Alerts overview
Last updated
Last updated
The Alerts overview page contains the following features:
Timeline of the history of alerts
Overview of currently open and resolved alerts
Prioritization of alerts to maximize the impact of support teams
Ability to drill down into contextual information to troubleshoot issues
Capability to search and filter alerts by monitor name and context of the alert
To access the Alerts overview page:
Select Alerts and Diagnostics from the main menu.
Click on Alerts overview in the navigation panel.
From the Alerts and Diagnostics > Alerts overview page:
Select a default timeframe from the top-right corner, such as Past 72 hours, to see all Open alerts for the selected time period, regardless of when the alerts were triggered.
To see only alerts triggered within a specific time period, set a custom timeframe.
Hover over the Alerts triggered timeline to identify those periods when the system triggered more alerts.
Check the gauges summarizing triggered alerts with Open status and/or Critical priority, compared to the total number of alerts for the selected timeframe.
Zoom in directly on the timeline to change the chart granularity and update the Alerts table with only the Alerts triggered within that specific time period.
Consult the Alerts table for the selected timeframe.
Apply filters to sort content by tags or alert names.
After selecting an alert from the table, use the right-side panel for Alert details and analysis.
Default timeframe options, such as Past 72 hours, show all Open alerts for the selected time period.
Custom timeframes and timeline zoom-ins only show alerts triggered within the specific timeframe.
From the Alerts table or the Alert details in the right-side panel, hover over the binary name on any alert to obtain an AI-generated description.
These binary descriptions attempt to attribute a category and subcategory to the binary, providing additional context related to functionality.
From the Alerts and Diagnostics > Alerts overview page, on the Alerts triggered timeline:
Select a timeframe with at least Past 24h time granularity.
Click and drag over the timeline section of interest to show only alerts triggered within that timeframe.
Use your browser's back button to return to the previous timeframe selection.
When the system performs the time aggregation, occurrences of the same alert are grouped and counted as one, as long as they occurred in the same aggregate time bucket.
The Alerts table page allows you to check Closed and currently Open alerts for the selected timeframe. By default, the table shows alerts that were open for at least 1 minute within the selected timeframe.
From the Alerts table on the Alerts and Diagnostics > Alerts overview page, you have the following options:
Sort alerts by clicking on the column headers.
Search for alerts by name, using the search bar in the top-right corner of the table.
Consult the alert information displayed in the table:
Priority: See the alert priority. Define the priority on the monitor configuration page.
Current status: See if the alert is open or closed. Closed alerts contain the time when the alert was closed.
Alert: View the name of the monitor that triggered the alert with information about the issue context, if it exists.
Last trigger: View the last time a monitor triggered the alert.
Impact: View the number of devices impacted since the last time the alert was triggered. This figure is available for device-based monitors and all library monitors.
Refer to the Impacted devices section on this page for more information.
Tags: Add tags on the monitor configuration page and the Alerts management page.
To filter alerts, you have the following options:
Use the interactive filter dropdowns at the top of the page: Priority, Status, Entity and Tags.
Click on any of the tags in the Alerts table.
Optionally, temporarily filter alerts by searching for the Alert name and/or alert context using the table search input field.
Clear filters all at once, or individually by using each filter dropdown at the top of the page.
From the Alerts table on the Alerts and Diagnostics > Alerts overview page, select an individual row to see Alert details in the right-side panel.
The system displays the following information for all alerts in the right-side panel:
Alert name with context and a description of the main condition to trigger an alert.
Action menu with Investigations drill-downs and Edit monitor button.
However, the following use cases exemplify the differences in the information displayed in the right-side panel according to the specifics of the alert:
In this use case, the Alerts right-side panel displays the following additional information:
Number of alerts triggered in the selected period.
Binary insight detailed description and recommendation, if available
Last trigger details with breached thresholds.
Breakdown of the number of Impacted devices per Entity.
Easily identify global issues with the Cloud insights label next to the monitor name.
Use case 2: The monitor detects issues for many devices
In this use case, the Alerts right-side panel displays the following additional information:
Diagnose button to access Diagnostics for alerted issues dashboard.
Number of alerts triggered in the selected period.
Last trigger details with breached thresholds.
Breakdown of the number of Impacted devices per Entity.
In this use case, the Alerts right-side panel displays the following additional information:
Timeline with individual alerts triggered for Impacted devices or users.
Breakdown of Impacted devices per Entity if the alert was triggered per device.
Breakdown of impacted user per Department and Office if the alert was triggered per user.
The alerting system continues to evaluate the issue from when the alert is triggered until it is recovered. Hence, the total number of impacted devices can increase during the alert duration.
View the AI-based analysis on the Alert impact analysis section from the Alerts right-side panel on the Alerts and Diagnostics > Alerts overview page.
The analysis considers various factors, such as the context of the alert, the number of affected devices and entities, the details of the alert triggered, and the monitored metrics and thresholds breached.
The Alert impact analysis lets you prioritize issues and take swift action on those that are most critical.
Nexthink Alerts Impact analysis is currently in Beta and is continually improving. As it evolves, it may occasionally provide information that requires verification. Nexthink recommends confirming your results to ensure accuracy while using Nexthink Alerts Impact analysis.
Hover over an alert on the alerts table and select the action menu or click on the action menu on the alert preview.
Available actions differ depending on the type of monitor:
Open binary profiling: Open the Binary profiling dashboard, which displays details related to the binary for which the alert was triggered. Assess the stability, resource consumption and risk of any unexpected problems specific to that binary configuration.
Refer to the Binary profiling documentation for more information.
Diagnose: Troubleshoot the issue on the Diagnostics page. This option is available for monitors that evaluate the metric across many devices.
Refer to the Diagnostics for alerted issues documentation for more information.
Drill down to Impacted devices: Open the Investigations page that contains a list of devices that are associated with a given alert.
Drill down to devices/users with alerts: This action is only available for monitors that trigger alerts per device or user. It opens the Investigations page that contains a list of devices or users for which the system has triggered alerts in the selected timeframe.
Drill down to Impactful events: Open the Investigations page that contains query results of events that led to the last trigger of an alert.
Drill down to Alerts events: Open the Investigations page that contains a list of alert events triggered within a given context.
Edit monitor: View and edit the configuration of the monitor for an alert.
The alerting service determines which devices are impacted by an alert. The impacted devices column of the Alerts table shows this information. The following monitors have an impact on devices:
Monitor | Impacted devices |
---|---|
Built-in monitor with metric change detection that tracks changes with a baseline | All devices with a monitored metric value above the threshold for which the alert was triggered at the time the alert had an open status |
Built-in monitor with static threshold detection that triggers an alert when the metric is above the custom-defined threshold | Devices with at least one monitored event at the time the alert was open |
Built-in global detection monitor | Devices that were using the binary with the configuration identified in the binary insights during the last 7 days |
Custom monitor with a static threshold detection that monitors metrics per device | Devices for which the alert was triggered |
Custom monitor with a static threshold detection that monitors the number of devices with issues | Devices returned by a monitor query at the time the alert was open |
Custom monitor with static threshold detection that monitors the count or sum of an event metric | Devices with at least 1 monitored event at the time the alert was open |
Custom monitor with static threshold detection that monitors the ratio or average computation of an event metric. | Devices with a monitored metric value above the defined threshold at the time the alert was open |
Query impacted devices for metric monitors using the alert.impacts
NQL table. Refer to the NQL data model documentation for more information.
In some rare cases, the system is not able to determine the devices impacted by an issue.
RELATED TOPICS