View alerts

Users with the following roles can perform these actions in this feature area:
Operator: View, assign, resolve, and close alerts.	Administrator: View, assign, resolve, and close alerts.	Owner: View, assign, resolve, and close alerts.

The Alerts table shows the most recently created alerts with no filtering.

Alerts and alert details reference

The following table describes the alert attributes available in the alerts and the alert details tables.

Note

Unless otherwise noted, the term "events" refers to both ingested event notifications and metric anomalies.

Moogsoft stores all timestamps in UTC format. The dates and times displayed in the UI are based on your browser's local time.

Column	Description
Active Incidents Count	The number of active incidents in which the alert is included. If you have multiple correlation definitions, one alert might fit multiple definitions and thus get included in multiple incidents.
Alias	The alias for the alert source, as defined in the `alias` field in the event or the `source` field in the anomaly. You can specify aliases through ingestion or enrichment.
Assignee	The Moogsoft user currently assigned to investigate this alert.
Check	The category of performance or health condition check that triggered the alert. Examples: CPU Check, MySQL Replication Check, Performance, Capacity
Class	The high-level category of the performance issue reported by the alert. Examples include `application`, `network`, `middleware`, and `cloud`. This value is based on the `service` field in events. If a metric anomaly does not have a `service` tag specified, Moogsoft auto-generates this field based on the metric source and name.
Creation Time	The timestamp when Moogsoft ingested the first event, identified it as unique, and created the new alert.
Dedupe Key	The values for the deduplication key configured for this ingestion source.
Description	Alert description, based on the `description` field in the ingested event.
Event Count	Number of events in the alert.
First Event Time	The timestamp of the first event or anomaly added to the alert.
ID	The alert ID. Moogsoft auto-generates the ID when it creates the alert.
Incident Count	The number of incidents in which this alert is included. This number includes both open and resolved incidents. If you have multiple correlation definitions, one alert might match multiple definitions and be included in multiple incidents.
Last Event Time	Timestamp of the most recent event included in the alert.
Last Status Change Time	The time when an alert last received a new status.
Location	You can include generic geolocation information in the `location` field of an ingested event. This is a structured list of key-value pairs, such as `{ City: 'London', Street: '31 High Street'}`
Manager	The generator or intermediary of the events in this alert.
Manager ID	A machine-level reference to the manager.
Service	The external application or service that generated the ingested event or metric. This is a required field for ingested events and is used to identify duplicate and similar events.
Service Count	The total number of services identified in the Service field.
Severity	Current severity of the alert, determined by the most recent event in the alert.
Source	The node where the original events and/or anomalies occurred. This is typically an IP or fully-qualified domain name.
Status	The alert status as specified by the Status pull-down menu in the Alert Details tab: Unassigned, Assigned, Acknowledged, etc.
Tags	All optional tags included in this alert. You can specify tags during ingestion, or use event enrichment to add tags after ingestion.
Type	The classification of the alert. Examples: Availability, Capacity
UTC Offset	The number of hours and minutes that Moogsoft time differs from Coordinated Universal Time (UTC).

Searching and filtering alerts

Global search	Smart look-ahead search

You can perform the following types of search:

Free-text search in the global search window.
Access the global search by clicking Search and then typing your search terms.
"Smart look-ahead" filtering in the Incidents, Alerts, and Metrics tables.
Place your cursor in the search field above the table. A pull-down menu shows the data fields or users that are valid for that position in the filter string.
After you validate a filter you can save, edit, reuse, and delete it as needed. You can also copy and paste a filter string into a relevant API request. You can define compound filters such as:
source in ("MCsource01", ["MCsource02") and severity in (Critical, Major, Minor)

Other search features include:

Auto Refresh
Turn automatic page refreshing on and off to load new alerts or incidents as often as you prefer. Choose the auto refresh interval from the list to enable auto refreshing. Click the refresh button to refresh on demand.
Saved queries
If you create a query you want to use in the future, click Save and give the query a name when prompted. You can access it the next time you need to filter your data by clicking Save again. Your queries display under Saved Searches.

Note the following:

It is good practice to use the smart-look-ahead features to create your incident, alert, and metric filters.
Incident, alert, and metric filters support different sets of fields. This means that you cannot necessarily use filters across data types. The filter service in (svc00, svc01) works for incidents and alerts but not for metrics, because incidents and alerts have a service field but metrics do not.

In this section:

View alerts

Alerts and alert details reference

Note

Searching and filtering alerts

Search results