An alert signals that a policy’s conditions are being violated. They are activated by an initializing event and contain all subsequent events violating the policy in an uninterrupted duration of time.

Relationship with Events

An event is the evidence of a policy violation.

Every 5 minutes, a data point (PT5M) is created and analyzed for each metric on each element. Most data points happen within the acceptable range of expected behavior. The initial point that violates the policy begins an alert; all data points in violation of a policy are referred to as events.

An alert lasting 20 minutes with 4 events:

X – X – X – X – X – X

Let’s imagine the above is a series of data points for a particular metric being monitored on your policy. The Xs in green are within compliance of our configured policy settings. The bold red X is the first data point in violation of your policy (an event) and also marks the beginning of an alert. The subsequent pink Xs are separate events, but part of the same alert.

Examining Events

Events can be examined on the Events menu. They are ordered by time but also filterable by the alerts they are part of. Using the Events Graph, you may also select a time frame to inspect.

Top Violators

The Top Violators Report displays a list of elements in your environment that have triggered the most events within a specified time frame. This report provides the same type of data as the Event menu, but the data is grouped instead by element.

How to View Alerts

To view Alerts, click Alerts > Open or Alerts > Closed.

How to Access Alerts

Did you know? You can switch to Dark theme from Account Profile > Theme.

Types of Alerts

Policies (a set of alerting conditions) fall into three categories:

  • Open: Policy is firing
  • Closed: Policy has fired
  • No Status: Policy has not fired (green)

Open alerts are not tied to time controls because they are happening in the moment. Closed alerts are tied to time controls. This feature shows any policy that fired during your selected time range.

Alerts Determine if Notifications are Sent

When configured, notifications are external messages sent to other sources like email or an incident management solution. Notifications can be sent when a policy is open and alerting.

If we use the earlier example of a 20 minute alert containing 4 events on a policy with a configured duration of 15 minutes, the initial notification would not go out until the third event. Additional notifications can be sent periodically while the alert is still active and also when the alert is cleared (meaning the policy has closed).

Configuring Notifications for Alerts and Open Policies

capterra

Join other DevOps who love Metricly!

Sign up for a free, fully featured, 21-day trial. No credit card required!