the bars in the PRC column.

    Note

    If you do not know the status of an alert do not label it. You do not have to label every alert: PRC is effective with consistent data.

  5. Open another Situation and look at the alerts. The PRC column automatically populates with estimated PRC values based on the user feedback.