Alert details

A generated alert primarily displays the following details:

Alert Details
Alert fieldDescription
IDRefers to a unique number to identify an alert or an tnference and is based on SeqID from the database. The number helps search an alert or inference. The ID field also contains the alert state that is represented in certain colors.
SubjectRefers to the summary content of the generated Alert. Content includes metrics that led to the alert.
Note: You can easily identify an OpsQ Bot recommended alert. The below icon is placed before such alert subject.
DescriptionRefers to a brief description of the entities that led to the alert generation. Users can find the origin of the alert and also identify crossed types of threshold of the applied metrics. Primarily, details may include metric, monitor description, device type, template name, group, site, service Level, and component.
SourceRefers to the platform or monitoring tools from where the alert is generated. For example, if an alert is triggered from Oracle, then the alert source is displayed as Oracle.
MetricRefers to the service name for which the thresholds are taken an account and alert is generated.
First Alert TimeRefers to the time when monitoring happens for the first time on a resource. An alert is generated to notify the user that resource is being monitored.
Last Alert TimeRefers to the recent alert generated time.
Elapsed TimeRefers to the recent alert generated time.Refers to the time elapsed since the alert first generated time.
Action/StatusRefers to the action and status of the alert. The result of an action is the change in status. For example, if you Acknowledge (action) an alert, the status of the alert changes to acknowledged.
Last Updated TimeRefers to the time when alert was recently updated
Device TypeRefers to the device type associated with an alert. For example, server, desktop, laptop.
ResourceRefers to the resource name on which the alert is generated.
Repeated AlertsRefers to the count of the repeated alerts generated on the resource with the same details.
ResourceRefers to the resource name on which the alert is generated.
PartnerRefers to the partner’s name to which the resource belongs.
Incident IDRefers to the associated incident unique ID with the alert. Alerts are associated to incidents by one of the following ways:
  • Manually creating an incident on the alert
  • Escalating alert policy
Entity TypeRefers to the category of the source which generates alert. Entities are classified into the following types:
  • Resource: Refers to all alerts originating from managed resources. For example, Monitoring resources (devices, VM, synthetics)
  • Service: Refers to service mapped to the resources. For example, Alerts generated when an authorization service is down.
  • Integration: Refers to alerts originated from monitoring the installed integrations. For example, all the alerts originating due to integration failures.
  • Client: Refers to alerts that are not generated due to monitoring but are representation of logical clustered alerts. For example, inference alerts (correlated/grouped alerts) or RCA alerts (events based on the resource dependency mapping).

Alert types

There are two types of alerts:

  • Forecast alerts
  • Change detection alerts

Forecast alerts

When a monitor triggers a forecast alert, the alert appears on the Alerts page.
The following example displays information about each forecast alert:

Forecast Alerts

Forecast Alerts

The details and updates on a forecast alert are displayed in the comments section:

Forecast Alert Details

Forecast Alert Details

Change detection alerts

Change detection helps monitor sudden changes in metric behavior, especially on those metrics with an indefinite threshold. Change detection parameters can be assigned to monitors/metrics to receive alerts when significant change is detected.

Change detection utilizes machine learning with a sliding window where change is calculated as soon as a new data point becomes available.

  • If significant change is detected continuously, an alert is appended to an existing alert.
  • If no change is detected after two hours, an alert will be automatically resolved.
  • A minimum of 4 hours of real-time data is required to process change detection.
  • When a monitor triggers a change detection alert, the alert appears on the Alerts page.

Examples of change detection alerts

A change detection alert is displayed on the Alerts page:

Sample Change Detection Alerts

Sample Change Detection Alerts

A change detection is summarized on the Alert Details page:

Detailed Information on Change Detection Alerts

Detailed Information on Change Detection Alerts

Alert actions

The following alert actions can be performed on an alert:

  • Acknowledge
  • Suppress
  • Incident
  • Close

The status of the alert changes according to the action performed:

  • If an alert is acknowledged, the status changes from open to acknowledged.
  • If an alert is suppressed, the status changes to suppressed.
  • If an incident is created for an alert, the alert status changes to ticketed.

Alert actions are available on either the Alerts Browser or the Alert Details page.

