Support

Alerts overview

The Alerts overview provides a centralized view of historical and current alerts.

The dashboard supports alert prioritization through timelines, status indicators, and contextual details, with options to filter results and drill down for troubleshooting.

Accessing the Alerts overview page

To access the Alerts overview page:

  1. Select Alerts and Diagnostics from the main menu.

  2. Click on Alerts overview in the navigation panel.

Exploring the Alerts overview dashboard

From the Alerts and Diagnostics > Alerts overview page:

  1. Select a default timeframe from the top-right corner, such as Past 72 hours, to see all Open alerts for the selected time period, regardless of when the alerts were triggered.

    • To see only alerts triggered within a specific time period, set a custom timeframe.

  2. Hover over the Alerts triggered timeline to identify those periods when the system triggered more alerts.

    • Check the gauges summarizing triggered alerts with Open status and/or Critical priority, compared to the total number of alerts for the selected timeframe.

    • Zoom in directly on the timeline to change the chart granularity and update the Alerts table with only the Alerts triggered within that specific time period.

  3. Consult the Alerts table for the selected timeframe.

    • Apply filters to sort content by tags or alert names.

  4. After selecting an alert from the table:

Obtaining binary descriptions directly from the Alerts overview dashboard

From the Alerts table or the Alert details in the right-side panel, hover over the binary name on any alert to obtain an AI-generated description.

These binary descriptions attempt to attribute a category and subcategory to the binary, providing additional context related to functionality.

Binary alerts are triggered by monitors that track binaries grouped with their associated subprocesses. As a result, binary-related insights include all subprocesses.

Default timeframe options, such as Past 72 hours, show all Open alerts for the selected time period.

Custom timeframes and timeline zoom-ins only show alerts triggered within the specific timeframe.

Zooming in on the timeline for specific triggered alerts

From the Alerts and Diagnostics > Alerts overview page, on the Alerts triggered timeline:

  1. Select a timeframe with at least Past 24h time granularity.

  2. Click and drag over the timeline section of interest to show only alerts triggered within that timeframe.

    • Use your browser's back button to return to the previous timeframe selection.

When the system performs the time aggregation, occurrences of the same alert are grouped and counted as one, as long as they occurred in the same aggregate time bucket.

Alerts zoom ins.

Filtering alerts

To filter alerts, you have the following options:

  1. Use the interactive filter dropdowns at the top of the page: Priority, Status, Entity and Tags.

  2. Click on any of the tags in the Alerts table.

  3. Optionally, temporarily filter alerts by searching for the Alert name and/or alert context using the table search input field.

Clear filters all at once, or individually by using each filter dropdown at the top of the page.

Filtering alerts.

Consulting the Alerts table

The Alerts table page allows you to check Closed and currently Open alerts for the selected timeframe. By default, the table shows alerts that were open for at least 1 minute within the selected timeframe.

From the Alerts table on the Alerts and Diagnostics > Alerts overview page, you have the following options:

  • Sort alerts by clicking on the column headers.

  • Search for alerts by name, using the search bar in the top-right corner of the table.

  • Consult the alert information displayed in the table:

    • Priority: See the alert priority. Define the priority on the monitor configuration page.

    • Current status: See if the alert is open or closed. Closed alerts contain the time when the alert was closed.

    • Alert: View the name of the monitor that triggered the alert with information about the issue context, if it exists.

      • In case of binary-related monitors, hover over the binary name for ✦ AI-generated context.

    • Last trigger: View the last time a monitor triggered the alert.

    • Impact: View the number of devices impacted since the last time the alert was triggered. This figure is available for device-based monitors and all library monitors.

    • Tags: Add tags on the monitor configuration page and the Alerts management page.

Analyzing Alert details using the right-side panel

From the Alerts table on the Alerts and Diagnostics > Alerts overview page, select an individual row to see Alert details in the right-side panel.

The system displays the following information for all alerts in the right-side panel:

  • Alert name with context and a description of the main condition to trigger an alert.

  • Action menu with Investigations drill-downs and Edit monitor button.

  • Alerts impact analysis (AI-based)

Context-sensitive Alert details depending on the monitor use case

The following use cases exemplify the differences in the information displayed in the Alerts details right-side panel according to the specifics of the alert:

Use case 1: The monitor detects global issues

The Cloud insights label next to the monitor name in the Alerts table makes it easy to identify alerts related to global issues.

In this use case, the Alert details right-side panel displays the following additional information:

  • Number of alerts triggered in the selected period.

  • Binary insight detailed description and recommendation, if available. Learn more about the detection and generation of binary-related insights.

  • Last trigger details with breached thresholds.

  • Breakdown of the number of Impacted devices per Entity.

Easily identify global issues with the Cloud insights label next to the monitor name.

Binary alerts are triggered by monitors that track binaries grouped with their associated subprocesses. As a result, binary-related insights include all subprocesses.

Use case 2: The monitor detects issues for many devices

In this use case, the Alert details right-side panel displays the following additional information:

  • Diagnose button to access Diagnostics for alerted issues dashboard.

  • Number of alerts triggered in the selected period.

  • Last trigger details with breached thresholds.

  • Breakdown of the number of Impacted devices per Entity.

Use case 2: The monitor detects issues for many devices
Use case 3: The monitor detects issues for an individual device or user

In this use case, the Alert details right-side displays the following additional information:

  • Timeline with individual alerts triggered for Impacted devices or users.

  • Breakdown of Impacted devices per Entity if the alert was triggered per device.

  • Breakdown of impacted user per Department and Office if the alert was triggered per user.

The alerting system continues to evaluate the issue from when the alert is triggered until it is recovered. Hence, the total number of impacted devices can increase during the alert duration.

