Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
The Alerts page displays all alerts for your LogicMonitor account. Accessible from the primary left navigation bar, the Alerts page allows you to filter, sort, view details for, and respond to alerts.
In addition to the global Alerts page, you’ll find filtered Alerts pages (i.e. Alerts tabs) available from the detail pages of your various devices, cloud resources, instances, websites, services, and groups. Regardless of where you access alerts (the Alerts page or Alerts tab), the functionality of these interfaces is largely identical.
Note: Alerts are timestamped according to the user’s configured time zone, assuming one has been set for the user and that it is the current active time zone. However, it is important to be aware that alert notifications are timestamped according to the time zone configured for the portal because these are not processed on a per-user basis. For more information on how user-specific time zones impacts the LogicMonitor interface, see Users.
The Alerts page displays a summary of alerts, called the alert table. You can filter the alerts displayed in the alert table to optimize relevancy. A large number of filters are available, along with the ability to save sets of commonly-used filter criteria for convenient future access.
Filters are available from the filter content area, which displays immediately above the alert table. Several common filters such as the alert severity, acknowledged status, and time range always display in the filter content area for easy access.
More advanced filters such as the LogicModule or alert rule filter can be brought forward by selecting them from the Add filter dropdown menu, shown next.
172*
((172*|192*))*
(!(172*|192*))*
Note: Multiple criteria within the same filter is joined using an OR operator; criteria across multiple filters is joined using an AND operator.
The Filter Alerts field allows you to filter the alert table by keyword. Single keywords are automatically wildcarded on both ends. For example, a search term of “time” could return “time”, “uptime”, and “timeout.”
As you establish filters on the Alerts page, you have the ability to save the current filter view for future access by clicking the star icon. Saved filter views are associated with individual user accounts and are not available globally.
Upon saving, LogicMonitor captures:
If a saved filter view is active, but criteria has been edited during the current session to cause the alert table results to fall out of compliance with the parameters of the active filter view, the star icon reverts back to an unfilled icon to serve as an indicator that you are no longer within the bounds of the selected filter view. When this happens, you can click the star icon to update/save the current active filter view with the new parameters or you can click the dropdown menu next to the active filter view name to either save the current parameters as a brand new filter view or revert back to the saved settings of the current active filter view.
To return the alert table back to its default filter settings (all alerts reported within the last 24 hours that have not been cleared), click the Clear icon.
To speed up troubleshooting and time to resolution, the alerts in the alert table can also be viewed as a time-series graph. At its most basic, this graph mirrors the alerts currently displayed in the alert table and charts the aggregated alert count over a configured period of time.
However, the graph is most impactful when it is used to group alerts by a relevant dimension. For example, the graph’s aggregated alert counts can be grouped by alert severity, associated alert triggers (resource, LogicModule, instance, datapoint), matching alert rules, or the escalations chains used to deliver alert notifications.
The ability to quickly visualize alert commonalities is very helpful when investigating an alert storm or identifying recurring issues requiring remediation or adjustments to alert thresholds.
Note: The maximum limit for grouping is 10,000 alerts.
To show (and hide) the header graph, click the More Options icon located in the upper right corner of the Alerts page and select Header Graph. The graph will retain your prior groupings (dimensions) while reflecting the alerts currently listed in the alert table.
To select a dimension, click the three-way arrow icon to choose from the list of possible dimensions. Only one dimension can be grouped per graph, but you’ll notice that as you select additional dimensions, you are able to easily toggle among them using the dropdown on the right.
The graph is highly interactive, allowing you to:
As you interactively change the graph’s filters, the alert table automatically updates to remain in sync—and vice versa.
In the Header Graph, you can also select to manage and display your alert groups in a Tree Map graph. The Tree Map graph allows you to select two dimensions when grouping alerts. For example, you can select LogicModule and Resources to get a grouping of all LogicModules that are “in alert” for the given time range, as well as a count of the number of resources with each LogicModule alert. Using the header graph to drill down into a LogicModule will further group the alerts by Resources with that LogicModule alert.
You can see more context for alerts by adding Analysis Tabs to your Alerts page. To show (and hide) this feature, click More Options in the upper right corner of the Alerts page and then select Analysis Tabs. The Logs tab displays below the chart, allowing you to view the logs for the resources included in your active Alerts filter and quickly access the Logs page for further investigation.
The alert table can be sorted according to alert severity level (Severity column) or the time the alert was reported (Reported At column). Simply click on one of these column headers to initiate sorting (click once for descending order and twice for ascending order).
LogicMonitor also offers the ability to initiate secondary sorting using severity level as the primary sort and time alert was reported as the secondary sort. To initiate secondary sorting, first sort by severity level and then hold down the shift key while additionally setting sorting for reporting time.
When you click on an individual alert, an alert detail pane opens from the bottom of the Alerts page. The detail panel provides additional alert context, as well as the ability to act upon the alert in a number of ways.
