Alerts 2.0 provides a comprehensive overview of your alert management system.
Powered by OpsQL, you can query, interpret, and act on the alerts.
With Alerts 2.0, you can do the following:
Search for queries using OpsQL, save, and share the views.
Note
If you select a specific client to search for alert queries, only those specific client queries are displayed.
View a summary of the specific alert in a slide-out panel for quick reference.
Perform actions on the alert from the slide-out panel.
Perform bulk actions on multiple alerts.
Select a refresh duration from 1 minute to 24 hours.
The New Alert listing page supports Service Provider context. Service Provider users can search for alerts across all clients within All Partners.
Alerts Column Settings
You can add or remove a column in the alerts listing page.
Follow these steps to add or remove a column:
Click the Settings icon on the Alerts listing page.
Select a check box to add a column. Clear a check box to remove a column.
Click Update. The Alerts listing page is updated accordingly.
Alerts Slide-Out
You can view the summary of an alert on the Alerts Slide-Out.
To view the Alerts slide-out:
Click the Alert ID on the Alerts listing page. By default, the open and acknowledged alerts for the last seven days are displayed. To learn how to build queries, click here.
The alerts slide-out has the following information:
The current Alert status, alert state and Alert ID information is displayed along with the alert subject.
The First alert time and Last alert time information
Total occurrence (repeat count) of the alert, Inference, Correlated (The Inference information appears if it is a correlated alert. The Correlated information appears if it is an inference alert. Click the respective links to get the details.)
Information like Alert Type, Resource, Metric, Component, Client, Alert Description, Resource Type.
Last Comment information
Show More: Click View Details to view the alert details.
ACTIONS: Use the ACTIONS button to perform the following actions on an alert:
Acknowledge
Suppress
Run Process
Heal
Create Incident
Export
The Export functionality lets you to export the response alerts from the Alerts 2.0 page as a report.
Prerequisite: The Alert Listing app should be installed.
To export alerts filter criteria:
From All Clients, select a client.
On the Alerts 2.0 page, use the search option to search for alerts using the OpsQL query.The Search results are displayed.
Click the Export icon available next to the Filters option.A message asks the user to install the Alert Listing app if it is not already installed. Click Install App to install the app.
The page is redirected to the Alert Listing app screen.The configuration properties in the Alert Listing app are auto-filled with the filter criteria that were provided in the search.The run process is initiated. The process progress depends on the data and the configuration parameters.
Click the Recent icon available in the Configure Parameters section to view the progress.
How to build queries
Build queries using the basic and advanced query modes. The query modes have attributes, logical operators, and values that are dynamically populated. Select these parameters to form valid expressions and complete building the queries.
The following sections describe the steps that both the basic and advanced users should follow for building the queries:
A beginner can start querying using the Basic Query mode. The Basic Query mode allows you to create a query without knowing the exact syntax.
To build a query:
Click Command Center > Alerts. The ALERTS query page is displayed.
By default, the Open and Acknowledged alerts that have been updated within the last 7 Days are displayed. To clear the query, click the close X icon.
To start building a query, click +QUERY. The ATTRIBUTES list is populated.
Select an attribute and then select an operator from the OPERATORS drop-down that is dynamically populated.
Select a value from the VALUES drop-down. The values are populated based on the selected attribute and operator.
The query result is displayed.
Click + to add another expression.
The AND logical operator is selected by default. Click and select the desired operator.
Follow the steps mentioned above to form another expression – attribute, operator and value.
The query result is displayed.
The following additional actions can be performed:
To create a new tab, click +.
To delete a query, click X.
Click REFRESH to refresh the query result list. You can set the refresh duration from 1 Minute to 24 Hours. The default is set to 15 Minutes. Click Off if you do not want to refresh the query result list.
For Power Users
As a power user you can go ahead and use the Advance Query mode.
To start querying:
Click Command Center > Alerts. The ALERTS query page is displayed.By default, the Open and Acknowledged alerts that have been updated within the last 7 Days are displayed on the Alerts page. To clear the query, click the close X icon.
Click the Advance Query mode icon to switch to the Advance query mode.
As soon as you start typing the attribute name in the Search box, the available attributes are displayed automatically.
Select the attribute and the operator from the dynamically populated matching operator list and then type in (or select) a value.
Select the logical operators, AND or OR
Follow the steps mentioned above – select the attribute, operator and value to form an expression.
You can add as many valid expressions as possible.
Click the search icon or hit enter. The query result is displayed.
You can click the Basic Query mode icon to switch to the Basic Query mode.
Switch between Basic and Advanced Query modes at any time
You can switch between the Basic and the Advanced Query modes anytime without making any changes to the query.
