Alerts provide a comprehensive overview of your alert management system. Powered by OpsQL, you can query, interpret, and act on the alerts.

With Alerts, you can do the following:

  • Search for queries using OpsQL, save, and share the views.
  • View a summary of the specific alert in a slide-out panel for quick reference.
  • Perform actions on the alert from the slide-out panel.
  • Perform bulk actions on multiple alerts.
  • Select a refresh duration from 1 minute to 24 hours.

Alert filters

The following filters can be applied to alerts using Alerts:

Attribute NameDescription
Created TimeAlert created time. Select the date range.
Updated TimeAlert updated time. Select the date range.
ResourcesSearch for the resources.
Note: Also available as an inline filter.
Entity TypeFilter alerts by entity type:
  • Resource
  • Integration
  • Service
  • Client
MetricsFilter alerts by metric name.
Note: Also available as an inline filter.
Resources TypesFilter alerts by resource type.
Alerts TypesFilter alerts by alert type:
  • Agent
  • Obsolete
  • Scheduled Maintenance
  • Forecast
  • Change Detection
  • Prediction
  • Maintenance
  • Monitoring
PrioritiesFilter alerts by priority, where P0 is the highest priority and P5 is the lowest priority.
Current StatesFilter alerts by their current state:
  • Critical
  • Warning
  • Ok
  • Info
  • Observed
StatusFilter alerts by their current status:
  • Acknowledged
  • Ticketed
  • Closed
  • Suppressed
  • Open
  • Correlated

Inline filter

The Inline filter allows users to add the value of a cell as an additional filter. In the following example, clicking the filter icon filters the results of the table, where the metric is cpu.

Alerts Inline Filter Icon

Alerts Column Settings

You can add or remove a column in the alerts listing page.

Follow these steps to add or remove a column:

  1. Click the Settings icon on the Alerts listing page.

  2. Select a check box to add a column. Clear a check box to remove a column.

  3. Click Update. The Alerts listing page is updated accordingly.

Alerts Slide-Out

You can view the summary of an alert on the Alerts Slide-Out.

To view the Alerts slide-out:

  1. Click the Alert ID on the Alerts listing page.
    By default, the open and acknowledged alerts for the last seven days are displayed.
    To learn how to build queries, click here.

The alerts slide-out has the following information:

  • The current Alert status, alert state and Alert ID information is displayed along with the alert subject.
  • The First alert time and Last alert time information
  • Total occurrence (repeat count) of the alert, Inference, Correlated (The Inference information appears if it is a correlated alert. The Correlated information appears if it is an inference alert. Click the respective links to get the details.)
  • Information like Alert Type, Resource, Metric, Component, Client, Alert Description, Resource Type.
  • Last Comment information
  • Show More: Click Show More or Full Details to view full alert details.
  • ACTIONS: Use the ACTIONS button to perform the following actions on an alert:
    • Acknowledge
    • Suppress
    • Run Process
    • Heal
    • Create Incident

How to build queries

Build queries using the basic and advanced query modes. The query modes have attributes, logical operators, and values that are dynamically populated. Select these parameters to form valid expressions and complete building the queries.

The following sections describe the steps that both the basic and advanced users should follow for building the queries:

Basic users - See for Basic Users section.

Power users - See for Power Users section.

For Basic Users

A beginner can start querying using the Basic Query mode. The Basic Query mode allows you to create a query without knowing the exact syntax.

To build a query:

  1. Click Command Center > Alerts. The ALERTS query page is displayed.

  2. By default, the Open and Acknowledged alerts that have been updated within the last 7 Days are displayed. To clear the query, click the close X icon.

  3. To start building a query, click +QUERY. The ATTRIBUTES list is populated.

  4. Select an attribute and then select an operator from the OPERATORS drop-down that is dynamically populated.

  5. Select a value from the VALUES drop-down. The values are populated based on the selected attribute and operator. The query result is displayed.

  6. Click + to add another expression.

  7. The AND logical operator is selected by default. Click and select the desired operator.

  8. Follow the steps mentioned above to form another expression – attribute, operator and value.

The query result is displayed.

The following additional actions can be performed:

  • To create a new tab, click +.

  • To delete a query, click X.

  • Click REFRESH to refresh the query result list. You can set the refresh duration from 1 Minute to 24 Hours. The default is set to 15 Minutes. Click Off if you do not want to refresh the query result list.

For Power Users

As a power user you can go ahead and use the Advance Query mode.

To start querying:

  1. Click Command Center > Alerts. The ALERTS query page is displayed.

    By default, the Open and Acknowledged alerts that have been updated within the last 7 Days are displayed on the Alerts page. To clear the query, click the close X icon.

  2. Click the Advance Query mode icon to switch to the Advance query mode.

  3. As soon as you start typing the attribute name in the Search box, the available attributes are displayed automatically.

  4. Select the attribute and the operator from the dynamically populated matching operator list and then type in (or select) a value.

  5. Select the logical operators, AND or OR

  6. Follow the steps mentioned above – select the attribute, operator and value to form an expression. You can add as many valid expressions as possible.

  7. Click the search icon or hit enter. The query result is displayed.

You can click the Basic Query mode icon to switch to the Basic Query mode.

Switch between Basic and Advanced Query modes at any time

  • You can switch between the Basic and the Advanced Query modes anytime without making any changes to the query.

For more information on the OpsQL Query Language and examples, click here

Create a new view

  1. Go to Command Center > Alerts.
    Note

    • Alerts must be enabled for the current tenant, namely the tenant to which the current user belongs to.

  2. Click +.

  3. In the Search field, enter the OpsQL query. The results are displayed.
    By default, the Last 7 Days view is displayed on the Alerts page.

