Alerts overview

Accessing the Alerts overview page

To access the Alerts overview page:

Select Alerts and Diagnostics from the main menu.
Click on Alerts overview in the navigation panel.

The Alerts overview page contains the following features:

Timeline of the history of alerts
Overview of currently open and resolved alerts
Prioritization of alerts to maximize the impact of support teams
Ability to drill down into contextual information to troubleshoot issues
Capability to search and filter alerts by monitor name and context of the alert

Exploring the Alerts overview dashboard

Timeline of triggered alerts

The Alerts overview page contains a timeline of the history of triggered alerts. Use the timeline to see the history of triggered alerts and identify those periods when the system triggered more alerts. Note that the chart does not reflect the duration of the alert.

The granularity of the chart changes with the selected timeframe. When the system performs the time aggregation, occurrences of the same alert are grouped and counted as one, as long as they occurred in the same aggregate time bucket.

Alerts table

View a gauge chart summarizing currently active alerts compared to all alerts in the selected timeframe.

Consult recently closed alerts and those that are currently open.

The table is organized by

Priority: See the alert priority. You can define the priority on the monitor configuration page.
Current status: See if the alert is open or closed. Closed alerts contain the time when the alert was closed.
Alert: Name of the monitor that triggered the alert with information about the issue context if exists.
Last trigger: Last time a monitor triggered the alert.
Impacted devices: View the number of devices impacted since the last time the alert was triggered. This figure is available for device-based monitors and all library monitors. Refer to the Impacted devices section for more information.
Tags: Click on tags to filter the page. You can add tags on the monitor configuration page and the Alerts Administration page.

Sort the list by clicking on the column header, or search by the alert name using the search bar in the top-right corner of the timeline.

Show alerts triggered in the selected period only

By default, the system displays all alerts that were opened for at least 1 minute within the selected timeframe, including:

Alerts that were closed in the selected timeframe.
Alerts that are open, even if triggered before the selected timeframe.

Switch the toggle to Show alerts triggered in the selected time period only in the top-right corner of the table.

The system updates the Alerts table and displays currently opened and closed alerts that were triggered within the selected timeframe only.
The system does not display alerts triggered before the selected time period, even if still open or recently closed.

Alert preview

Select an individual row in the alerts table to see details of the issue on the right-side panel. It contains the following information for all alert use cases:

Alert name with a context and the description of the main condition to trigger an alert.
Action menu with Investigations drill-downs and the Edit monitor button.

Depending on the alert use case side panel contains additional information.

Use case 1: Monitor issues with global detection

Number of alerts triggered in the selected period.
Binary insight detailed description and recommendation, if available
Details of the last triggered alert including breached thresholds.
Breakdown of the number of devices with impacted binary per entity.

Easily identify global issues with the Cloud insights label next to the monitor name.

Use case 2: Monitor detecting issues for many devices

Diagnose button to access Diagnostics for alerted issues dashboard.
Number of alerts triggered in the selected period.
Details of the last triggered alert including breached thresholds.
Breakdown of the number of impacted devices per entity.

Use case 3: Monitor detecting issues for an individual device or user

Timeline with individual alerts triggered for impacted users or devices.
Breakdown of devices impacted per Entity if the alert was triggered per device.
Breakdown of users impacted per Department and Office if the alert was triggered per user.

Note that the alerting system continues to evaluate the issue from when the alert is triggered until it is recovered. Hence, the total number of impacted devices can increase during the alert duration.

Alert analysis

View the AI-based alert impact analysis available on the Alert preview panel. It enables you to prioritize issues and take swift action on the most critical ones. The analysis takes into account various factors such as the context of the alert, the number of affected devices and entities, the details of the alert triggered, monitored metrics and thresholds breached. It provides actionable insights by utilizing comprehensive contextual information to assess the impact of alerts.

Alert filters

Filter the alerts timeline and the table by clicking on any of the tags. The filtering bar shows active filters at the top of the page. Remove active filters individually or all at once.

Use the search functionality to filter the alerts dashboard by alert name, including the context of the alert. Filters and searches affect the whole dashboard, including the alert timeline.

Action menu

Hover over an alert on the alerts table and select the action menu or click on the action menu on the alert preview.

Available actions differ depending on the type of monitor:

Open binary profiling: Open the Binary profiling dashboard, which displays details related to the binary for which the alert was triggered. Assess the stability, resource consumption and risk of any unexpected problems specific to that binary configuration. Refer to the Binary profiling documentation for more information.
Diagnose: Troubleshoot the issue on the Diagnostics page. This option is available for monitors that evaluate the metric across many devices. Refer to the Diagnostics for alerted issues documentation for more information.
Drill down to impacted devices: Open the Investigations page that contains a list of devices that are associated with a given alert.
Drill down to devices/users with alerts: This action is only available for monitors that trigger alerts per device or user. It opens the Investigations page that contains a list of devices or users for which the system has triggered alerts in the selected timeframe.
Drill down to impactful events: Open the Investigations page that contains query results of events that led to the last trigger of an alert.
Drill down to alerts events: Open the Investigations page that contains a list of all available history of alert events triggered within a given context.
Edit monitor: View and edit the configuration of the monitor for an alert.

Refer to in-product documentation for more information. You can find it in the side panel menu.

Understanding Impacted devices

The alerting service determines which devices are impacted by an alert. The impacted devices column of the Alerts table shows this information. The following monitors have an impact on devices:

Monitor	Impacted devices
Built-in monitor with metric change detection that tracks changes with a baseline	All devices with a monitored metric value above the threshold for which the alert was triggered at the time the alert had an open status
Built-in monitor with static threshold detection that triggers an alert when the metric is above the custom-defined threshold	Devices with at least one monitored event at the time the alert was open
Built-in global detection monitor	Devices that were using the binary with the configuration identified in the binary insights during last 7 days
Custom monitor with a static threshold detection that monitors metrics per device	Devices for which the alert was triggered
Custom monitor with a static threshold detection that monitors the number of devices with issues	Devices returned by a monitor query at the time the alert was open
Custom monitor with static threshold detection that monitors the count or sum of an event metric	Devices with at least 1 monitored event at the time the alert was open
Custom monitors with static threshold detection that monitors the ratio or average computation of an event metric.	Devices with a monitored metric value above the defined threshold at the time the alert was open

Monitor

Impacted devices

Built-in monitor with metric change detection that tracks changes with a baseline

All devices with a monitored metric value above the threshold for which the alert was triggered at the time the alert had an open status

Built-in monitor with static threshold detection that triggers an alert when the metric is above the custom-defined threshold

Devices with at least one monitored event at the time the alert was open

Built-in global detection monitor

Devices that were using the binary with the configuration identified in the binary insights during last 7 days

Custom monitor with a static threshold detection that monitors metrics per device

Devices for which the alert was triggered

Custom monitor with a static threshold detection that monitors the number of devices with issues

Devices returned by a monitor query at the time the alert was open

Custom monitor with static threshold detection that monitors the count or sum of an event metric

Devices with at least 1 monitored event at the time the alert was open

Custom monitors with static threshold detection that monitors the ratio or average computation of an event metric.

Devices with a monitored metric value above the defined threshold at the time the alert was open

You can query impacted devices for metric monitors using the alert.impacts NQL table. Refer to the NQL data model documentation for more information.

Please note that in some rare cases, the system is not able to determine the devices impacted by an issue.