Alerts Page Overview
IN THIS ARTICLE:
Introduction to Alerts Page
The Alerts page displays active alerts for your LogicMonitor account. There is an overall Alerts page available from the left-hand main menu that displays all alerts across your entire LogicMonitor account, as well as Alerts pages (i.e. tabs) that are available from the detail pages of your various devices, cloud resources, instances, websites, and groups. Regardless of from where you access alerts, the functionality of the page is largely the same.
Note: When viewing alerts from within the LogicMonitor UI (i.e. Alerts pages), alerts are timestamped according to the user's configured time zone, assuming one has been set for the user and that it is the current active time zone. However, it is important to be aware that alert notifications received via email, SMS, or voice are timestamped according to the time zone configured for the portal because these are not processed on a per-user basis. For more information on how the configuration of user-specific time zones impacts the LogicMonitor interface, see Users.
Filtering and Sorting Alerts
The Alerts page displays a summary of alerts, called the alert table. You can filter and sort the alerts displayed to optimize relevancy.
Along the top of the Alerts page, there are a variety of filters you can use to narrow down the alerts displayed in the alert table. Initially, you may not see all filters available, depending upon which filters are currently active. As shown next, simply click on the More field to access a dropdown of additional filters.
Several of the filters support free-form text (e.g. group, resource/website, LogicModule, etc.). For these fields, once you begin typing a value into the filter field, matching values will display. More than one value can be entered for each filter and glob expressions are supported.
Other filter types are radio buttons or checkbox selections (e.g. acknowledgment status, severity level, etc.). Each filter's function is briefly outlined next:
- Group. Only displays alerts triggered by resources/websites belonging to the one or more group(s) specified for this filter.
- Resource/Website. Only displays alerts triggered by the resource(s)/website(s) specified for this filter.
- LogicModule. Only displays alerts triggered by instances belonging to the one or more LogicModule(s) specified for this filter.
- Instance. Only displays alerts triggered by the instance(s) specified for this filter.
- Datapoint. Only displays alerts triggered by the datapoint(s) specified for this filter.
- Alert Rule. Only displays alerts for which the specified alert rule(s) apply.
- Escalation Chain. Only displays alerts for which the specified escalation chain(s) were used to deliver notifications.
- Severity. Only displays alerts whose current severity levels match those selected for this filter.
- Acknowledged. Use the Acknowledged filter to restrict the alerts table to only those alerts that have been acknowledged ("Yes" option), exclude alerts that have been acknowledged ("No" option), or return to the default behavior of including both acknowledged and unacknowledged alerts ("All" option).
- In SDT. By default, the alerts table does not filter alerts according to the SDT status of the resource/instance triggering the alert. Use the In SDT filter to restrict to only those alerts in SDT ("Yes" option), exclude alerts in SDT ("No" option), or return to default behavior ("All" option).
- Cleared. Use the Cleared filter to restrict the alerts table to only those alerts that have been cleared ("Yes" option), include both cleared and uncleared alerts ("All" option), or return to the default behavior of excluding cleared alerts ("No" option).
Alerts can be sorted according to several criteria including time the alert began, resource/website, acknowledged by, and datapoint to name a few. To sort the alert table, simply click on a column header that supports sorting (click once for ascending order and twice for descending order).
LogicMonitor also offers the ability to initiate secondary sorting using an alert's severity status and time began timestamp in combination. This allows you to simultaneously sort on both the alert severity level (primary sort) and the time alert began (secondary sort).
To turn on secondary sorting for the alert table, click on the icon ( ) that acts as the header for the far left alert severity column. This automatically sorts using the chosen ascending/descending orders of both the alert severity and "Began" columns. To turn off secondary sorting, simply click on a column other than the "Began" column (or click the icon twice more) to reset the table to a single sort order.
Opening and Acting Upon an Individual Alert
When you click on an individual alert, the row expands to display more details for the alert. The primary use of this display is to facilitate troubleshooting and contextualization of triggered alerts by bringing all alert-specific information (and available actions) into a single pane.