  4. Click the hamburger menu at the top leftmost screen.

  5. In the My Alerts Views side navigation, click +.

  6. In the Save View pop-up, enter the name of the view in the View Name field and click Add.
    The view is saved under the My Alerts Views list.

Alert view options

To see the view options, click the options menu next to the saved view. The following are displayed under the View Options menu:

OptionsDescription
SaveSaves an alert view. The following message appears after the view is saved: Successfully saved this view.
RestoreRestores an alert view.
RenameRenames an alert view. Enter the new name in the Rename View field and click Save.
CopyCopies an alert view. The following message appears after the view is copied: Copied a view!
A copy of the view appears under My Alerts Views.
Set FavoriteSets an alert view as the favorite. The favorite icon next to the view is highlighted in blue to indicate that it is a favorite view.
The view appears under the Favorite list.
Remove FavoriteRemoves an alert view as the favorite. This appears only if you select the Set Favorite option.
Set Default ViewSets an alert view as the default view. If you select this option, this view will open automatically when you visit the alert listing page.
In the Set Default View - View Name window that appears, select the My Default View toggle and click Set Default.
To set the same view as the default for other users, share the view from View Options, Share.
ShareShares an alert view.
Notes:
  • The view will be available to the users with the assigned roles.
  • A user who has selected a default view can also assign it as a default to other users. To do so, the user has to share the view using the View - Share option.
RemoveRemoves an alert view.

Correlated and Inference Alert Icons

You can identify Correlated and Inference alerts by icons in the Alerts 2.0 page. To identify the correlated and inference alerts, hover over the icon next to the Alert ID, on the Alerts 2.0 page.

Alerts Icon
Alerts Icon

De-Correlate Alerts

You can de-correlate a single or multiple correlated alerts from the ALerts 2.0 page.

To de-correlate an alert:

  1. In the Alerts 2.0 page, select a single or multiple correlated alerts that you want to de-correlate.
De-Correlate Alert

  1. Click Actions.

  2. Select De-Correlate from the drop-down list.

De-Correlate Alert

  1. The DE-CORRELATE ALERTS slide-out page is displayed.

  2. Enter the comments and click DE-CORRELATE.
    The correlated alert is de-correlated.

    De-Correlate Alert

My Alerts Views

To navigate to the My Alerts Views slide-out:

  1. Click the hamburger menu icon at the upper-left corner of the Alerts page, to view the My Alerts Views slide-out.

You can perform the following actions from the My Alerts Views slide-out:

Save a View

Once you execute a query, you can save the query results as a view.

To save a view:

  1. Click the hamburger menu icon at the upper-left corner of the Alerts page.

  2. From the slide-out, click the + icon. The SAVE VIEW popup is displayed.

  3. Enter a name for the view and click ADD.

  4. The view is saved and displayed in the slide-out.

  • Use the up/down arrow icons to hide/show the views in the slide-out.
  • The Save and Restore icons appear after you create a view.

Set Favorite

To mark a view as favorite:

  1. Search for the view using the search icon.

  2. Hover over the view name on the slide-out.

  3. Click the star icon. The view is added as favorite and appears under the FAVORITE category. The blue colored star icon indicates that the view is added as favorite. If you want to unfavorite the view, click the blue colored star against the view. The view is removed from the Favorite category.

You can perform the following other actions on the saved view:

Restore

The Restore option reverts to the previous query.

Once you have made changes to a specific query, which is already saved as a view:

  1. Hover over the view name on the slide-out.
  2. Click the actions menu. The VIEW OPTIONS popup is displayed.
  3. Click the Restore option. The previous query automatically appears in the Search box.
    Note: You must not save the changes you made to the query for the view. Otherwise, the query will not be reverted.

Rename

The Rename option allows you to rename the name of the view.

To rename a view:

  1. Hover over the view name on the slide-out.
  2. Click the actions menu. The VIEW OPTIONS popup is displayed.
  3. Click the Rename option. The RENAME VIEW popup is displayed.
  4. Enter a new name for the view in the Name box and click SAVE. The view is renamed.

Copy

The Copy option allows you to create a copy of a view.

To create a copy of a view:

  1. Hover over the view name on the slide-out.
  2. Click the actions menu. The VIEW OPTIONS popup is displayed.
  3. Click the Copy option. The COPY VIEW popup is displayed.
  4. Enter a name for the view in the Name box and click SAVE. The view is copied and is displayed in the slide-out.

Set Default View

The Set Default View option allows you to set a view as a default view for the current user.

To set a view as a default:

  1. Hover over the view name on the slide-out.

  2. Click the actions menu. The VIEW OPTIONS popup is displayed.

  3. Click the Set Default View option. The Set Default View dialog box is displayed.

  4. Turn on the My Default View option.

  5. Click the SET DEFAULT button.

  6. Refresh the browser. You can see that the view is set as default for the current user.

  7. To set the default view for other users, share the view and make it default for the user you want to set as default.

Share

The Share option allows you to share an alert view to the user with the specific role(s). Select the Client Role from the Share View - view Name window and click Share.

To share a view:

  1. Hover over the view name on the slide-out.

  2. Click the actions menu. The VIEW OPTIONS popup is displayed.

  3. Click the Share option. The Share View dialog box is displayed.

  4. Select a role from the drop-down list.

  5. Click SHARE. The view is shared.

Notes:

  • The view will be available to the users with the assigned roles.
  • The views can be shared to more than one role.
  • A user who has selected a default view can also assign it as a default to other users. To do so, the user has to share the view using the View - Share option.

Remove

The Remove option allows you to remove a view.

To remove a view:

  1. Hover over the view name on the slide-out.
  2. Click the actions menu. The VIEW OPTIONS popup is displayed.
  3. Click the Remove option. A confirmation dialog box is displayed.
  4. Click REMOVE. The view is removed.



OpsQL