Skip to main content

Understand alerts and alert details

Critical_Alert_Detail.png

Supported operations

You can do the following in this view:

  • Update the assignee and status (In Progress, Resolve, Close)

    To update multiple alerts, select the alerts and then right-click.

  • Copy visible attributes for one or more alerts (with or without headers) and paste into a text file

    To copy attributes for multiple alerts, select the alerts and then right-click.

  • Copy a link to an alert. Select the alert and then right-click.

  • Copy a link to multiple alerts: Select the alerts, click the Grid Options button (right), then click Get Link to Alerts

    GridOptions.png

Alert attributes

The following table describes the alert attributes available in the alerts and the alert details tables.

Note

Unless otherwise noted, the term "events" refers to both ingested event notifications and metric anomalies.

Moogsoft Cloud stores all timestamps in UTC format. The dates and times displayed in the UI are based on your browser's local time.

Column

Description

Alias

The alias for the alert source, as defined in the alias field in the event or the source field in the anomaly. You can specify aliases through ingestion or enrichment.

Assignee

The Moogsoft Cloud user currently assigned to investigate this alert.

Check

An identifier for the type of alert.

For example, check could indicate the type of test which caused the alert to be created (such as ping or response time).

Class

The high-level category of the performance issue reported by the alert. Examples include application, network, middleware, and cloud. This value is based on the service field in events.

If a metric anomaly does not have a service tag specified, Moogsoft Cloud auto-generates this field based on the metric source and name.

Dedupe key

The unique identifier which describes this alert. Events with the same deduplication key belong to the same alert.

Description

The alert description, based on the description field in the ingested event.

Event count

The number of events in the alert.

External ID

If the alert triggered an external notification based on an outbound webhook, this indicates the object (such as a ticket number) in the external system.

External names

The name of an outbound integration.

First event time

The timestamp of the first event or anomaly added to the alert.

ID

The alert ID. Moogsoft Cloud auto-generates the ID when it creates the alert.

Incidents

The list of incidents where this alert is a member.

Integration ID

The outbound integration ID if the alert triggered an external notification based on an outbound webhook.

Integration name

The outbound integration name if the alert triggered an external notification based on an outbound webhook.

Last event time

The timestamp of the most recent event included in the alert.

Last status change time

The event time when the alert was last updated.

Location

You can include generic geolocation information in the location field of an ingested event. This is a structured list of key-value pairs, such as { City: 'London', Street: '31 High Street'}

Manager

The generator or intermediary of the events in this alert.

Manager ID

The unique identifier for the alert in the source system.

Namespace

An internal field used to set a metric identifier for any events which were generated via Anomaly Detection.

Service

The external application or service that generated the ingested event or metric. This is a required field for ingested events and is used to identify duplicate and similar events.

Severity

Current severity of the alert, determined by the most recent event in the alert.

Source

The node where the original events and/or anomalies occurred. This is typically an IP or fully qualified domain name.

Status

The alert status as specified by the Status menu in the Alert Details tab: Unassigned, Assigned, Acknowledged, etc.

Tags

The optional tags included in this alert. You can specify tags during ingestion, or use event enrichment to add tags after ingestion.

Type

The type of the alert. The type is context-specific based on class. For example, when the class is application, type could be availability, performance, memory, resources, or storage.