Program Manager - Enterprise Command Center at a financial services firm with 10,001+ employees
  • 26
  • 30

Any experience with Event & Incident Analytic engines like Moogsoft?

Looking for any comparative details for Event & Incident Analysis engines, such as Moogsoft's solution.

De-duplication of Event messages and automated isolation to upstream incidents/events seems promising.

PeerSpot user
14 Answers
Program Manager - Enterprise Command Center at a financial services firm with 10,001+ employees
Real User
May 30, 2016

** Altug, Your note is very helpful; Thanks very much! The outline of capabilities and requirements is insightful and echoes personal experience. I can see even without product names, you've almost certainly work with and hit your share tooling challenges. The products in this space need to meet the bar you describe.

** Omar/Manish/Phillippe, CA SOI/TESM & CA UIM are capable in that they will deliver Service Modeling and Event Mgmt, but they are both expensive and labor intensive to implement and support for their core functionality. Moreover, a tool that merely presents or produces events should NOT be considered an Event Mgmt solution or an Event Analysis engine.

** Dan, I've haven't taken time to read up on BigPanda. Agreed on the importance of Altug's point. Care & feeding can get out of hand quick....

** Philippe, You hit a point which started my question. Netcool Omnibus was an acquired product, originally by MicroMuse, whose founders have now created Moogsoft. How to compare NOI and Moog, when they are so similar... Real world implementation experience... better yet, a bake off, side by side implementations...?
Having tested Netuitive, Prelert, CA ABA, Tivoli Predictive Insights (PI), and BMC BPPM for Predictive capabilities, no vendor product has been able to pass muster. Both Moog & NOI have predictive'ish functions. Moog's is built in as an 'extension' of Incident Analysis, but I fear it may only be predictive'ish. NOI is a collection of Tivoli tools that require a rather large Tivoli Framework to build on for full visibility. PI is one of those add-ons but will only analyze Event data as part of NOI. Unless additional PI metric feeds are licensed, NOI does not advertise to compete as a Predictive.

What I want to achieve... Ideally?... Efficiency and focus for my staff that is manually handling (trending in source, correlating across in time and CI relation, and isolating business data flows to probable break point) of over a 1000+ events each in a single shift. The Holy Grail would be a tool accurately isolating to the earliest possible Event(s) and a specific Incident as far upstream as possible for a given issue or impact type that is the likely break point.

Search for a product comparison in IT Infrastructure Monitoring
it_user178113 - PeerSpot reviewer
Director at HP
May 26, 2016

Try Operations Manager I (OMi) from Hewlett Packard Enterprise. Differentiated product, scales from SMB to large Enterprise/xSP networks. Comes in a solution bundle with options to include industry leading ITOA (big data analytics capability). documented reference customers with more than 70% event consolidation/suppression.

Program Manager - Enterprise Command Center at a financial services firm with 10,001+ employees
Real User
Jul 22, 2016

Hi Kevin, My team is set to begin a pilot Moogsoft's solution within the next couple weeks, and NOI will stand up in parallel. With any learning algorithm, it seems time & data are key ingredients. We should have some idea of how these compare in coming months. Thanks for checking in! --> R

it_user484395 - PeerSpot reviewer
Technical ADvisor at a financial services firm with 501-1,000 employees
Jul 22, 2016

Randall - just wondering how your analysis is going?

it_user289056 - PeerSpot reviewer
Enterprise IT Management Consultant with 51-200 employees
May 30, 2016

Hi, I have used CA-Unicenter, CA-SOI and now TESM (OpsDirector). People are misguided in thinking that SOI is an event management product. Similarly, it would be wrong to think of Splunk as that too. Unicenter is obsolete and was very onerous in rules. TESM only works with ServiceNow.
I have exposure to CA-UIM, but it is not open enough to be seen as an event management platform. I have an understanding of how Moogsoft (a spin-off Netcool) goes about its business but I have never used it. There is also Netuitive, worth looking into. What exactly are you looking to achieve?

it_user451401 - PeerSpot reviewer
Vice President of Product at BigPanda
May 27, 2016

Hi Randall, also have a look at BigPanda (my company). We automate event correlation and have pre-integrations with all leading monitoring tools. BigPanda automatically generates high-level incidents from monitoring events and automatically shares them with external ticketing solutions like ServiceNow and JIRA or collaboration tools like Slack or HipChat. Correlation occurs in the cloud and event collection is typically agentless via secure APIs or webhooks.

Service Health Analytics dashboards provide visibility into key metrics like MTTR, top alerting hosts, and top alerting checks. Most enterprise customers using BigPanda benefit from 99% noise suppression. Configuration takes hours and is code-free. We offer a free trial if you're interested. As Altug mentioned, stay away from solutions that require you to manually maintain rules. Feel free to reply with any questions about BigPanda capabilities or configuration. Hope it's a good fit...

Learn what your peers think about Zabbix. Get advice and tips from experienced pros sharing their opinions. Updated: February 2023.
687,256 professionals have used our research since 2012.
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
May 27, 2016

The question should be Monitor or Logging?
Here are the basics:

Log != event
Logs can contain many non-event based data points which are useful in the future, or may become useful in the future.

Engineering your own log collection and analysis system covers the top .5% of users who need that technology. Most clients I speak with cannot engineer their own systems, hence they rely on log analysis products which are purchased versus developed. You are also assuming that users have developers writing the apps which are logging, and that’s very often not the case.

The reason why monitoring and logging are separate in most cases is the monitoring tools don’t do the type of log analysis people want today, they do the log/event analysis people wanted in 1995.

ESM Engineer at BAE Systems
Real User
Top 5
May 26, 2016

Sorry, don’t have any experience with Moogsoft but take a look at CA Service Operations Insight (SOI). It will provide you that same capability but much more features.

it_user295758 - PeerSpot reviewer
Managed Services Operational Engineer- Automation with 1,001-5,000 employees
May 26, 2016

I have never looked at Moogsoft. We probably want to wait until UIM 84.1 is released since it is suppose add many incident management features.

Program Manager - Enterprise Command Center at a financial services firm with 10,001+ employees
Real User
May 26, 2016

Thanks for sharing, Mike! I've seen BMCs approach as well as CA's, IBM Tivoli's, and Moogsoft's most recently.
Event de-dup is indeed a common feature when it comes to the same alert firing repeatedly on a single host. What these other vendors 'promise' is de-dup of same or similar alert events across multiple hosts within an app's infra and even across multiple apps with same similar tiers. The idea is to group Events if they correlate in time and/or CI relationship.
The Incident Analysis functions promised are much as you describe but with a twist, and I couldn't agree more with the challenges you describe. This approach is taking only Event messages (from any/all tool sources) & actual Incident Record details (Ex: ServiceNow) and comparing to Business rules, Service Models, and Knowledge on past occurrences to find a current ticket as far upstream as possible. I've seen many vendors with Triage/Isolation functions which are valuable, but they usually drill down into Host/App/Code/etc. This approach seems promising and worth testing.

** MemberSH/SaleMan, Nothing personal, but I am discounting your Vendor comments for a couple reasons. 1.) looking for comparative details from experience working with multiple vendors. 2.) have to think twice on vendors w anonymous profile names

it_user272346 - PeerSpot reviewer
Principal Solutions Architect at a pharma/biotech company with 1,001-5,000 employees
Real User
May 26, 2016


I would think just about any Enterprise Monitoring Solution allows for de-duplication of events out of the box… and just update the Event Count. At least all of the solutions I’ve employed provide this feature.

If I can surmise what Incident Analysis refers to: Probable (Root) Cause Analysis? Most solutions employ something like this as well. However there is always a challenge with event correlation to understand what is impacted, and whether any underlying alerts actually contributed to the problem. This is always dependent upon customer requirements as not all platforms and applications are architected in the same fashion.

I recently attended a good BMC webinar which covers Service Impact Modeling, which may apply here in some way – or at least provide the many things to consider when employing a similar strategy: (You may need to create an account in BMC Communities to view…)


Online Documentation: https://docs.bmc.com/docs/display/public/proactivenet95/About+service+modeling

Hope this provides a good start in navigating down this rabbit-hole… 

it_user11238 - PeerSpot reviewer
Solution Architect at CA Technologies
Real User
May 26, 2016

Each vendor has a different take on this aspect, based on their historical
development and the capabilities of the tools they offer.

