Alerts 2.0 provides a comprehensive overview of your alert management system.

Powered by OpsQL, you can query, interpret, and act on the alerts.

With Alerts 2.0, you can do the following:

  • Search for queries using OpsQL, save, and share the views.

  • View a summary of the specific alert in a slide-out panel for quick reference.

  • Perform actions on the alert from the slide-out panel.

  • Perform bulk actions on multiple alerts.

  • Select a refresh duration from 1 minute to 24 hours.

  • The New Alert listing page supports Service Provider context. Service Provider users can search for alerts across all clients within All Partners.

Alerts Column Settings

You can add or remove a column in the alerts listing page.

Follow these steps to add or remove a column:

  1. Click the Settings icon on the Alerts listing page.

  2. Select a check box to add a column. Clear a check box to remove a column.

  3. Click Update. The Alerts listing page is updated accordingly.

  4. You can also search for a particular column using the search feature.

Alerts Slide-Out

You can view the summary of an alert on the Alerts Slide-Out.

To view the Alerts slide-out:

  1. Click the Alert ID on the Alerts listing page.
    By default, the open and acknowledged alerts for the last seven days are displayed.
    To learn how to build queries, click here.

The alerts slide-out has the following information:

  • The current Alert status, alert state and Alert ID information is displayed along with the alert subject.
  • The First alert time and Last alert time information
  • Total occurrence (repeat count) of the alert, Inference, Correlated (The Inference information appears if it is a correlated alert. The Correlated information appears if it is an inference alert. Click the respective links to get the details.)
  • Information like Alert Type, Resource, Metric, Component, Client, Alert Description, Resource Type.
  • Last Comment information
  • Show More: Click View Details to view the alert details.
  • ACTIONS: Use the ACTIONS button to perform the following actions on an alert:

ActionDescription
View detailsRefers to an option that allows the user to see more information about the alert.
AcknowledgeAcknowledging an alert is a way of confirming that you have seen it and are aware of its existence.

See Acknowledge an alert for more details.

SuppressSuppresses the current alert and all duplicate alerts.
Create IncidentCreates a ticket for the generated alert, assigns users, and sets the priority.

See Create incident for more details.

Attach IncidentYou can attach an incident to an alert to establish a clear relationship between a specific alert and a broader incident.
Run ProcessAdds a process definition to an alert and runs the process.
HealHeals an alert.

Acknowledge an alert

Acknowledging an alert typically means that you confirm that you have seen and are aware of the alert. When an alert is generated, it requires some action or attention from a user. Acknowledging alerts helps ensure that critical issues are not overlooked and appropriate actions are taken on time to address them. It also helps facilitate communication and coordination among team members by providing clarity on who is responsible for handling each alert.

To acknowledge an alert:

  1. Select an alert from the alerts browser.
    The slide-out is displayed.

  2. Click Actions from the slide-out.

  3. Select Acknowledge from the list.
    The ACKNOWLEDGE ALERTS page is displayed.

  4. Enter the comments under Comments section.

  5. Click ACKNOWLEDGE.
    The alert is acknowledged.

    You can access the details of the last acknowledged user and leave comments directly from the ACTIVITY LOG tab within the slide-out.

Create incident

  1. Navigate to the Alerts page.
  2. From the list, select an alert for which you want to create an incident.
    The slide-out is displayed.
  3. Click Actions from the slide-out.
  4. Select Create incident from the list.
    The create incident page is displayed.
  5. Enter the incident details and click Save.
    The incident is created.

You can find the incident number in the “incidentId” column. By clicking on the incidentId, you can access the details of the corresponding incident in the alert slide-out window. From there, you can modify the incident and take further action.

Export

The Export functionality lets you to export the response alerts from the Alerts 2.0 page as a report.

Prerequisite: The Alert Listing app should be installed.

To export alerts filter criteria:

  1. From All Clients, select a client.

  2. On the Alerts 2.0 page, use the search option to search for alerts using the OpsQL query.
    The Search results are displayed.

  3. Click the Export icon available next to the Filters option.
    A message asks the user to install the Alert Listing app if it is not already installed. Click Install App to install the app.

