Getting started with Alerts
Alerts are critical enablers in the proactive journey of IT support teams. They allow teams to detect issues and help them prioritize their efforts to improve the digital employee experience (DEX).

How can alerts help you detect and diagnose issues?
Nexthink Alerts notifies you about issues that require swift action by filtering the noise so you can identify situations that require actual user intervention.
Use alerts to identify situations where something has unexpectedly changed or occurred.
Detecting global issues impacting your environment
Detect issues Nexthink identifies based on the cross-organization statistics that impact your environment with Alerts cloud insights:
Learn about binary reliability and performance, and detect anomalies such as abnormal CPU usage.
Quickly identify impacted binary versions and find the recommended version.
Detecting issues impacting single or multiple devices/users
Proactively monitor issues according to your needs, whether at the device level, focusing on a single user or device, or addressing widespread incidents affecting multiple devices or sudden performance degradation.
Explore the Alerts FAQ to learn how to investigate devices associated with an existing alert, using NQL queries.
What is the difference between an alert and a monitor?
An alert is a special type of event triggered when specific conditions are met for the performance metrics of different features, such as system crashes, load times, or failed connections.
Triggered alerts are visualized in the timeline on the Alerts overview page.
Triggered alerts—if configured—activate emails or webhook notifications to communicate issues within your organization.
A monitor is a component of the Alerts and Diagnostics module that you configure to evaluate metrics against defined conditions and trigger alerts to identify specific issues.
Monitors can be custom-created or built-in (system monitors or installed from Nexthink Library).
Monitors enable anomaly detection capabilities for IT environments and allow you to notify users.
When to use alerts and when to use data exporters?
Use alerts to detect issues requiring immediate assistance or action. For other reports or events that do not need swift action, such as Report all devices with low disk space, use a data exporter.
Also, use data exporters to report on a large number of objects that meet specific condition criteria expressed with an NQL query, or if you expect a single monitor to trigger more than 500 alerts at the same time.
Additionally, use the data export scheduling option to export data regularly.
What types of alert detection modes are available?
Nexthink alerts detect critical issues based on the following detection modes:
Metric threshold triggers an alert when the value of one or more metrics reaches a user-defined threshold.
Metric change triggers when the current metric value differs from the rolling 7-day global average beyond the configured threshold.
Metric seasonal change triggers an alert when the current metric value falls outside its time-of-day baseline from the last seven days, based on the configured standard deviation band.
Global detection—only available for built-in monitors—triggers an alert when a specified number of devices use a particular binary version or binary configuration that performs worse than other versions or configurations across organizations.
How does the system trigger and close an alert?
Nexthink monitors trigger alerts using one of the following methods:
The Schedule trigger method—available for custom and built-in monitors—is used for periodic checks. The monitor evaluates the metric(s) in regular intervals defined by the configured schedule frequency.
The Events trigger method—restricted to built-in monitors—is used for real-time monitoring and instant issue detection. Depending on the configured monitor Query and conditions, the monitor evaluates how long a threshold must be breached to trigger an alert.
Setting an alert scheduling frequency, for example to 7 days, means the monitor evaluates the alert every 7 days, starting on the 1st of each month.
This may cause the system to trigger alerts sooner than expected, such as one alert on the 28th of a specific month, but triggered again on the 1st of the month after.
Regardless of the trigger method, the monitor determines whether to open a new alert, keep the current alert Open, or close it.
An alert stays open until metric values stabilize and a subsequent evaluation closes it.
The system sends a notification—if configured—when specific alerts are triggered or closed.
What built-in monitors are available in Nexthink?
Built-in monitors can be system monitors or monitors installed from Nexthink Library.
Library monitors
Nexthink offers a set of library monitors that you can manually install from the Nexthink Library. These preconfigured monitors track issues for specific use cases and solutions.
Go to the Nexthink Library module within your Nexthink instance to see all available library monitors. Nexthink Library offers built-in monitors for virtual desktop infrastructure—VDI.
System monitors
System monitors continuously track your IT environment for the most common issues, like performance degradations of web applications, binaries, desktop applications, and devices.
You can use system monitors with the default settings or customize them as needed—with limitations.
The following system monitors are installed and activated by default:
Granting permissions for Alerts
To enable proper permissions for Alerts as an administrator:
Select Administration > Roles from the main navigation panel.
Create a New Role or edit an existing role by hovering over it.
In the Permissions section, scroll down to the Alerts section to enable appropriate permissions for the role.
View domain impact on Alerts permissions
The table below shows what users with full and limited view domain access can do, assuming the necessary permissions are enabled.
Manage all alerts
View all alert dashboards
RELATED TOPIC
Last updated
Was this helpful?