Alerts 2.0 provides a comprehensive overview of your alert management system.

Powered by OpsQL, you can query, interpret, and act on the alerts.

With Alerts 2.0, you can do the following:

  • Search for queries using OpsQL, save, and share the views.

  • View a summary of the specific alert in a slide-out panel for quick reference.

  • Perform actions on the alert from the slide-out panel.

  • Perform bulk actions on multiple alerts.

  • Select a refresh duration from 1 minute to 24 hours.

Alerts Column Settings

You can add or remove a column in the alerts listing page.

Follow these steps to add or remove a column:

  1. Click the Settings icon on the Alerts listing page.

  2. Select a check box to add a column. Clear a check box to remove a column.

  3. Click Update. The Alerts listing page is updated accordingly.

Alerts Slide-Out

You can view the summary of an alert on the Alerts Slide-Out.

To view the Alerts slide-out:

  1. Click the Alert ID on the Alerts listing page.
    By default, the open and acknowledged alerts for the last seven days are displayed.
    To learn how to build queries, click here.

The alerts slide-out has the following information:

  • The current Alert status, alert state and Alert ID information is displayed along with the alert subject.
  • The First alert time and Last alert time information
  • Total occurrence (repeat count) of the alert, Inference, Correlated (The Inference information appears if it is a correlated alert. The Correlated information appears if it is an inference alert. Click the respective links to get the details.)
  • Information like Alert Type, Resource, Metric, Component, Client, Alert Description, Resource Type.
  • Last Comment information
  • Show More: Click Show More or Full Details to view full alert details.
  • ACTIONS: Use the ACTIONS button to perform the following actions on an alert:
    • Acknowledge
    • Suppress
    • Run Process
    • Heal
    • Create Incident

How to build queries

Build queries using the basic and advanced query modes. The query modes have attributes, logical operators, and values that are dynamically populated. Select these parameters to form valid expressions and complete building the queries.

The following sections describe the steps that both the basic and advanced users should follow for building the queries:

Basic users - See for Basic Users section.

Power users - See for Power Users section.

For Basic Users

A beginner can start querying using the Basic Query mode. The Basic Query mode allows you to create a query without knowing the exact syntax.

To build a query:

  1. Click Command Center > Alerts. The ALERTS query page is displayed.

  2. By default, the Open and Acknowledged alerts that have been updated within the last 7 Days are displayed. To clear the query, click the close X icon.

  3. To start building a query, click +QUERY. The ATTRIBUTES list is populated.

  4. Select an attribute and then select an operator from the OPERATORS drop-down that is dynamically populated.

  5. Select a value from the VALUES drop-down. The values are populated based on the selected attribute and operator. The query result is displayed.

  6. Click + to add another expression.

  7. The AND logical operator is selected by default. Click and select the desired operator.

  8. Follow the steps mentioned above to form another expression – attribute, operator and value.

The query result is displayed.

The following additional actions can be performed:

  • To create a new tab, click +.

  • To delete a query, click X.

  • Click REFRESH to refresh the query result list. You can set the refresh duration from 1 Minute to 24 Hours. The default is set to 15 Minutes. Click Off if you do not want to refresh the query result list.

For Power Users

As a power user you can go ahead and use the Advance Query mode.

To start querying:

  1. Click Command Center > Alerts. The ALERTS query page is displayed.

    By default, the Open and Acknowledged alerts that have been updated within the last 7 Days are displayed on the Alerts page. To clear the query, click the close X icon.

  2. Click the Advance Query mode icon to switch to the Advance query mode.

  3. As soon as you start typing the attribute name in the Search box, the available attributes are displayed automatically.

  4. Select the attribute and the operator from the dynamically populated matching operator list and then type in (or select) a value.

  5. Select the logical operators, AND or OR

  6. Follow the steps mentioned above – select the attribute, operator and value to form an expression. You can add as many valid expressions as possible.

  7. Click the search icon or hit enter. The query result is displayed.

You can click the Basic Query mode icon to switch to the Basic Query mode.

Switch between Basic and Advanced Query modes at any time

  • You can switch between the Basic and the Advanced Query modes anytime without making any changes to the query.

For more information on the OpsQL Query Language and examples, click here

Alert actions

The following alert actions can be performed from the alerts slide-out panel:

ActionDescription
AcknowledgeAcknowledges a received alert.
SuppressSuppresses the current alert and all duplicate alerts.
Create IncidentCreates a ticket for the generated alert, assigns users, and sets the priority.
Run ProcessAdds a process definition to an alert and runs the process.
HealHeals an alert.

Alert filters

The following filters can be applied to alerts using Alerts 2.0:

Attribute NameDescription
Created TimeAlert created time. Select the date range.
Updated TimeAlert updated time. Select the date range.
ResourcesSearch for the resources.
Note: Also available as an inline filter.
Entity TypeFilter alerts by entity type:
  • Resource
  • Integration
  • Service
  • Client
MetricsFilter alerts by metric name.
Note: Also available as an inline filter.
Resources TypesFilter alerts by resource type.
Alerts TypesFilter alerts by alert type:
  • Agent
  • Obsolete
  • Scheduled Maintenance
  • Forecast
  • Change Detection
  • Prediction
  • Maintenance
  • Monitoring
PrioritiesFilter alerts by priority, where P0 is the highest priority and P5 is the lowest priority.
Current StatesFilter alerts by their current state:
  • Critical
  • Warning
  • Ok
  • Info
  • Observed
StatusFilter alerts by their current status:
  • Acknowledged
  • Ticketed
  • Closed
  • Suppressed
  • Open
  • Correlated

Inline filter

The Inline filter allows users to add the value of a cell as an additional filter. In the following example, clicking the filter icon filters the results of the table, where the metric is cpu.

