Map Event Severity Levels
Severity is a measure of the seriousness of an event and indicates how urgently it requires corrective action.
Moogsoft Onprem LAMs and integrations use six industry-standard severity levels as follows:
0: Clear - One or more events have been reported but then subsequently cleared, either manually or automatically.
1: Indeterminate - The severity level could not be determined.
2: Warning - A number of faults with the potential to affect services have been detected.
3: Minor - A fault that is not affecting services has been detected. Action may be required to prevent it from becoming a more serious issue.
4: Major - A fault is affecting services and corrective action is required urgently.
5: Critical - A serious fault is affecting services and corrective action is required immediately.
The severity mapping is set in each LAM configuration file:
severity: { "CLEAR" : 0, "INDETERMINATE" : 1, "WARNING" : 2, "MINOR" : 3, "MAJOR" : 4, "CRITICAL" : 5, }
The LAM takes the severity string in a received event and translates it into one of the above integer values using the mapping in its configuration file:
sevConverter: { lookup : "severity", input : "STRING", output : "INTEGER" }, mapping: rules: [ { name: "severity", rule: "$severity",conversion:"sevConverter"}, ]
You can customize the severity section of the LAM configuration file according to the severities used in the system sending events to Moogsoft Onprem. In the following example, events sent to the LAM with non-standard severities 'info' and 'Information' are mapped to 'INDETERMINATE' in Moogsoft Onprem:
severity: { "info" : 1, "Information" : 1, "user" : 1, "warning" : 2, "Warning" : 2, "error" : 5, moog_lookup_default : 1 }
The moog_lookup_default
property specifies a default value to use when the severity does not match any of the defined strings. If you do not set a default, events with an unmapped severity are not processed. For more information on mapping see "Conversion Rules" in Data Parsing.
Moogsoft Onprem determines a Situation's severity from the member alert with the highest severity level.
Tip
It is good practice to use moog_lookup_default in all of the configured lookups as it prevents the event from being dropped when it encounters a conversion error.