For more information on the OpsQL Query Language and examples, click here
Alert actions
The following alert actions can be performed from the alerts slide-out panel:
Action
Description
Acknowledge
Acknowledges a received alert.
Suppress
Suppresses the current alert and all duplicate alerts.
Create Incident
Creates a ticket for the generated alert, assigns users, and sets the priority.
Run Process
Adds a process definition to an alert and runs the process.
Heal
Heals an alert.
Alert filters
The following filters can be applied to alerts using Alerts 2.0:
Attribute Name
Description
Created Time
Alert created time. Select the date range.
Updated Time
Alert updated time. Select the date range.
Resources
Search for the resources. Note: Also available as an inline filter.
Entity Type
Filter alerts by entity type:
Resource
Integration
Service
Client
Metrics
Filter alerts by metric name. Note: Also available as an inline filter.
Resource Types
Filter alerts by resource type.
Alert Types
Filter alerts by alert type:
Agent
Obsolete
Scheduled Maintenance
Forecast
Change Detection
Prediction
Maintenance
Monitoring
Priorities
Filter alerts by priority, where P0 is the highest priority and P5 is the lowest priority.
Current States
Filter alerts by their current state:
Critical
Warning
Ok
Info
Observed
Status
Filter alerts by their current status:
Acknowledged
Ticketed
Closed
Suppressed
Open
Correlated
Inline filter
The Inline filter allows users to add the value of a cell as an additional filter. In the following example, clicking the filter icon filters the results of the table, where the metric is CPU.
Correlated and Inference Alert Icons
You can identify Correlated and Inference alerts by icons in the Alerts 2.0 page. To identify the correlated and inference alerts, hover over the icon next to the Alert ID, on the Alerts 2.0 page.
De-Correlate Alerts
You can de-correlate a single or multiple correlated alerts from the ALerts 2.0 page.
To de-correlate an alert:
In the Alerts 2.0 page, select a single or multiple correlated alerts that you want to de-correlate.
Click Actions.
Select De-Correlate from the drop-down list.
The DE-CORRELATE ALERTS slide-out page is displayed.
Enter the comments and click DE-CORRELATE. The correlated alert is de-correlated.
My Alerts Views
To navigate to the My Alerts Views slide-out:
Click the hamburger menu icon at the upper-left corner of the Alerts page, to view the My Alerts Views slide-out.
You can perform the following actions from the My Alerts Views slide-out:
Once you execute a query, you can save the query results as a view.
To save a view:
Click the hamburger menu icon at the upper-left corner of the Alerts page.
From the slide-out, click the + icon. The SAVE VIEW popup is displayed.
Enter a name for the view and click ADD.
The view is saved and displayed in the slide-out.
Use the up/down arrow icons to hide/show the views in the slide-out.
The Save and Restore icons appear after you create a view.
Set Favorite
To mark a view as favorite:
Search for the view using the search icon.
Hover over the view name on the slide-out.
Click the star icon. The view is added as favorite and appears under the FAVORITE category. The blue colored star icon indicates that the view is added as favorite.
If you want to unfavorite the view, click the blue colored star against the view. The view is removed from the Favorite category.
You can perform the following other actions on the saved view:
Restore
The Restore option reverts to the previous query.
Once you have made changes to a specific query, which is already saved as a view:
Hover over the view name on the slide-out.
Click the actions menu. The VIEW OPTIONS popup is displayed.
Click the Restore option. The previous query automatically appears in the Search box. Note: You must not save the changes you made to the query for the view. Otherwise, the query will not be reverted.
Rename
The Rename option allows you to rename the name of the view.
To rename a view:
Hover over the view name on the slide-out.
Click the actions menu. The VIEW OPTIONS popup is displayed.
Click the Rename option. The RENAME VIEW popup is displayed.
Enter a new name for the view in the Name box and click SAVE. The view is renamed.
Copy
The Copy option allows you to create a copy of a view.
To create a copy of a view:
Hover over the view name on the slide-out.
Click the actions menu. The VIEW OPTIONS popup is displayed.
Click the Copy option. The COPY VIEW popup is displayed.
Enter a name for the view in the Name box and click SAVE. The view is copied and is displayed in the slide-out.
Set Default View
The Set Default View option allows you to set a view as a default view for the current user.
To set a view as a default:
Hover over the view name on the slide-out.
Click the actions menu. The VIEW OPTIONS popup is displayed.
Click the Set Default View option. The Set Default View dialog box is displayed.
Turn on the My Default View option.
Click the SET DEFAULT button.
