Alert details

The Alert details side panel is accessed in the Alert Viewer. From here, you can quickly clear alerts or access additional information about the alert properties.

Procedure

  1. Click the navigation icon at the upper-left corner of the screen to go to the main navigation menu.

  2. For the complete list of Cloud Pak for AIOps alerts, click Operate > Alerts.

    For the alerts associated to a specific incident, click Operate > Incidents > Incident Title > Alerts.

    Incident alerts
    Figure. Incident alerts

  3. Double click an alert in the table to display the Alert details side panel for that alert. The Information section is open by default in the side panel.

    Tip: To clear the selected alert, scroll to the end of the side panel and click Clear alert and then click Clear to confirm.

    To display Alert details in a new window, click the pop-up icon Pop-up in the side panel.

    Alert side panel
    Figure. Alert side panel

Depending on the alert selected, Alert details can contain the following sections:

  • Information
  • Activity
  • Incidents
  • Anomaly insights
  • Runbooks
  • Topology
  • Log anomaly
  • Metric anomaly
  • Recommended actions
  • Correlation information

Information

Under Information, alert properties can be viewed in two different formats:

  • Tabular

    Alert properties are displayed in a table format of Property - Value pairs.

  • Raw

    Raw data in a JSON format. Click Copy Copy to copy the alert data to the clipboard.

Alert information
Figure. Alert information

Activity

A timeline of major events that have occurred in the lifecycle of an alert. The following events are logged to the Activity timeline:

  • When an alert is created
  • Alert is assigned to new owner or team
  • Alert is acknowledged/de-acknowledged
  • Alert is suppressed/de-suppressed
  • Alert state changes (open or clear)
  • Alert severity changes
  • User added comment

To add a comment to an alert at any time, type a comment in the field that is provided and click + Add comment. A maximum of 250 characters are supported. The comment is stored in the timeline in chronological order with the other entries.

Alert activity
Figure. Alert activity

Incidents

If you are viewing an incident's alert list, the Alert details side panel displays a link to the Incident overview. You can also see the incident's priority, status, and the number of alerts in the incident.

Anomaly insights

In the Alerts table, if you select an alert that contains anomaly insights, the Alert details panel contains an Anomaly insights section. This section shows Property, which is the Key Performance Indicator (KPI) type, and Value, which is the name, for each anomaly insight. Use this information to understand the anomaly and why an alert was generated. You can also use this information to create a policy. For example, you can suppress the alert or associate it with a runbook. For more information, see Supported Anomaly insights properties.

Runbooks

The following information is displayed for each runbook in Alert details:

  • Status

    Successfully executed, Failed, Cancelled, In progress, or Completed.

  • Success rate

    The success rate is calculated by using the number of successful and unsuccessful executions of the runbook.

  • Average rating

    Operations analysts can provide feedback about the quality of a runbook including a rating, which is displayed here (five stars is the top rating).

  • Type

    Indicates the Runbook type: Manual or Automated.

  • Policy

    Shows the Cloud Pak for AIOps policy that assigned the runbook to the selected alert. Click the policy name to locate that policy on the Policies UI.

Click the menu overflow icon (the three dots) and click Preview to view the runbook or click Run to re-run the runbook.

Runbooks
Figure. Runbooks

Topology

If the resource on which an alert occurred can be located in the network topology system, you can collapse the Information section in the side panel to view the Topology section. For more information, see Displaying alert topology.

Alert topology
Figure. Alert topology

Log anomaly

When you select a log anomaly alert in the table, the Alert details panel contains a Log anomaly details section. For more information, see Log anomaly alerts.

Domain-specific log anomaly alert details

Select a domain-specific log anomaly alert, such as one pertaining to IBM MQ or WebSphere, in the Alerts table. The Alert details panel contains a Log anomaly details section with the following information:

Table. Alert detail explanation
Detail Explanation
Message code Every domain-specific log includes a message code, and message codes are summarized in an alert. This message code is the most significant domain-specific message code for the current alert.
Short explanation The title of the log anomaly is based on the message code.
Detailed explanation The description of the log anomaly is based on the message code.
Category and Subcategory The log anomaly is assigned to a category and subcategory based on the message code.
Message codes and frequencies A log anomaly alert consists of multiple logs, and each log has a message code. The frequency shows how often a certain message code appears in the logs that make up the log anomaly alert.

Metric anomaly

Default alert expectations are calculated by the Metric Manager based on the input data. If an anomalous alert rate is detected that is either higher or lower than expected, an alert is raised and displayed as a Metric anomaly in the Alerts table. When a metric anomaly alert is selected in the table, the Alert details panel contains a Metric anomaly details section and depicts the expected values against the actual values. For more information, see Metric anomaly details.

Correlation information

If you are viewing an incident's alert list, and the selected alert is part of an alert group, the Alert details side panel displays information about the underlying temporal, topological, or scope-based groups.

  • Scope-based grouping

    The scope-based grouping section contains the following information:

    • These alerts are found to share a cause as they all occurred within the same scope and period of time. The scope defines the properties that alerts must share in order to be grouped. It can be set in a scope-based grouping policy or by the scope-based grouping AI algorithm.
    • Scope-based policy associated to this alert. Click the link to go directly to the associated policy in the Policies UI.

  • Topological grouping

    The topological grouping section contains the following information:

    • Name of the resource defined in the topology management service, on which this topology group is based.
    • Pane showing the resources in the topology on which this topology group is based. Click the resource to displays the relationship between that resource and neighboring resources. Right-click the resource to display the context menu.

  • Temporal correlation

    The temporal correlation section contains the following information:

    • Date and time of first instance of this group.
    • Total number of historical instances of this group. For details of when these instances occurred and how many alerts occurred in each instance, see the Group instance heatmap.
    • Average time in seconds that this group instance lasted.
    • Time-based heatmap showing recent historical period in days with a gray square for each day. Each darker square indicates a day on which there was at least one group instance. Hover over the square to see details of this group instance.