Alert actions

This is an example of alert actions on the Alerts Browser page:

Alert Actions on Alerts Browser

Alert Actions on Alerts Browser

The following screenshot shows how alert actions are displayed on the Details page:

Alert Actions on Alerts Details

Alert Actions on Alerts Details

Alert action descriptions

Alert Action Descriptions
ActionDescription
AcknowledgeWhen an alert is received you need to acknowledge it. Once the alert is acknowledged, a comment is displayed as Acknowledged along with the user name. Note: From the Incident unique ID drop-down menu, click Acknowledge. Once the incident is acknowledged, a tick mark appears below the Incident ID.
Create IncidentA ticket can be created for the generated alert, users can be assigned, and the priority can be set. Once an incident is created, the status of the alert changes to ticketed and the incident ID appears in the Action/Status column.
Attach And Update IncidentMap an alert to an existing ticket or update the ticket with the contents of the alert. This action is generally used to update the same ticket with related alerts.
Attach IncidentMap an alert to an existing ticket without updating the ticket with the alert contents.
SuppressSuppress the current alert and all duplicate alerts. Any new alert of the same type appears as a fresh alert and not as a duplicate alert. The status of the alert changes to Suppressed.
Snooze: The snooze setting suppresses alerts for a given time period. If a repeated alert triggers when the alert is in snoozed, the alerts repeat count increases and the snooze duration is reset based on the attributes of the repeated alert.
UnacknowledgeUndo the acknowledge action taken on an alert. For example, if a solution did not address a specific problem, unacknowledge the alert. The status of the alert changes to either open or ticketed as long as there is an incident ID associated with the alert.
UnsuppressUndo a suppress action taken on an alert. The status of the alert changes to either open or ticketed as long as there is an incident ID associated with the alert.
CloseClose an alert when an issue is solved and alert is resolved. The alert state changes to OK.

Alert status

The alert status provides the information on the current action taken on the alert.

The following table describes the status of alerts:

Alert Status
StatusDescription
OpenA generated alert is referred to as an open alert.
TicketedIf an incident is created for an alert, the alert status changes to ticketed.
AcknowledgedIf an alert is acknowledged, the alert status changes to acknowledged.
SuppressedIf an alert status is suppressed, the alert status changes to Suppressed .
CorrelatedIf an alert is correlated to an inference, the alert status appears as correlated.
ClosedIf an alert is closed, the alert status changes to closed.

Changes in alert status can be tracked under the comments section on the Alert Details page.

Track Actions on an Alert

Track Actions on an Alert

Alert filter attributes

Alert Filter Attributes
Attribute NameDescription
ClientView alerts of all clients or alerts related to the selected client.
Resource OriginAlerts originate from either OpsRamp or other sources. View alerts from one source or all sources.
SitesRefers to alerts specific to the site selected.
Resource GroupsRefers to groups of resources.
Resource TypeAlerts can be filtered on the type of a resource. If multiple resource types are selected from the list, only alerts relevant to the resources are listed. Note: A maximum of ten resource types can be selected from the list.
NameAlerts can be filtered on the name of the resource. If a resource is selected from the list, alerts relevant to those resources are listed.
SourceSelect a source (like one of the available integrations).
Entity TypeSelect the entitle type: Resource, Service, Client, or Integration.
Alert TypeFilter according to one of the alert types: Agent, Appliance, Change Detection, Forecast, Maintenance, Monitoring, Obsolete, Scheduled Maintenance.
MetricSelect a metric from the list to view relevant alerts.
PriorityAlerts can be filtered on the priority where P0 is the low priority and P5 is the highest priority. If a priority is selected from the list, only those alerts relevant to that priority type are listed.
Current StatusSupported values for current status are: All Status, Critical, Observed, Warning, Ok, and Info. To view list of alerts in Observed state, select the observed value.
ActionsView alerts related to an action available in the list: Acknowledged, Closed, Correlated, Open, Suppressed, or Ticketed.
DurationFilters alerts that are triggered within a specific duration. If duration is set to the last 7 days and the alert timestamp is set to created time, alerts created within the last seven days appear.
From DateRefers to the starting date of duration.
To DateRefers to the end date of duration.
Alert TimestampsRefers to the alerts related to a specific timestamp.
Event TypeRefers to the multiple available event types. Select one of the three options: Alerts, RCA, or Inference Type.
Special AttributeThe special availability attribute is used to filter availability alerts. Alerts are triggered when resources become unavailable.

Searching by unique ID

Search for an alert, incident, or event using the unique ID. After entering the unique ID, the related alerts are displayed as a search result.

For example:

  • If you enter the event ID, the browser returns the alert created or updated from the event.
  • If you enter an incident ID, the browser returns the alert attached to the incident.

To search for an entity:

  1. Click All Clients, select a client.
  2. Go to Alerts.
  3. Provide the ID in the Alert ID search field to fetch
    Similarly, for incidents and events, from the Alert ID drop-down menu, select either Incident ID or Event ID and provide the ID.
  4. Click the search icon.

Matching alert details are displayed.

Search for an alert or incident or event

Search for an alert or incident or event