| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
About triggered alerts' queries
You can access the search window by using the associated query from a triggered alert. This allows you to investigate the events that led to its triggering, pinpointed within the exact timeframe in which the alert occurred. You will access the search in incognito mode, which means any changes in the query will not be saved.
What permissions do I need?
...
Open query from the alert list
You can go open the query to explore it in the search window to see the query defined for that triggered alert and examine the events that caused it to trigger. Click the by clicking the ellipsis menu at the end of the row and select selecting Go to query.
...
You will be taken to the search window, and you will see the alert query with the time range for the events that triggered the alert. You will access the search window in incognito mode, which means any changes in the query will not be saved.
...
Open query from the alert details window
You can also open explore the query to explore it from the in the search window through the alert details window, which is accesible opens by clicking an alert’s ID on the list (more info about the details window here). Simply Inside this window, click on the Open in query editor button above the query.
...
Query data explained
Depending on the triggering method used to define the alert and its specific settings, the events and timeframe shown in the table will differ.
Each-type alerts
Time range (ungrouped data): it starts slightly before the eventdate registered in the triggered alert’s extraData (adapted to your timezone) and concludes slightly after it. These additional moments are to account for any triggering delay.
Time range (grouped data): it starts with the beginning of the grouping period, which corresponds to the eventdate registered in the triggered alert’s extraData (adapted to your timezone), and concludes after the period specified in the query grouping.
Events shown: the event that triggered the alert.
| Info |
|---|
Multiple alerts If multiple alerts are triggered in a quick succession or simultaneously, the time range will be adjusted to include all their eventdates upon accessing any of their queries. |
Several-type alerts
Time range: it starts with the eventdate registered in the triggered alert's extraData (adapted to your timezone) and concludes after the period specified in the alert definition settings.
Events shown: all the events that triggered the alert due to exceeding the threshold established in the alert definition settings.
Low-type alerts
Time range: it starts with the eventdate registered in the alert's extraData (adapted to your timezone) and concludes after the period specified in the alert definition settings.
Events shown: all the events (or no event at all) that triggered the alert due to not reaching the threshold established in the alert definition settings.
Rolling-type alerts
Time range → it starts with the eventdate registered in the alert extraData (adapted to your timezone) and concludes after the backperiod specified in the alert settings.
Events shown: the event group that triggered the alert.
| Info |
|---|
Multiple alerts If multiple alerts are triggered during the same period, all the event groups in the same period will be displayed together upon accessing any of their queries. |
Deviation-type alerts
Time range: it starts with the
...
eventdate registered in the alert's extraData (adapted to your timezone) and concludes after the period specified in the query grouping.
Events shown: all event groups occurring during the current period, providing reference for the aggregation values that determined the median and triggered the alert due to a greater deviation than the threshold specified in the alert definition settings.
| Info |
|---|
Multiple alerts As all event groups within a period are already shown for a single alert, accessing any of the queries in a series of alerts triggered during the same period will not alter the result. |
Gradient-type alerts
Time range: it starts with the eventdate registered in the alert's extraData (adapted to your timezone) and concludes after the period specified in the query grouping.
Events shown: the event group that triggered the alert due to a greater variation in its aggregation value than the threshold specified in the alert definition settings, as compared to the previous period.
| Info |
|---|
Multiple alerts If multiple alerts are triggered during the same period, all the event groups in the same period will be displayed together upon accessing any of their queries. |
Related articles
| Child pages (Children Display) | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...