    The page is redirected to the Alert Listing app screen.
    The configuration properties in the Alert Listing app are auto-filled with the filter criteria that were provided in the search.
    The run process is initiated. The process progress depends on the data and the configuration parameters.

  4. Click the Recent icon available in the Configure Parameters section to view the progress.

How to build queries

Build queries using the basic and advanced query modes. The query modes have attributes, logical operators, and values that are dynamically populated. Select these parameters to form valid expressions and complete building the queries.

The following sections describe the steps that both the basic and advanced users should follow for building the queries:

Basic users - See for Basic Users section.

Power users - See for Power Users section.

For Basic Users

A beginner can start querying using the Basic Query mode. The Basic Query mode allows you to create a query without knowing the exact syntax.

To build a query:

  1. Click Command Center > Alerts. The ALERTS query page is displayed.

  2. By default, the Open and Acknowledged alerts that have been updated within the last 7 Days are displayed. To clear the query, click the close X icon.

  3. To start building a query, click +QUERY. The ATTRIBUTES list is populated.

  4. Select an attribute and then select an operator from the OPERATORS drop-down that is dynamically populated.

  5. Select a value from the VALUES drop-down. The values are populated based on the selected attribute and operator. The query result is displayed.

  6. Click + to add another expression.

  7. The AND logical operator is selected by default. Click and select the desired operator.

  8. Follow the steps mentioned above to form another expression – attribute, operator and value.

The query result is displayed.

The following additional actions can be performed:

  • To create a new tab, click +.

  • To delete a query, click X.

  • Click REFRESH to refresh the query result list. You can set the refresh duration from 1 Minute to 24 Hours. The default is set to 15 Minutes. Click Off if you do not want to refresh the query result list.

For Power Users

As a power user you can go ahead and use the Advance Query mode.

To start querying:

  1. Click Command Center > Alerts. The ALERTS query page is displayed.

    By default, the Open and Acknowledged alerts that have been updated within the last 7 Days are displayed on the Alerts page. To clear the query, click the close X icon.

  2. Click the Advance Query mode icon to switch to the Advance query mode.

  3. As soon as you start typing the attribute name in the Search box, the available attributes are displayed automatically.

  4. Select the attribute and the operator from the dynamically populated matching operator list and then type in (or select) a value.

  5. Select the logical operators, AND or OR

  6. Follow the steps mentioned above – select the attribute, operator and value to form an expression. You can add as many valid expressions as possible.

  7. Click the search icon or hit enter. The query result is displayed.

You can click the Basic Query mode icon to switch to the Basic Query mode.

Switch between Basic and Advanced Query modes at any time

  • You can switch between the Basic and the Advanced Query modes anytime without making any changes to the query.

For more information on the OpsQL Query Language and examples, click here

Alert filters

The following filters can be applied to alerts using Alerts 2.0:

Attribute NameDescription
Created TimeAlert created time. Select the date range.
Updated TimeAlert updated time. Select the date range.
ResourcesSearch for the resources.
Note: Also available as an inline filter.
Entity TypeFilter alerts by entity type:
  • Resource
  • Integration
  • Service
  • Client
MetricsFilter alerts by metric name.
Note: Also available as an inline filter.
Resource TypesFilter alerts by resource type.
Alert TypesFilter alerts by alert type:
  • Agent
  • Obsolete
  • Scheduled Maintenance
  • Forecast
  • Change Detection
  • Prediction
  • Maintenance
  • Monitoring
PrioritiesFilter alerts by priority, where P0 is the highest priority and P5 is the lowest priority.
Current StatesFilter alerts by their current state:
  • Critical
  • Warning
  • Ok
  • Info
  • Observed
StatusFilter alerts by their current status:
  • Acknowledged
  • Ticketed
  • Closed
  • Suppressed
  • Open
  • Correlated

Inline filter

The Inline filter allows users to add the value of a cell as an additional filter. In the following example, clicking the filter icon filters the results of the table, where the metric is CPU.