There are up to three primary categories of information, organized by page tabs, that display for each individual alert, as well as a standard toolbar that allows you to perform a variety of actions for the alert. Each is described next.
As shown in the previous screenshot, the Description tab displays all relevant detail for an individual alert including the alert message, escalation chain, full group path, and more.
The Graphs tab displays all relevant graphs associated with the alert. If the alert is not associated with a DataSource or website (e.g. it's an EventSource or ConfigSource alert, etc.), no Graphs tab displays.
By default, the time range for all graphs is set to "At time of alert," which features one hour of data—starting 30 minutes before and ending 30 minutes after the alert occurred.
There are several ways in which you can manipulate the output and display of graphs from the Graphs tab of an alert, including viewing Ops Notes, expanding legends, or adding the graph to a dashboard. These options are standard across most areas of the interface in which graphs display and are talked about in detail in Graphs Tab.
The History tab displays the frequency and severity of alerts over the past 24 hours, seven days, 30 days, or calendar month. This is an ideal at-a-glance view of an instance's performance over time and will help you determine whether an alert was a one-off fluke, if thresholds need to be re-evaluated, or if you need to provision more resources to your equipment.
Individual Alert Toolbar
From the toolbar that displays at the bottom of each opened tab, you can perform the following actions:
- Open device or website. Click the Go to Device button or Go to Website button to navigate directly to the device or website.
- Open topology map. Click Explore Maps and select either "Resource" or "Instance" to generate a topology map for the resource/instance in alert. This button only displays if the resource/instance has an external resource ID (ERI) assigned to it. Assuming an ERI is present, a new browser tab opens that displays the resource/instance as the focus of a new topology map in the Mapping page, allowing you to visually troubleshoot infrastructure that may be related or contributing to the alert. For more information on topology mapping, see Topology Mapping Overview.
- Add notes. Click the Add Note button to enter notes for annotation and contextualization purposes.
- Put into SDT. Click the Put In SDT button to schedule down time for the device, instance, or website. For more information on SDT functionality, see Scheduled Down Time (SDT) Tab.
- Escalate the alert. Click the Escalate button to manually escalate the alert to the next level in its assigned escalation chain. For more information on escalation chains, see Escalation Chains.
- Acknowledge the alert. Click the Acknowledge button to indicate that the underlying issue of the alert is being actively fixed. For more information on when to acknowledge alerts, see Guidelines for Responding to Alert Notifications.
As discussed in the previous section, an alert can be acknowledged individually from its expanded detail pane. Alerts can also be acknowledged en masse by checking the checkbox to the left of one or more alert (or all alerts using the topmost checkbox) in the alert table and clicking the Acknowledge button at the top of the summary view. As shown next, the Acknowledge button denotes the number of alerts you are about to acknowledge by appending this number onto the button's label.
Customizing Alert Page Settings
Clicking into the Alert Table Settings dialog (using the Settings button) offers several options for customizing your alert table view.
Results Per Page
From the Results per page field's dropdown menu, select how many rows will be displayed in the alert table per page of results.
From the Font size field's dropdown menu, select the font size for the text displayed in each alert row and individual alert detail pane.
Alternating Row Color
Check the Alternating Row Color checkbox to alternate the background color of rows between white and light grey.
Play Sounds for New Alerts
Check the Play sounds for new Alerts checkbox to configure sounds for incoming alerts. As shown next, you can configure a different sounds for each alert severity level. The Alerts page must be open in order for the sounds to play. This setting is particular useful when the Alerts page is displayed on an NOC screen or computer tab and an additional means of signaling an alert would be helpful.
Expand the Manage Columns heading to add custom columns to the alert table, as well as determine which columns display and in what order.
In the Add Custom Column field, you can add columns to the alert table that display the values of system properties, auto-properties, and LM tokens. Simply start typing the name of the property or token whose values you would like to see for each alert and matching search results will be auto-generated as you type.
From the list of available columns found immediately below the Custom Column field, check or uncheck any columns that you would like included or excluded from the alert table. To reorder columns, grab the icon to the far left of a column name and drag and drop the column into its new position.