Refresh the browser. You can see that the view is set as default for the current user.
To set the default view for other users, share the view and make it default for the user you want to set as default.
Share
The Share option allows you to share an alert view to a particular partner or client role. Select the Partner Roles and Client Roles from the Share View - View Name window and click Share.
To share a view:
Hover over the view name on the slide-out.
Click the actions menu. The VIEW OPTIONS popup is displayed.
Click the Share option. The Share View dialog box is displayed.
Select a role from the drop-down list.
Click SHARE. The view is shared.
Notes:
The view will be available to the users with the assigned roles.
If you are logged in as a Partner, you can share the alert view to both partners and clients.
If you are logged in as a Client, you can share the alert view only to the clients.
The views can be shared to more than one role.
A user who has selected a default view can also assign it as a default to other users. To do so, the user has to share the view using the View - Share option.
Remove
The Remove option allows you to remove a view.
To remove a view:
Hover over the view name on the slide-out.
Click the actions menu. The VIEW OPTIONS popup is displayed.
Click the Remove option. A confirmation dialog box is displayed.
Click REMOVE. The view is removed.
Alerts Details page
The new Alerts details page provides a comprehensive view of the alerts that are generated.
The Alerts Details page allows you to:
View information about an alert.
Perform various actions like create an incident, attach an incident, view alert history, view resource alerts.
To access the Alerts Details page:
Click Command Center > Alerts. The Alerts listing page is displayed.
Click the Alert ID for which you want to view details. The alerts slide-out is displayed which has the summary of the alert.
Click View details.
Following is the information that is displayed on the Alerts details page and the actions you can perform:
Information
Action/Description
Repeat Count
Count of the number of duplicate alerts generated by the resource. Click the repeat count link. This shows the list of alerts in a popover.
Ticket - Create or Attach
Click the Create/Attach link to either create a new incident or attach an existing incident to the alert.
To create an incident, click Create , enter the information required and click the Create button.
To attach an incident, click Attach. Select the incident from the Attach to Alert window and click the Attach button. You can also change the query to search for an incident.
First Alert Time
The time when the first alert was generated.
Elapsed Time
The time from when the first alert was generated till the current time.
Inference
Clicking the link opens up a tab that shows the inference alerts listing page.
Correlated
Clicking the link opens up a tab that shows the correlated alerts listing page.
Alert History
The alert occurrence over a period of time. By default, it shows the occurrence of the alert for the past 7 days and the next 7 days.
Hover over the bubble chart to view the number of alerts with their states. Click on a bubble to view the list of alerts.
You can change the time period to 15 or 30 days by clicking the This Alert +/- 7 Days link.
A graph is shown for the metric, for the same time range, based on the component. Hover over the graph to view the metric value and the time.
Alert logs: View the alert logs, if available.
Knowledge Base
Click the Knowledge Base tab to view the list of KB articles.
Actions
You can perform the following actions from the Actions dropdown:
Escalation Policy: Shows all the related escalation policies.
Acknowledge: Acknowledge the alert
Suppress: Suppress the alert
Create Incident: Create an incident
Update Incident: Update the incident
Run Process: Run a process
Heal: Heal the alert
Close: Close the alert
Remote consoles and Run Command icons
You can launch Remote consoles and Run Command to troubleshoot on the devices directly from the Alerts details page.
Topology icon
It will navigate to the topology map, which shows all the connected devices.
Examples
The following are example illustrations for each alerts:
Log Alert Visualization with Inputs
The subsequent section provides a visual representation of log alerts along with their corresponding inputs. The log time range is prominently displayed, and by clicking it, you are seamlessly navigated to the logs page.
In contrast to the previous version where only the metric graph was visible, the updated visualization now includes a logarithmic graph. Moreover, the definition name is now presented as LOG.
Filter: alertType = LOG
Change Detection Alert Visualization with Inputs
For lower, upper, and average values, you’ll see the alert definition name if created through an alert definition, and the template name if created from a template.
By clicking on the Definitions page within the details section, you will be redirected to the Alerts page.
Filter: alertType = Change_Detection
Monitoring Alerts Visualization with Inputs
Upon the generation of an alert from an alert definition, the alert definition name will be visibly presented. In cases where the alert is created from a template, the monitoring template name will be displayed.
Note: Alerts generated from the Alert Definition are produced using PromQL.
Filter: alertType = Monitoring
Integration Alerts Visualization with Inputs
When object type is equal to integrations, only integration data is present; no resource data is included. The name of the integration data is specified.
Filter: Object Type = Integration
Note
This is a feature-flag based functionality. Contact OpsRamp Support for more information.