Alerts Inline Filter Icon

Correlated and Inference Alert Icons

You can identify Correlated and Inference alerts by icons in the Alerts 2.0 page. To identify the correlated and inference alerts, hover over the icon next to the Alert ID, on the Alerts 2.0 page.

Alerts Icon
Alerts Icon

De-Correlate Alerts

You can de-correlate a single or multiple correlated alerts from the ALerts 2.0 page.

To de-correlate an alert:

  1. In the Alerts 2.0 page, select a single or multiple correlated alerts that you want to de-correlate.
De-Correlate Alert
  1. Click Actions.

  2. Select De-Correlate from the drop-down list.

De-Correlate Alert
  1. The DE-CORRELATE ALERTS slide-out page is displayed.

  2. Enter the comments and click DE-CORRELATE.
    The correlated alert is de-correlated.

    De-Correlate Alert

My Alerts Views

To navigate to the My Alerts Views slide-out:

  1. Click the hamburger menu icon at the upper-left corner of the Alerts page, to view the My Alerts Views slide-out.

You can perform the following actions from the My Alerts Views slide-out:

Save a View

Once you execute a query, you can save the query results as a view.

To save a view:

  1. Click the hamburger menu icon at the upper-left corner of the Alerts page.

  2. From the slide-out, click the + icon. The SAVE VIEW popup is displayed.

  3. Enter a name for the view and click ADD.

  4. The view is saved and displayed in the slide-out.

  • Use the up/down arrow icons to hide/show the views in the slide-out.
  • The Save and Restore icons appear after you create a view.

Set Favorite

To mark a view as favorite:

  1. Search for the view using the search icon.

  2. Hover over the view name on the slide-out.

  3. Click the star icon. The view is added as favorite and appears under the FAVORITE category. The blue colored star icon indicates that the view is added as favorite. If you want to unfavorite the view, click the blue colored star against the view. The view is removed from the Favorite category.

You can perform the following other actions on the saved view:

Restore

The Restore option reverts to the previous query.

Once you have made changes to a specific query, which is already saved as a view:

  1. Hover over the view name on the slide-out.
  2. Click the actions menu. The VIEW OPTIONS popup is displayed.
  3. Click the Restore option. The previous query automatically appears in the Search box.
    Note: You must not save the changes you made to the query for the view. Otherwise, the query will not be reverted.

Rename

The Rename option allows you to rename the name of the view.

To rename a view:

  1. Hover over the view name on the slide-out.
  2. Click the actions menu. The VIEW OPTIONS popup is displayed.
  3. Click the Rename option. The RENAME VIEW popup is displayed.
  4. Enter a new name for the view in the Name box and click SAVE. The view is renamed.

Copy

The Copy option allows you to create a copy of a view.

To create a copy of a view:

  1. Hover over the view name on the slide-out.
  2. Click the actions menu. The VIEW OPTIONS popup is displayed.
  3. Click the Copy option. The COPY VIEW popup is displayed.
  4. Enter a name for the view in the Name box and click SAVE. The view is copied and is displayed in the slide-out.

Set Default View

The Set Default View option allows you to set a view as a default view for the current user.

To set a view as a default:

  1. Hover over the view name on the slide-out.

  2. Click the actions menu. The VIEW OPTIONS popup is displayed.

  3. Click the Set Default View option. The Set Default View dialog box is displayed.

  4. Turn on the My Default View option.

  5. Click the SET DEFAULT button.

  6. Refresh the browser. You can see that the view is set as default for the current user.

  7. To set the default view for other users, share the view and make it default for the user you want to set as default.

Share

The Share option allows you to share an alert view to a particular partner or client role. Select the Partner Roles and Client Roles from the Share View - View Name window and click Share.

To share a view:

  1. Hover over the view name on the slide-out.

  2. Click the actions menu. The VIEW OPTIONS popup is displayed.

  3. Click the Share option. The Share View dialog box is displayed.

  4. Select a role from the drop-down list.

  5. Click SHARE. The view is shared.

Notes:

  • The view will be available to the users with the assigned roles.
  • If you are logged in as a Partner, you can share the alert view to both partners and clients.
  • If you are logged in as a Client, you can share the alert view only to the clients.
  • The views can be shared to more than one role.
  • A user who has selected a default view can also assign it as a default to other users. To do so, the user has to share the view using the View - Share option.

