See triggered alerts' details
What permissions do I need?
To access the Alerts overview area and see the alert details, you need at least the Triggered alerts (view) and the Read/unread alert permissions (see a detailed description of the alerts permissions here).
Additionally, you need to have alerts assigned with View access (see Assign resources to a role), which will be those you will see on the list.
Checking alert info
You can see the Summary and Description of a triggered alert by clicking the expandable arrow next the alert name. Here you can also find the alert Extradata for quick access, which is especially useful when filtering by Extradata. Expanding the alert details will automatically mark it as watched (visit this article to know more about status).
If any of the fields cannot be seen completely on the list, you can click on it to show a floating window with the complete info.
Checking alert details
You can also see the complete information of a triggered alert in its details window. To open this window, you can either click an alert’s ID on the list or use the Search by ID functionality.
By right-clicking on the alert's ID, you can choose the option to open it in a new tab, or use the keyboard shortcut: Ctrl + T (Windows & Linux) or ⌘ + T (Mac).
Visualization in the details window
Once you open this window, the alert status is automatically updated to watched, and you have access to the following pieces of information (see numbers in light blue on the picture below for reference):
Name, category-subcategory, date triggered, ID, priority, and status.
Inside this area you can find a back arrow to return to the alert list.
There is a copy button next to the ID for later use in searches (see search alert by ID).
You can check status and priority here, as well as manage them (see section below).
Summary, description, owner, query timezone, and type (triggering method and its specific settings).
Query and Extradata.
You can further explore the query to analyze the events that triggered the alert by clicking the Open in query editor button. This is the same as the Go to query option you can find on the alert list (visit Explore triggered alerts’ query for more info).
There is a copy button inside the query block so you can use it elsewhere.You can adapt the Extradata to show the raw configuration or the decoded version (more info about the extraData here). Simply click the switch above the Extradata field. This is useful when you work with JSON.
Dates in Extradata
Note that dates (e.g., event date, creation date) are displayed in UTC in the raw configuration but in the user’s timezone in the decoded version.
Management tasks in the details window
In this window, you can also perform management actions such as (see numbers in dark blue on the picture below for reference):
Change status and priority: use the drop-down menus below the alert name at the top (more info here: status, priority).
Post filters, alert definition, and triggered alert:
Create and edit post filters: use the post filter button at the top right (more info here: post filters).
Edit and clone alert definition: use the ellipsis button at the top right, next to the post filter button (more info here: edit and clone).
Delete triggered alert: use the ellipsis button at the top right (more info here: delete).
Leave comments: use the Comments tab to see existing comments and write your own (more info here: comments).
Â
Related articles
Â