Some only perform monitoring on a particular infrastructure layer (network,
systems, storage, etc.) and forward them to event analysis engines, some do
a very good job of isolating root cause of each issue and forward only the
pertinent details to upper level processing solutions.

Let me say one thing: if the solutions you consider have a detailed rules
based engine that requires you to enter and update individual rules for
monitoring, please STAY AWAY! It is a very high maintenance solution and
will either suck your resources dry or become obsolete too fast too soon.

Make sure that the solution you are considering can resolve relationships
between infrastructure components and update them automatically (either as
soon as they happen, periodically or through manual triggering).

Make sure that root cause determination takes place at each infrastructure
layer monitoring solution (automated resolution of issues is a plus
wherever applicable) and only this information is sent to higher level
incident monitoring/tracking solutions.

A good solution set at a minimum should consist of solutions that are
capable of:
* network monitoring/management
* systems monitoring/management
* storage infrastructure monitoring/management
* business application performance management/monitoring (if possible)
* higher level incident analysis engine that is fed from each of the above
solutions and has a point and click interface to configure rather than
endless keyboard typing
* service desk solution that is fed from all of the above solutions to be
able to implement ITIL guidelines

But the main hurdle is to engage business side of the company/institution
to be able to gather information to understand what is important for them
and what is not. Remember, IT is there to support business. If you're
monitoring each and everything left and right without understanding the
business, you're just burning resources for a war that's already lost. This
may sound hard for the average IT department but it is an evolutionary step
that is required in today's corporate environment to become a part of
business that adds value, rather than being perceived as a bottomless pit
into which the organization throws money for no apparent benefit.

Please do not hesitate to contact me for further details.


Altug Gur

it_user420528 - PeerSpot reviewer
Senior Software Engineer at a financial services firm with 10,001+ employees
Real User
May 26, 2016


I don’t have experience in the tools you mentioned below but I have expertise in Infrastructure monitoring with other tools. I know that most of the tools work on the same lines, I have got one question, is IT central station a right place to ask questions, I have also got some questions on Appdynamics, APM tool.


it_user352575 - PeerSpot reviewer
Senior IT Consultant at a tech consulting company with 51-200 employees
May 26, 2016


I have experience with some monitoring tools like:

- Microsoft System Center Operations Manager

- Riverbed Application Performance Management

- Riverbed Network Performance Management

I have experience with incident management (and additional ITIL work items) tools like:

- Microsoft System Center Service Manager

- ProactivaNet

Event management best practices studying can be helpful to select the right tool.


