updateTempus

A Graze API POST request that updates an existing Tempus Moolet.

Request arguments

Endpoint updateTempus takes the following request arguments. You must supply the name of the Tempus algorithm plus at least one other argument that you want to change.

Name	Type	Required	Description
`auth_token`	String	Yes	A valid `auth_token` returned from the `authenticate` request. Alternatively, basic authenticate headers can be used in place of this parameter. See the authenticate endpoint for more information and usage examples.
`name`	String	Yes	Name of the Tempus algorithm. Must be unique.
`description`	String	No	Description of the Situations Tempus generates.
`entropy_threshold`	Number	No	Minimum entropy value for an alert to be clustered into a Situation. Tempus does not cluster any alerts with an entropy value below the threshold into Situations.
`threshold_type`	String	No	Type of entropy threshold you want Tempus to use. One of: `global`: Use the global entropy threshold. This is a single entropy threshold that Tempus applies to all alerts to eliminate noisy alerts with a lower entropy value. `manager`: Use entropy thresholds set up for individual managers. Tempus uses this value to eliminate noisy alerts with a lower entropy value. If an alert's manager does not have an entropy threshold, Tempus uses the global entropy threshold to filter out alerts. `explicit_value`: Use the value set in `entropy_threshold` to eliminate noisy alerts with a lower entropy value. `none`: Do not use entropy thresholds. Tempus will not filter out any alerts based on their entropy value. If you do not specify an entropy threshold, the default is global. The default global entropy threshold is 0. This means that unless you actively set up a global threshold, Tempus will not filter out any alerts based on entropy values. See Configure Entropy Thresholds with Alert Analyzer for more information on setting global and manager-specific entropy thresholds.
`execution_interval`	Number	No	Executes Tempus after a defined number of seconds.
`window_size`	Number	No	Determines the length of time when Tempus analyzes alerts and clusters them into a Situation each time it runs.
`bucket_size`	Number	No	Determines the time span of each bucket in which alerts are captured. Default bucket size is 5 seconds.
`minimum_arrival_similarity`	Number	No	How similar alerts must be to be considered for clustering.
`alert_threshold`	Number	No	Minimum number of alerts that match the clustering criteria before the Tempus algorithm creates a Situation. When Tempus determines the number of alerts required to create a Situation, it compares the alert threshold values in Tempus and in the merge group that Tempus belongs to, and it uses the higher value. If you are using the default merge group which has an alert threshold of 2, Tempus will never create a Situation containing a single alert. If you want Moogsoft Onprem to create Situations with a single alert, consider changing the alert threshold in the default merge group to 1 or creating custom merge groups. See Merge Groups for more information on updating the default merge group and setting up custom merge groups.
`process_output_of`	List	Yes	Defines the source of the alerts that Tempus processes. You can specify none, one or more Moolets. Typically Tempus processes the output of its direct upstream neighbor in the processing chain. Usually this is "Alert Workflows" which are the output from the Alert Workflow Engine.
`run_on_startup`	Boolean	No	Whether this Tempus algorithm should start when Moogfarmd starts.
`partition_by`	String	No	Splits clustering according to the entered component. After alerts have been clustered and before they enter merging and resolution, you can split clusters into sub-clusters based on a component of the events. For example, you can use the `manager` parameter to ensure that Situations only contain events from the same manager. Note Moogsoft does not recommend partitioning by components.
`pre_partition`	Boolean	No	Partitions event streams before clustering. You specify a component field on which the event stream will be partitioned before clustering occurs. The alerts in the resulting Situations each contain a single value for the component field chosen.
`significance_test`	String	No	Calculation that determines how significant a cluster of alerts or a potential Situation must be for Tempus to detect it. `Poisson1`, looks at the data of a single alert cluster to calculate how significant it is. This more likely to detect all significant alert clusters but with a higher risk of creating insignificant alert clusters. Use this option when your alerts originate from different networks or unrelated topologies. `Poisson2` is a more thorough test that looks at an alert cluster and all alerts outside the cluster with a similar event rate. It is more likely to exclude all insignificant alert clusters but with a high risk of excluding significant alert clusters. Use this option if you expect all of your alerts to come from the same connected network. See Poisson distribution for more information.
`significance_threshold`	Number	No	Sets the maximum significance score for Tempus to create a Situation. The score is proportional to the probability that the alert cluster or potential Situation was coincidence. The lower the score, the more significant the cluster and the least likely it was a coincidence. This score ranges from 0 to 100.
`detection_algorithm`	String	No	Detection algorithm that Tempus uses, one of: `Louvain`, `LouvainMulti`, or `SmartLocal`.

Response

Endpoint updateTempus returns the following response:

Type	Description
HTTP Code	HTTP status or error code indicating request success or failure. See HTTP status code definitions for more information.

This endpoint returns an error code if the values of entropy_threshold and threshold_type are inconsistent. For example, if the entropy_threshold is set to 0.4 and threshold_type is set to global.

Examples

The following examples demonstrate typical use of endpoint updateTempus:

Request examples

Example cURL request to update the detection algorithm on Tempus algorithm 'newTempus':

curl -X POST -u graze:graze -k "https://localhost/graze/v1/updateTempus" -H "Content-Type: application/json; charset=UTF-8" --data \
'{ \
"name": "newTempus", \
"detection_algorithm": "LouvainMulti" \
}'

Example cURL request to update Tempus algorithm 'newTempus' to use the global entropy threshold in Moogsoft Onprem:

curl -X POST -u graze:graze -k "https://localhost/graze/v1/updateTempus" -H "Content-Type: application/json; charset=UTF-8" --data \
'{ \
"name": "newTempus", \
"threshold_type": "global" \
}'

Example cURL request to update Tempus algorithm 'newTempus' to use an explicit entropy threshold of 0.22:

curl -X POST -u graze:graze -k "https://localhost/graze/v1/updateTempus" -H "Content-Type: application/json; charset=UTF-8" --data \
'{ \
"name": "newTempus", \
"entropy_threshold": 0.22, \
"threshold_type": "explicit_value" \
}'

Response example

In this section: