Alerts

What do the different alert severities mean?

LogicMonitor categorizes alerts into one of three alert severity levels: critical, error, or warning. As discussed in Tuning Alert Thresholds for Datapoints, you can configure the various thresholds for a metric that, when crossed, will trigger a particular severity level. As discussed next, alert severities are intended to provide an indication of how serious an issue is and, therefore, how promptly it needs to be addressed.

Critical Alerts

A critical level alert should be a worst-case scenario - there is an issue that requires attention. They are designed to be reactive alerts, meaning someone should react to these alerts as soon as possible.

Error Alerts

An error level alert is less severe and should convey that something is wrong or isn't behaving normally, but there isn't necessarily a specific action that has to be taken. You should know about these scenarios, but they shouldn't have the same sense of urgency as a critical alert. Error alerts are designed to be more proactive than critical alerts, but you may want to know about them sooner and they may be treated more as reactive alerts depending on your use case.

Warning Alerts

A warning alert indicates that there is something you should be aware of, but it may not be causing a problem yet. Warning alerts are designed to usually be proactive alerts, meaning we're notifying you that there may be a future problem so that you can avoid the problem all together.

Reactive vs. Proactive Alerts

You probably don’t want to be notified every time a warning alert triggers. However, you likely do always want to be notified for critical alerts. In fact, if an alert is triggered because multiple drives in a RAID array are failing, taking volumes offline, you probably want an email, text, or voice alert sent to somebody who can resolve this issue.

Therefore, as best practice, we recommend that you route reactive alerts to people within your infrastructure who are capable of resolving the problem, and that you periodically review proactive alerts in LogicMonitor reports.

The reason that we recommend this, is that viewing proactive alerts, such as warnings, in alert reports, can greatly reduce the number of alerts you are being notified for. Reports can show you where your noise is coming from, and help you figure out if there are alerts that you actually do want to route to email or SMS messages. Additionally, some types of alerts tend to be more useful when viewed in a report format (rather than received in individual emails) because they can be reviewed next to other alerts from the same time-frame to detect network trends or even relationships between events. For an overview of the alert reports available, see Which report should I use?