Document toolboxDocument toolbox

Managing triggered alerts

Owned by Juan Tomás Alonso Nieto (Unlicensed)
Last updated: Mar 18, 2021 by Borja Moro Moreno
6 min read

Once your alerts are activated, they will monitor the queries and trigger when the alert conditions are detected. Use the Alerts Dashboard in the Alerts area of the Devo web app to monitor the history of all alerts triggered in the domain and manage the actions taken in response to them.

In order to perform the management tasks described in this article, you need to have a role with management permissions on Triggered alerts (Administration → Roles → Permissions tab).

About the Alerts Dashboard

The Alerts Dashboard is your control panel for tracking the alerts that have been triggered over time. There are two parts of the dashboard:

  • In the Alerts Overview area, you can use a combination of filters and dynamic charts to visually analyze the overall quantity of alerts over a period of time.
  • The Alerts History area lists all the alerts triggered in the domain starting with the most recent one and gives you the ability to carry out workflows related to managing the conditions that trigger the alerts.

Go to Preferences, then click the Alerts tab on the left inside the User Preferences tab to choose different settings related to the Alerts Dashboards area.

Alerts Overview

The Alerts Overview area lets you choose from among four types of charts to visualize the recent history of triggered alerts. By selecting a time period in the filter bar, you can limit the history from a brief as the last one hour or up to an entire year. You can also use the Show Open and Show All buttons to view all alerts or only the ones that have not yet been marked as closed.

Alerts History

The Alerts History area lists the recently triggered alerts and lets you manage the actions taken in response. You can perform the following actions in this area:

Monitor new triggered alerts

By default, triggered alerts are listed starting with the most recent. To draw your attention to the alerts you haven't yet seen in the history list, a "New" tag is displayed in the Status column for a couple of seconds when you access this area. Also, a green bar appears next to new alerts and does not disappear until you leave the Alerts Dashboard area.

You can always check if new alerts have been triggered in your domain looking at the counter in the Alerts option of the navigation pane. The green bubble next to the lightning icon indicates unread alerts triggered in your domain for the last 12 months.

If you hover over the Alerts icon while the navigation pane is minimized, you will see the following information:

Both counters are updated every 60 seconds to show new alerts triggered in the domain. This is the information displayed by each counter:

  • New alerts since last update - This is the count of unread alerts since the last time you visited the Alerts Dashboard. The count is reset every time you access this area.

    Load new alerts

    If new alerts arrive while you are in the Alerts Dashboard, you will see a Load New button at the top of the table. Click it to load all the new alerts triggered in your domain, no matter its status.

  • Unread alerts in the domain - This is the total count of unread alerts in your domain for the last 12 months, and corresponds to the count in the red bubble next to the Alerts icon. The count will decrease if you mark alerts as Watched or Closed in the Alerts History. To do it, click the info in the Summary column of the alert to see its description, or select View alert details or Mark as closed in the ellipsis menu that appears when you hover over the right end of a row. Alternatively, you can reset the total count of unread alerts in your domain by clicking the Reset unread icon in at the top of the Alerts History table.

  

Why can't I see the reset button?

The reset button will only be available to users whose role has the Unread domain alerts permission (Administration → Roles → Permissions tab). Learn more in Role permissions.

Filter triggered alerts

If you are looking for a specific alert in the list, you can filter the list by clicking values in the StatusAlert nameCategory - SubCategory or Priority columns.

Change the priority of a triggered alert

You can change the priority of a triggered alert hovering over the Priority column value, and clicking the Change button that appears.

Change the status of a triggered alert

The Status column indicates to what extent a triggered alert has been acknowledged. There are three possible values:

  • Unread means that the alert has been seen in the list but its details have not yet been viewed by any user in the domain.
  • Watched means that the alert's details have been viewed by any user in the domain; either by expanding the Detailed Information or using the ellipsis menu option.
  • Updated means that the condition which triggered the alert does not persist any longer. This status is generated by the Systems Monitoring application whenever a triggered alert that was created using the application is no longer relevant and thus needs no further monitoring.
  • Closed is when a user in the domain has determined that the alert no longer requires attention or action. Indicate if you want closed alerts to appear in the Alert History in your user preferences.

Manage triggered alerts

Using an alert's ellipsis menu, you can also access the following options:

View alert details 

Check the details of the selected alert. Alternatively, the drop-down control in the Summary column can be used to expand the row to display the full alert message. This action will set the status of the alert to Watched.

Go to query

See the events that made the alert trigger. You will be taken to the search window, and you will see the alert query with the time range where the events that triggered the alert are. You will access the search window in incognito mode, which means any changes in the query will not be saved.

This option is only available for alerts created by users in your domain (alerts in the My Alerts category).

This option will not appear with alerts created using the Alerting API.

Create annotation

Use comments to track actions taken to address the alert condition. Learn more in Add a comment to a triggered alert

New filter / Edit filter

Create filters that automatically process alerts when they're triggered with the characteristics you set forth. Alerts with post-filters are marked with this icon . If an alert has already one or several post-filters defined, you can click that icon or select Edit filter in the ellipsis menu to remove the existing post-filters or add new ones. Learn more in Apply a filter for post-processing.

Edit / View

Opens the Edit alert definition window, where you can edit the Category, Description and Priority of your alerts, or modify the query that defines the alert. You can only edit the alerts created by users in your domain (alerts in the My Alerts category). Learn more here.

In case you select an alert generated through the Alerting API, you will see the View option. In this case, you will only be able to check the details of the alert. To modify it, you must use the API.

Related articles: