Alert Records
Last updated - 24 July, 2025
An alert is created when the Create Alert action runs in response to an automatic rule firing. The Create Alert action creates a new alert record and copies the event fields from the triggering record to the alert.
Alert Record Format
The alert field definitions are described in the following:
| Column | Description |
| _id | The ID of the database record. |
| CI | The configuration item for which the event is being reported for example a server or router hostname. |
| Description | A short summary of the alert. |
| Details | A verbose summary of the event. |
| Name | The name of the event reported, for example, Low Disk Space or High CPU Utilization. |
| Source | The monitoring/management tool, application, log or API from which the event was generated. |
| Tenant ID | LM Tenant Identifier |
| #Events | Number of deduplicated events |
| Escalation | The state represents the lifecycle of an alert record from new to closed. |
| Timestamp | Timestamp of the event that created the alert. |
| First Timestamp | Earliest event within the deduplicated events. |
| Insight Key List | A list of correlated insights the alert belongs to. |
| Last Event Timestamp | Latest event within the deduplicated events. |
| Permanent URL | URL to the alert ID |
| Severity | The severity of the recent event. |
| Highest Severity | The highest severity event contained within the alert’s deduplicated event set. |
| Lowest Severity | The lowest severity event contained within the alert’s deduplicated event set. |
| State | The state of the alert such as active or cleared. |
| Assigned To | Name of the assignee for the alert |
| Rule Name | Name of the rule that was applied to the alert generation |
| Incident Id | Incident ID |
| Incident Priority | Incident priority |
| Incident Url | Link to the incident |
| Pipeline Timestamp | Internal data |
| Alert Created | Internal data |
| Updated Timestamp | Internal data |
| Actioned By | Internal data |
| Rule Key | Internal data |
| Rule Value | Internal data |
| Organisation ID | Internal data |
| Receiver Id | Internal data |
| Receiver Timestamp | Internal data |
| Original Key | Internal data |
| Updated Timestamp | Internal data |
| Version | Internal data |
| Source Record | Internal data |
| Agent ID | Internal data |
| Agent CI | Internal data |
| Agent IP | Internal data |
| Agent Timestamp | Internal data |
| CreatedTimestamp | Internal data |