Remove

The Remove option allows you to remove a view.

To remove a view:

  1. Hover over the view name on the slide-out.
  2. Click the actions menu. The VIEW OPTIONS popup is displayed.
  3. Click the Remove option. A confirmation dialog box is displayed.
  4. Click REMOVE. The view is removed.

Alerts Details page

The new Alerts details page provides a comprehensive view of the alerts that are generated.

The Alerts Details page allows you to:

  • View information about an alert.
  • Perform various actions like create an incident, attach an incident, view alert history, view resource alerts.

To access the Alerts Details page:

  1. Click Command Center > Alerts. The Alerts listing page is displayed.

    Alert query page
  2. Click the Alert ID for which you want to view details. The alerts slide-out is displayed which has the summary of the alert.

  3. Click View details.

    Alerts details page

Following is the information that is displayed on the Alerts details page and the actions you can perform:

InformationAction/Description
Repeat CountCount of the number of duplicate alerts generated by the resource.
Click the repeat count link. This shows the list of alerts in a popover.
Ticket - Create or AttachClick the Create/Attach link to either create a new incident or attach an existing incident to the alert.
  • To create an incident, click Create , enter the information required and click the Create button.
  • To attach an incident, click Attach. Select the incident from the Attach to Alert window and click the Attach button. You can also change the query to search for an incident.
First Alert TimeThe time when the first alert was generated.
Elapsed TimeThe time from when the first alert was generated till the current time.
InferenceClicking the link opens up a tab that shows the inference alerts listing page.
CorrelatedClicking the link opens up a tab that shows the correlated alerts listing page.
Alert HistoryThe alert occurrence over a period of time. By default, it shows the occurrence of the alert for the past 7 days and the next 7 days.
  • Hover over the bubble chart to view the number of alerts with their states. Click on a bubble to view the list of alerts.
  • You can change the time period to 15 or 30 days by clicking the This Alert +/- 7 Days link.
A graph is shown for the metric, for the same time range, based on the component. Hover over the graph to view the metric value and the time.

Alert logs: View the alert logs, if available.
Knowledge BaseClick the Knowledge Base tab to view the list of KB articles.
ActionsYou can perform the following actions from the Actions dropdown:
  • Escalation Policy: Shows all the related escalation policies.
  • Acknowledge: Acknowledge the alert
  • Suppress: Suppress the alert
  • Create Incident: Create an incident
  • Update Incident: Update the incident
  • Run Process: Run a process
  • Heal: Heal the alert
  • Close: Close the alert
Remote consoles and Run Command iconsYou can launch Remote consoles and Run Command to troubleshoot on the devices directly from the Alerts details page.
Topology iconIt will navigate to the topology map, which shows all the connected devices.

Examples

The following are example illustrations for each alerts:

Log Alert Visualization with Inputs

The subsequent section provides a visual representation of log alerts along with their corresponding inputs. The log time range is prominently displayed, and by clicking it, you are seamlessly navigated to the logs page.

In contrast to the previous version where only the metric graph was visible, the updated visualization now includes a logarithmic graph. Moreover, the definition name is now presented as LOG.

Filter: alertType = LOG

Alerts details page

Change Detection Alert Visualization with Inputs

For lower, upper, and average values, you’ll see the alert definition name if created through an alert definition, and the template name if created from a template.

By clicking on the Definitions page within the details section, you will be redirected to the Alerts page.

Filter: alertType = Change_Detection

Alerts details page

Monitoring Alerts Visualization with Inputs

Upon the generation of an alert from an alert definition, the alert definition name will be visibly presented. In cases where the alert is created from a template, the monitoring template name will be displayed.

Note: Alerts generated from the Alert Definition are produced using PromQL.

Filter: alertType = Monitoring

Alerts details page

Integration Alerts Visualization with Inputs

When object type is equal to integrations, only integration data is present; no resource data is included. The name of the integration data is specified.

Filter: Object Type = Integration

Alerts details page

Infrastructure Search