Understand alerts and alert details
![]() |
Supported operations
You can do the following in this view:
Update the assignee and status (In Progress, Resolve, Close)
To update multiple alerts, select the alerts and then right-click.
Copy visible attributes for one or more alerts (with or without headers) and paste into a text file
To copy attributes for multiple alerts, select the alerts and then right-click.
Copy a link to an alert. Select the alert and then right-click.
Copy a link to multiple alerts: Select the alerts, click the Grid Options button (right), then click Get Link to Alerts
Alert attributes
The following table describes the alert attributes available in the alerts and the alert details tables.
Note
Unless otherwise noted, the term "events" refers to both ingested event notifications and metric anomalies.
Moogsoft Cloud stores all timestamps in UTC format. The dates and times displayed in the UI are based on your browser's local time.
Column | Description |
---|---|
Alias | The alias for the alert source, as defined in the |
Assignee | The Moogsoft Cloud user currently assigned to investigate this alert. |
Check | An identifier for the type of alert. For example, |
Class | The high-level category of the performance issue reported by the alert. Examples include If a metric anomaly does not have a |
Dedupe key | The unique identifier which describes this alert. Events with the same deduplication key belong to the same alert. |
Description | The alert description, based on the |
Event count | The number of events in the alert. |
External ID | If the alert triggered an external notification based on an outbound webhook, this indicates the object (such as a ticket number) in the external system. |
External names | The name of an outbound integration. |
First event time | The timestamp of the first event or anomaly added to the alert. |
ID | The alert ID. Moogsoft Cloud auto-generates the ID when it creates the alert. |
Incidents | The list of incidents where this alert is a member. |
Integration ID | The outbound integration ID if the alert triggered an external notification based on an outbound webhook. |
Integration name | The outbound integration name if the alert triggered an external notification based on an outbound webhook. |
Last event time | The timestamp of the most recent event included in the alert. |
Last status change time | The event time when the alert was last updated. |
Location | You can include generic geolocation information in the |
Manager | The generator or intermediary of the events in this alert. |
Manager ID | The unique identifier for the alert in the source system. |
Namespace | An internal field used to set a metric identifier for any events which were generated via Anomaly Detection. |
Service | The external application or service that generated the ingested event or metric. This is a required field for ingested events and is used to identify duplicate and similar events. |
Severity | Current severity of the alert, determined by the most recent event in the alert. |
Source | The node where the original events and/or anomalies occurred. This is typically an IP or fully qualified domain name. |
Status | The alert status as specified by the Status menu in the Alert Details tab: Unassigned, Assigned, Acknowledged, etc. |
Tags | The optional tags included in this alert. You can specify tags during ingestion, or use event enrichment to add tags after ingestion. |
Type | The type of the alert. The |