Working with Alerts in Observe¶
Note
The Monitors v2 engine is currently in private preview, please work with your Observe team to enable this feature flag. See documentation for Monitors v1.
When a monitor produces an alert and possibly a notification, the results can be reviewed in Observe as well as the notification destination. Each alert has an individual URL where related data, resources, and the logic of the monitor can be reviewed or drilled into.
Alert Explorer¶
All alerts in Observe can also be reviewed in a single explorer page. This allows you to quickly filter alerts by status, severity, and involved resources so that you can isolate problems. Furthermore, Alert Explorer provides robust muting controls for your alerts.
Figure 1 - Alert Explorer Home Page
Interacting With Alerts¶
A Monitor in Observe, can create multiple Alerts. All Alerts have; Start and End time, Duration, severity level, and Status. You can inspect the details of a specific Alert by clicking the “View Alert” button in Alert Explorer. Each Alert will have a detail page that provides the following capabilities:
Overview¶
The “Overview” tab allows you to quickly view metadata about the alert, such as the user who created and last modified the Monitor associated to the Alert, what Query & rules are associated with this Alert. Furthermore, important context such as the data that caused the alerting condition, as well as the incident chart, are directly available on this tab.
Triggering data¶
This is a table view of the specific data that caused the Alert to trigger. You can open this data directly in a worksheet, to aid in deeper investigation.
Monitor alerts¶
This is a list of all Alerts that share a common Monitor definition. Note that this can be useful when reviewing historical alert data, and is a great resource for tuning Monitor queries to be more effective.
Detection events¶
Detection events log the internal state of when the Alert was created as well as any changes in the Alert state over time.