There are up to five primary categories of information, organized by page tabs, that display for each individual alert, as well as a standard toolbar that allows you to perform a variety of actions for the alert. Each is described next.
The Overview tab consolidates many of the same details displayed in the alert table row, as well as displays the alert message and any manually-entered notes for the alert.
Note: The manual entry of general alert notes is only permitted for up to 48 hours after the alert has cleared.
When viewing alerts triggered by datapoints, the Overview tab additionally displays an alert overview graph that plots 60 minutes of data collected for the datapoint. This graph includes the expected range in which datapoint values are expected to fall (the expected range is shaded in blue and available to LogicMonitor Enterprise users only) and the ability to plot offsets that compare the current timeframe to values collected exactly 24 hours, one week, or 30 days ago. For more information on how the expected range is calculated or on using offsets, see Anomaly Detection Visualization.
The Graphs tab displays all relevant graphs associated with the alert. If the alert is not associated with a DataSource or website (for example, if the alert is triggered by an EventSource or ConfigSource alert), no Graphs tab displays.
By default, the time range for all graphs is set to “At time of alert,” which features one hour of data—starting 30 minutes before and ending 30 minutes after the alert occurred. This time range can be modified using a variety of predefined time ranges including the current global time range.
There are several ways in which you can manipulate the output and display of graphs from the Graphs tab of an alert, including viewing Ops Notes; expanding legends; generating forecasting or anomaly detection versions of the graph; or adding the graph to a dashboard. These options are standard across most areas of the interface in which graphs display and are talked about in detail in Graphs Tab.
If there are log anomalies associated with the alert, you can investigate further by selecting “View Logs” from the log anomalies graph. This will redirect you to the Logs page filtered to display log events from the relevant resource during the time period of the alert. See Reviewing Logs and log anomalies.
The History tab displays the frequency and severity of alerts over the past 24 hours, seven days, or 30 days—or over the previous calendar month. This is an ideal at-a-glance view of an instance’s performance over time and will help you determine whether an alert was a one-off fluke, if thresholds need to be re-evaluated, or if you need to provision more resources to your equipment.
When viewing the details of an alert triggered by a resource/instance with an external resource ID (ERI) assigned to it, a Maps tab displays. From this tab, you can click the Maps button and subsequently the Resource or Instance button to generate a topology map for the resource/instance in alert. A new browser window opens that displays the resource/instance as the focus of a new topology map in the Mapping page, allowing you to visually troubleshoot infrastructure that may be contributing or related or the alert. For more information on topology mapping, see Topology Mapping Overview.
When viewing the details of an alert with dependent alerts (in other words, the alert has undergone root cause analysis and determined to be an originating or direct cause alert), a Dependencies tab displays. For more information on this tab and LogicMonitor’s root cause analysis feature, see Enabling Root Cause Analysis.
From the toolbar that displays in the upper right corner of the alert detail pane, you can perform the following actions:
For guidelines on acknowledging or escalating alerts, or putting alerts into SDT, see Guidelines for Responding to Alerts.
As discussed in the previous section, alerts can be acknowledged, escalated, annotated, or put into SDT individually from the alert detail pane. These actions can also be performed on multiple alerts at once by checking the checkbox to the left of one or more alerts.
Note: Notes cannot be added for alerts that cleared more than 48 hours ago.
Once the desired alerts are selected, click the Actions button to select one of the available actions from the dropdown menu.
On a per-user basis, various aspects of the alert table can be customized, including:
Click the more options icon located in the upper right corner of the Alerts page to open the Column Settings dialog. From this dialog, you can make default columns visible/invisible, reorder columns, and add/delete custom columns.
Custom columns can be added to the alert table to display the values of properties or LogicMonitor tokens related to the resource in alert. Use the Search field at the bottom of the Column Settings dialog to add custom columns.
To add a property as a custom column, simply start typing the name of the property whose values you would like to see for each alert into the Search field and matching search results will be auto-generated as you type.
To add a token as a custom column, you must prepend and append the token name with “##” (for example, ##ALERTID##). Token names are not case sensitive (for example, ##AlertID## also works). Search results are not auto-generated when typing token names; instead, you’ll need to select the “Create ##<token>##” option that appears.
Several aspects of the alert table display can be customized to suit your viewing preferences. These settings are available by clicking Profile | Appearance from the left navigation menu while the Alerts page is open.
Use the Date & Time Display setting to indicate whether timestamps will be formatted using:
Enable the Alternate Row Color setting to alternate the background color of rows.
Enable text wrapping for alert table columns using the Wrap Text setting. If this setting is disabled, truncated text can be seen by hovering over the column or by opening the alert to display its detail page.
Use the Font size setting to indicate the font size for the text that displays in the alert table.
The alert severity icons that display in the Severity column can be updated to a light color theme and/or a condensed icon width theme using the Light Theme and Condensed Theme settings respectively.
In This Article