Skip to main content

Process Alerts

Moogsoft Onprem processes alerts using the following backend components. For alert processing capabilities using Workflow Engine in the Moogsoft Onprem UI, see Workflow Engine and its related topics.Workflow Engine

These components are responsible for performing analysis, adding information to alerts, and noise reduction techniques.

  • Alert Analyzer Utility: A standalone process that analyses tokens in events and assigns each token an entropy value. The Alert Analyzer can use any text field in an event but, by default, it uses the event's description. This process runs periodically and does not form a part of the alert processing workflow. See Configure Entropy to Reduce Operational Noise for more information on setting entropy thresholds to remove noisy alerts.

  • Enricher: Enriches alerts with additional information.

  • Maintenance Window Manager: Marks alerts as 'In maintenance' if they match a scheduled maintenance window filter. You can set up maintenance windows for planned maintenance, such as scheduling a fix or regular maintenance of a system.

  • Alert Rules Engine: Allows conditional processing of alerts, such as managing link up/link down processing. Before you configure the Alert Rules Engine, read about the Workflow Engine which is a powerful and flexible tool for data processing available in the Moogsoft Onprem UI.Workflow Engine

  • Empty Moolet: An optional component that enables further processing of alerts or Situations. It usually runs as a standalone process but it can also be embedded in the processing chain. Moogsoft Onprem provides an example Empty Moolet in the form of an Alert Manager.

The following diagram shows the alert processing components in a typical implementation of a workflow chain in Moogsoft Onprem:

data-processing.png

Each component comprises a Moolet supplemented by Moobots.