Use case 3: The monitor detects issues for an individual device or user

Use case 4: The monitor detects issues for virtual desktops (VDI)

Using built-in Nexthink Library VDI monitors for Alerts requires Nexthink VDI experience.

In this use case, the Alert details right-side displays the following additional information:

  • Diagnose button to access Diagnostics dashboard for real-time troubleshooting by displaying granular metrics and context for the alerted issue.

  • Number of alerts triggered in the selected period.

  • Last trigger details with breached thresholds.

  • Breakdown of the number of Impacted users per Department and Office.

Selecting the View VDI sessions option from the action menu allows you to open a Session overview page with predefined context-specific filters.

Alerts impact analysis

View the AI-powered analysis on the Alert impact analysis section from the Alerts right-side panel on the Alerts and Diagnostics > Alerts overview page. See the image below.

The analysis considers various factors, such as the context of the alert, the number of affected devices and entities (and/or user sessions, in case of VDI alerts), the details of the alert trigger, and the monitored metrics and thresholds breached.

The Alert impact analysis lets you prioritize issues and take swift action on those that are most critical.

The system displays the ✦ sparkles icon to indicate AI-generated content or insights. AI is evolving rapidly and delivering great insights, but it can still make mistakes. Nexthink recommends validating your results to ensure accuracy and support informed decision-making. Refer to the Nexthink Insights - AI Model Card documentation for more information.

Alerts Impact analysis in Alerts details right-side panel.

FAQs about AI-powered Alert impact analysis

How does the Alert impact analysis feature leverage Artificial Intelligence ("AI")?

Alert impact analysis leverages an LLM model to help better assess and categorize the issue's impact by understanding the alert's details and its meaning for its effect on the employee's productivity, business, and IT operations.

The LLM evaluates the impact of an alert issue using the following information:

  • Alert name, for example, Application errors increase.

  • Details of the triggered alert, as displayed in the Alerts overview, such as the application name, for example, Salesforce, without including Personal Data.

  • Monitored conditions with thresholds.

  • Details of the alert like the number of recent triggers, current status, and level of breached conditions.

  • Number of devices impacted by the issue with listed entities.

The following evaluation guidelines are part of the rules given to LLM:

  • Assess the application importance. Give higher impact to applications that are important for the business.

  • The alert has higher importance if it impacts a larger number of devices.

  • Give a higher impact to issues that directly affect employees.

The impact assessment is categorized into one of three levels based on this evaluation:

  • SIGNIFICANT

  • MODERATE

  • MINIMAL

Users cannot interact with the feature to change the evaluation criteria or input additional information.

The impact analysis serves as a recommendation to help evaluate the significance of the alert. Hence, please review and gather accurate information as required, considering that AI generates this assessment. Refer to the Nexthink Insights - AI Model Card documentation for more information.

Does LLM process Personal Data or any type of sensitive information?

The Alert impact analysis aims to assess the impact of the issue across the digital workplace, rather than focusing on individual devices. Therefore, no GenAI components send any Personal Data or device-level information to LLM. Please note that the payload context of the alert never contains Personal Data, as any Personal Data information is stored separately and is not an input to the Alerts impact assessment. The contextual information of the issue contains only information about the number of devices impacted without listing any details.

Refer to the Nexthink Insights - AI Model Card documentation for more information.

Action menu for additional alert context

Hover over an alert on the Alerts table and select the action menu or click on the action menu on the alert preview.

Action menu for additional alert context in the Alerts Overview dashboard.

Available actions differ depending on the type of monitor:

  • Open binary profiling: Open the Binary profiling dashboard, which displays details related to the binary for which the alert was triggered. Assess the stability, resource consumption and risk of any unexpected problems specific to that binary configuration.

  • View VDI session: open the desktop virtualization sessions overview dashboard to check metrics and per-session trends for all VDI sessions to identify issue patterns.

  • Diagnose: Troubleshoot the issue on the Diagnostics page. This option is available for monitors that evaluate the metric across many devices.

  • Retrieve all Impacted devices: Open the Investigations page with a list of devices that are associated with a given alert.

  • Retrieve all Impacted users: Open the Investigations page with a list of users associated with a given alert.

  • Retrieve all Impactful events: Open the Investigations page with query results of events that led to the last alert trigger.

  • Drill down to Alerts events: Open the Investigations page with a list of alert events triggered within a given context.

  • Edit monitor: View and edit the configuration of the monitor for an alert.

Understanding Impacted devices by alerts

The alerting service determines which devices are impacted by an alert. The impacted devices column of the Alerts table shows this information. The following monitors have an impact on devices:

Monitor
Impacted devices

Built-in monitor with metric change detection that tracks changes with a baseline

All devices with a monitored metric value above or below the threshold for which the alert was triggered at the time the alert had an open status

Built-in monitor with static threshold detection that triggers an alert when the metric is above or below the custom-defined threshold

Devices with at least one monitored event at the time the alert was open

Built-in global detection monitor

Devices that were using the binary with the configuration identified in the binary insights during the last 7 days

Custom monitor with a static threshold detection that monitors metrics per device

Devices for which the alert was triggered

Custom monitor with a static threshold detection that monitors the number of devices with issues

Devices returned by a monitor query at the time the alert was open

Custom monitor with static threshold detection that monitors the count or sum of an event metric

Devices with at least 1 monitored event at the time the alert was open

Custom monitor with static threshold detection that monitors the ratio or average computation of an event metric.

Devices with a monitored metric value above or below the defined threshold at the time the alert was open

Query impacted devices for metric monitors using the alert.impacts NQL table. Refer to the NQL data model documentation for more information.

In some rare cases, the system is not able to determine the devices impacted by an issue.

RELATED TOPICS

Last updated

Was this helpful?