View alerts

The Alerts table shows the most recently created alerts with no filtering.

See also Alerts API.


Alerts and alert details reference

The following table describes the alert attributes available in the alerts and the alert details tables.


Unless otherwise noted, the term "events" refers to both ingested event notifications and metric anomalies.

Moogsoft stores all timestamps in UTC format. The dates and times displayed in the UI are based on your browser's local time.



Active Incidents Count

The number of active incidents in which the alert is included.

If you have multiple correlation definitions, one alert might fit multiple definitions and thus get included in multiple incidents.


The alias for the alert source, as defined in the alias field in the event or the source field in the anomaly. You can specify aliases through ingestion or enrichment.


The Moogsoft user currently assigned to investigate this alert.


The category of performance or health condition check that triggered the alert.

Examples: CPU Check, MySQL Replication Check, Performance, Capacity


The high-level category of the performance issue reported by the alert. Examples include application, network, middleware, and cloud. This value is based on the service field in events.

If a metric anomaly does not have a service tag specified, Moogsoft auto-generates this field based on the metric source and name.

Creation Time

The timestamp when Moogsoft ingested the first event, identified it as unique, and created the new alert.

Dedupe Key

The values for the deduplication key configured for this ingestion source.


Alert description, based on the description field in the ingested event.

Event Count

Number of events in the alert.

First Event Time

The timestamp of the first event or anomaly added to the alert.


The alert ID. Moogsoft auto-generates the ID when it creates the alert.

Incident Count

The number of incidents in which this alert is included. This number includes both open and resolved incidents.

If you have multiple correlation definitions, one alert might match multiple definitions and be included in multiple incidents.

Last Event Time

Timestamp of the most recent event included in the alert.

Last Status Change Time

The time when an alert last received a new status.


You can include generic geolocation information in the location field of an ingested event. This is a structured list of key-value pairs, such as { City: 'London', Street: '31 High Street'}


The generator or intermediary of the events in this alert.

Manager ID

A machine-level reference to the manager.


The external application or service that generated the ingested event or metric. This is a required field for ingested events and is used to identify duplicate and similar events.

Service Count

The total number of services identified in the Service field.


Current severity of the alert, determined by the most recent event in the alert.


The node where the original events and/or anomalies occurred. This is typically an IP or fully-qualified domain name.


The alert status as specified by the Status pull-down menu in the Alert Details tab: Unassigned, Assigned, Acknowledged, etc.


All optional tags included in this alert. You can specify tags during ingestion, or use event enrichment to add tags after ingestion.


The classification of the alert.

Examples: Availability, Capacity

UTC Offset

The number of hours and minutes that Moogsoft time differs from Coordinated Universal Time (UTC).

Searching and filtering alerts