Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store

Monitor incoming alerts

Log in to subscribe to topics and get notified when content changes.

Monitor incoming alerts

In the Alerts Console, you can review the status of alerts. For example, you can view and filter all active alerts by severity.

Before you begin

Role required: evt_mgmt_admin, evt_mgmt_operator, or evt_mgmt_user

You can learn about Event Management basics, including the Alerts Console, from the following video.


Navigate to Event Management > Alert Console.
Column heading Description
Number Unique ID generated by Event Management to identify the alert.
Group An entry in this column indicates that the associated alert is a member of a correlated alert group. Alerts that do not have an entry in this column are ungrouped alerts.
  • CMDB: CIs without historical data that were correlated by Service Analytics based on CI relationships in the CMDB.
  • Manual: This is a correlated alert group that is formed when right-clicking an alert and setting it as secondary to the selected primary alert.
  • Secondary: This alert is a component of a correlated alert group. The alert at the head of the group is a known as the primary alert. When Correlated Alerts is selected, the secondary alerts that are under the primary alert do not display, making the Alerts Console less cluttered and easier to review.
  • Blank: This is an ungrouped alert. To make an ungrouped alert become a member of a group, right-click it and select in the topic Add to Groups. Select the alert and click Add Selected.
  • Automated: Correlated automatically by Service Analytics. A virtual alert is added to the group as the primary alert of the group.
  • Rule: Alert group created as a result of a user configured correlation rule.
Severity The severity of the event. The value for this field is copied from the event unless the event closes the alert, in which case the previous severity is retained for reporting.
  • Critical: Immediate action is required. The resource is either not functional or critical problems are imminent.
  • Major: Major functionality is severely impaired or performance has degraded.
  • Minor: Partial, non-critical loss of functionality or performance degradation occurred.
  • Warning: Attention is required, even though the resource is still functional.
  • Info: An alert is created. The resource is still functional.
  • Clear: No action is required. An alert is not created from this event. Existing alerts are closed.
Description The alert description.
Source Event monitoring software that generated the event, for example, SolarWinds or SCOM. Optionaly, you can enter a description, for example, Group Alert. This field has a maximum length of 100.
Configuration item JSON string that represents a configuration item. For example, {"name":"SAP ORA01","type":"Oracle"}. The CI identifier that generated the event appears in the Additional information field. This field has a maximum length of 1000.
Node Node name, fully qualified domain name (FQDN), IP address, or MAC address that is associated with the event, such as IBM-ASSET. This field has a maximum length of 100.
Task The corresponding task for the alert, such as an incident, change, or problem.
Impacted Services Indicates the number of business services affected by this alert group. For example, an alert with a severity status of Major, might affect eight business services. Whereas, an alert with a severity status of Critical, might affect one business service.
Last remote time Date and time of the flow of information from the external source device.

What to do next

If ITOM Metric Management is activated, you can right-click an alert and click View Metrics to open the integrated Metrics Explorer and Dependency Views map for the CI that is associated with the alert.