José A. Molina

Related Questions
Michael Stollery - PeerSpot reviewer
Enterprise Management/Monitoring and Automation/Orchestration Architect and Senior Systems Engineer at Wipro Limited
Apr 13, 2022
Hi community, Obviously, when moving from a "best-of-breed" solution to a single-vendor ecosystem, such as ServiceNow CMDB, ITOM, Automation/Orchestration, something will be lost.  However, assuming the threshold of success is 80% (of the best-of-breed enterprise management/monitoring and automation/orchestration platform, tool-agnostic...), has anyone successfully accomplished this goal?  A...
See 1 answer
Sr.Dir/Managing Principal Technology Consulting at a consultancy with 10,001+ employees
Apr 13, 2022
Hi @Michael Stollery,  ​Difficult to answer w/o knowing what Business Outcomes (Value) are you looking to realize.  It is NOT as much about migrating from A to B, but more about what incremental or differentiating value are you looking to realize and in what time frame? 
Co-Founder at Xmartic
Jul 13, 2021
Hello,  I'm working at a Tech Services company and I would like to understand the competitive advantages of Nagios XI vs other Network Performance Monitoring(NPM) tools. Can you share your expertise on this topic?Thanks
2 out of 4 answers
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2021
Hi @Asher Margolis, can you please share your advice about this product with @Carlos_Gonzalez?  Thanks!
CEO at Rufusforyou
Jul 12, 2021
In Nagios you have to build from templates so more development work and you need to have the knowledge of what you like to monitor.  Depending on the budget you have options like Dynatrace - a ready-to-go solution. IBM APM or IBM Netcool APM - easy to install and to understand. Netcool more for a large enterprise environment, difficult to install.  Depending on what you need to monitor, you have also Riverbed or our SaaS solution RufusAI a total solution with cybercentric security built-in.
Related Articles
Director, Middle East, East India & SAARC at DMX Technologies
Aug 26, 2022
Modern-day servers are robust enough to accommodate as many applications and processes as possible. Still, there is a limit to how much load a server can handle. If your business does not heed the server constraints in time, you are bound to suffer from operational loss due to server downtimes. To closely monitor your server health, you must track specific metrics regularly. Here are some s...
See 1 comment
Marketing & PR Specialist at AdRem Software
Aug 26, 2022
Collecting as many metrics, statuses, and logs about the servers is indeed the first step, you never know what data you will need to solve a particular problem. The second step is to process and correctly pinpoint where the network performance/behavior differs from the expected range/baseline.  Can your network monitoring software automate the obvious (execute remote corrective actions in response to alerts) and notify the IT person about only critical situations where the human needs to make a decision about the resolution options? We expect the network monitoring software today to do just that.  I would say NetCrunch can do it, but do you have any experience with other monitoring products that provide a similar type of monitoring experience for IT teams?
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Nov 1, 2021
What Is AIOps? AIOps is the practice of applying analytics and machine learning to big data to automate and improve IT operations. These new learning systems can analyze massive amounts of network and machine data to find patterns not always identified by human operators. These patterns can both identify the cause of existing problems and predict future impacts. The ultimate goal of AIOps is...
See 2 comments
Director of Community at PeerSpot (formerly IT Central Station)
Sep 14, 2021
Great article, @Shibu Babuchandran! Thank you for sharing your knowledge with the community!
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Nov 1, 2021
I always like this order a lot: "Consider People and Process" and only after, Technology.
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Aug 31, 2021
Future of NOC transformation unifies IT teams NOC transformation could lead to unified IT operations with cross-domain teams, but not all enterprises need radical change when smaller upgrades and modernization do the job. In the technology world, it can be easy to throw around the word transformation and lose the nuances of what it entails. Consider the networking industry. Remote work req...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Aug 18, 2021
IT Operations Management (ITOM) refers to the administration of technology and application requirements within an IT organization. Under the ITIL framework, ITOM’s objective is to monitor, control, and execute the routine tasks necessary to support an organization’s IT infrastructure. In addition to the above, an ITOM solution ensures effective provisioning and management of capacity, cost...
See 1 comment
Enterprise System Management at ESM Consultant
Aug 18, 2021
I have done the product for 22 plus years, whenever it was called OpC.  Some of that is still around in the last version I worked with 10.7x. I’m afraid that since Micro Focus bought the product it’s DOA, they don’t have any partners like HP had, independent consultants like myself are locked out of getting news work because Micro Focus unlike HP doesn’t promote independent work. They try to gobble up all of the little fish we used to make a living working for.   I have moved back to my Unix and Linux system administrator roots and I work for a large fortune 50 company that has multiple lines of business, a few still have the tools around. Our group manages several thousand servers using Core Nagios. It reminds me of the day when HP OpenView was easily deployed and configured. It became something of a green-eyed monster that of the 20 clients who I worked with over the 22 years not only have they dumped it but are using similar OSE tools to monitor their environments.  
Related Articles
Director, Middle East, East India & SAARC at DMX Technologies
Aug 26, 2022
7 Most Important Metrics of Server Monitoring Software
Modern-day servers are robust enough to accommodate as many applications and processes as possibl...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Nov 1, 2021
The Essential Guide to AIOps
What Is AIOps? AIOps is the practice of applying analytics and machine learning to big data to...
Download Free Report
Download our free Zabbix Report and get advice and tips from experienced pros sharing their opinions. Updated: February 2023.
687,256 professionals have used our research since 2012.