Alerts Inline Filter Icon

Correlated and Inference Alert Icons

You can identify Correlated and Inference alerts by icons in the Alerts 2.0 page. To identify the correlated and inference alerts, hover over the icon next to the Alert ID, on the Alerts 2.0 page.

Alerts Icon
Alerts Icon

De-Correlate Alerts

You can de-correlate a single or multiple correlated alerts from the ALerts 2.0 page.

To de-correlate an alert:

  1. In the Alerts 2.0 page, select a single or multiple correlated alerts that you want to de-correlate.
De-Correlate Alert

  1. Click Actions.

  2. Select De-Correlate from the drop-down list.

De-Correlate Alert

  1. The DE-CORRELATE ALERTS slide-out page is displayed.

  2. Enter the comments and click DE-CORRELATE.
    The correlated alert is de-correlated.

    De-Correlate Alert

My Alerts Views

To navigate to the My Alerts Views slide-out:

  1. Click the hamburger menu icon at the upper-left corner of the Alerts page, to view the My Alerts Views slide-out.

You can perform the following actions from the My Alerts Views slide-out:

Save a View

Once you execute a query, you can save the query results as a view.

To save a view:

  1. Click the hamburger menu icon at the upper-left corner of the Alerts page.

  2. From the slide-out, click the + icon. The SAVE VIEW popup is displayed.

  3. Enter a name for the view and click ADD.

  4. The view is saved and displayed in the slide-out.

  • Use the up/down arrow icons to hide/show the views in the slide-out.
  • The Save and Restore icons appear after you create a view.

Set Favorite

To mark a view as favorite:

  1. Search for the view using the search icon.

  2. Hover over the view name on the slide-out.

  3. Click the star icon. The view is added as favorite and appears under the FAVORITE category. The blue colored star icon indicates that the view is added as favorite. If you want to unfavorite the view, click the blue colored star against the view. The view is removed from the Favorite category.

You can perform the following other actions on the saved view:

Restore

The Restore option reverts to the previous query.

Once you have made changes to a specific query, which is already saved as a view:

  1. Hover over the view name on the slide-out.
  2. Click the actions menu. The VIEW OPTIONS popup is displayed.
  3. Click the Restore option. The previous query automatically appears in the Search box.
    Note: You must not save the changes you made to the query for the view. Otherwise, the query will not be reverted.

Rename

The Rename option allows you to rename the name of the view.

To rename a view:

  1. Hover over the view name on the slide-out.
  2. Click the actions menu. The VIEW OPTIONS popup is displayed.
  3. Click the Rename option. The RENAME VIEW popup is displayed.
  4. Enter a new name for the view in the Name box and click SAVE. The view is renamed.

Copy

The Copy option allows you to create a copy of a view.

To create a copy of a view:

  1. Hover over the view name on the slide-out.
  2. Click the actions menu. The VIEW OPTIONS popup is displayed.
  3. Click the Copy option. The COPY VIEW popup is displayed.
  4. Enter a name for the view in the Name box and click SAVE. The view is copied and is displayed in the slide-out.

Set Default View

The Set Default View option allows you to set a view as a default view for the current user.

To set a view as a default:

  1. Hover over the view name on the slide-out.

  2. Click the actions menu. The VIEW OPTIONS popup is displayed.

  3. Click the Set Default View option. The Set Default View dialog box is displayed.

  4. Turn on the My Default View option.

  5. Click the SET DEFAULT button.

  6. Refresh the browser. You can see that the view is set as default for the current user.

  7. To set the default view for other users, share the view and make it default for the user you want to set as default.

Share

The Share option allows you to share an alert view to a particular partner or client role. Select the Partner Roles and Client Roles from the Share View - View Name window and click Share.

To share a view:

  1. Hover over the view name on the slide-out.

  2. Click the actions menu. The VIEW OPTIONS popup is displayed.

  3. Click the Share option. The Share View dialog box is displayed.

  4. Select a role from the drop-down list.

  5. Click SHARE. The view is shared.

Notes:

  • The view will be available to the users with the assigned roles.
  • If you are logged in as a Partner, you can share the alert view to both partners and clients.
  • If you are logged in as a Client, you can share the alert view only to the clients.
  • The views can be shared to more than one role.
  • A user who has selected a default view can also assign it as a default to other users. To do so, the user has to share the view using the View - Share option.

Remove

The Remove option allows you to remove a view.

To remove a view:

  1. Hover over the view name on the slide-out.
  2. Click the actions menu. The VIEW OPTIONS popup is displayed.
  3. Click the Remove option. A confirmation dialog box is displayed.
  4. Click REMOVE. The view is removed.