# Diagnostics for alerted issues The Diagnostics dashboard streamlines the process of resolving issues that are impacting multiple devices. View alert information and underlying events to understand why the system triggered the alert, and how to troubleshoot the issue. ## Monitors supported by the Diagnostics dashboard The primary objective of the Diagnostics dashboard is to efficiently address issues affecting multiple devices. As such, it is not available for alerts triggered for an individual device or an individual user. The Diagnostics dashboard currently supports the following monitors: * Built-in monitors with metric change detection * Built-in monitors with event metric threshold detection. * [VDI monitors installed from the library ](https://docs.nexthink.com/platform/user-guide/getting-started-with-alerts#monitors-for-virtual-desktop-infrastructure-vdi)use real-time events to trigger virtual desktop infrastructure environments. * Custom monitors that track aggregated event metrics * Custom monitors that track the summarized number of devices with issues based on an event metric. {% hint style="warning" %} The system does not generate a diagnostics view if the first metric in the trigger condition is an object count, such as `device.count()`. To enable diagnostics, the monitor must rely on an event metric or a computation derived from it. {% endhint %} {% hint style="info" %} For some rare custom monitors, the system may not yet be able to generate a troubleshooting dashboard. Nexthink will continue to improve dashboards for custom monitors in coming releases. {% endhint %} ## Diagnostics dashboard scope ### Metric The content on the dashboard changes dynamically depending on the alerted issue and whether the monitor type is *metric change* or *metric threshold*. Additionally: * For custom monitors that evaluate more than one metric, the system only shows the metric that is used as the first aggregated metric in the monitor conditions. * For custom monitors that track the summarized number of devices with issues based on an event metric, the system selects the event metric by analyzing the monitor query. ### Timeframe The system preselects the timeframe based on the triggered alert. You cannot change this timeframe. ### Monitor query filters All filters applied in the monitor NQL query that are relevant for the monitored event metric are reflected in the Diagnostics dashboard. * A simple filter with a single value that includes data available in dashboard breakdowns is visible in the filter area. Remove the filter or apply it by clicking on the items in the breakdown charts.
Alerts filter.png
* A complex filter that can include multiple values for many properties is not directly visible in the filter area. You cannot remove this filter. ## Dashboard Summary At the top of a **Diagnostics** page of an alerted issue you can find the monitor name, the context for which the alert was triggered and the main condition that the system is monitoring.
DiagnosticsforAlertedIssues-1703854015.png
### Devices impacted during the last alert You may also consult the number of impacted devices during the last alert in the top-right corner of the page. Consider the following: * The KPIs only show the number of devices impacted during the last alert. * The system regularly updates impacted devices until the alert is recovered. Refer to the 'Understanding Impacted devices' section in the [Alerts overview](https://docs.nexthink.com/platform/user-guide/alerts-and-diagnostics/responding-to-alerts/alerts-overview) documentation. To open the list of impacted devices: 1. Hover over the gauge to reveal the action menu. 2. Select **Drill down to devices** to open the Investigations page with the impacted devices' results.
DiagnosticsforAlertedIssues-1703845820.png
## Alert timeline View the timeline of the alert and the monitored metric. The monitor provides the values in the timeline, and the metric value aggregation corresponds to the monitor’s NQL query. ### Alert timeline for Metric change monitors In the case of alerts triggered by changes in the monitored metric, i.e. **Metric change** and **Metric seasonal change** monitors, to see the timeline values: * The metric line, in blue, represents the current metric over time (e.g., CPU usage). * The **Baseline** line is the historical mean: * Global 7-day average for **Metric change**. * Time-of-day mean, from the last 7 days, for **Metric seasonal change**. * Trigger boundary line: * For **Metric change,** the red **Threshold** line derives from the **Baseline** and the monitor-configured threshold. * **Metric seasonal change**, the **Threshold** line is computed from the **Baseline**, based on the monitor configured sensitivity, which is a proportion of the standard deviation (σ): * **slightly** = one standard deviation (±1σ) * **moderately** = two times the standard deviation (±2σ) * **highly** = three times the standard deviation (±3σ) {% hint style="info" %} Refer to the [Alerts FAQs](https://docs.nexthink.com/platform/user-guide/alerts-faq#how-does-the-system-compute-the-baseline-for-the-detection-methods-metric-change-and-metric-seasonal) documentation to learn how the system computes the baseline. {% endhint %}
### Alert timeline for Metric threshold monitors In the case of alerts triggered by breaches in a custom-defined static threshold, i.e. Metric threshold monitors, to see the timeline values: * Hover over the line chart to reveal the last monitored metric value KPI. If the metric is a ratio, the timeline displays the numerator of that ratio.
DiagnosticsforAlertedIssues-1703857095.png
### Alert timeline drill-downs You can delve into the monitor’s NQL queries populating the alert timeline: 1. Hover over the KPI above the timeline to reveal the action menu. The **Drill down to** options vary depending on the alert issue or monitor. 2. Select the desired drill-down option to open the Investigations page with the results of the NQL query.
DiagnosticsforAlertedIssues-1703858593.png
## Object-count timeline The bar chart below the alert timeline displays the device or user count based on the monitor's metric configuration. If the metric is a ratio, the timeline shows the numerator of that ratio: * Hover over the bar chart to reveal the object-count value.
DiagnosticsforAlertedIssues-1703858681.png
## Breakdowns The breakdown tables enable detailed scoping of the analyzed issue. Use breakdowns to filter the page and focus on the specific employee population or technical criteria.
DiagnosticsforAlertedIssues-1703859760.png
* Filter results by **Technical** criteria such as the: * Operating system * Platform * Device model * Virtualization type * **Organization**: Filter results by entity and organizational hierarchy. * **Location**: Filter results by geolocation hierarchy. You must enable the geolocation feature first on the Product configuration page. Refer to the [Product configuration](https://docs.nexthink.com/platform/user-guide/administration/system-configuration/product-configuration) documentation for more information. *** RELATED TOPICS * [Getting started with Alerts](https://docs.nexthink.com/platform/user-guide/alerts-and-diagnostics/getting-started-with-alerts) * [Managing Alerts](https://docs.nexthink.com/platform/user-guide/alerts-and-diagnostics/managing-alerts) * [Product configuration](https://docs.nexthink.com/platform/user-guide/administration/system-configuration/product-configuration)