Monitor incoming alerts

In the Alerts Console, you can review the status of alerts. For example, you can view and filter all active alerts by severity.

Before you begin

Role required: evt_mgmt_admin, evt_mgmt_operator, or evt_mgmt_user

You can learn about Event Management basics, including the Alerts Console, from the following video.

Procedure

Navigate to Event Management > Alert Console.
Column heading Description
Number Unique ID generated by Event Management to identify the alert.
Group An entry in this column indicates that the associated alert is a member of an alert group. Alerts that do not have an entry in this column are ungrouped alerts.
  • CMDB: CIs without historical data that were aggregated by Service Analytics based on CI relationships in the CMDB.
  • Manual: This alert is a member of an alert group that is formed when right-clicking an alert and setting it as secondary to the selected primary alert.
  • Secondary: This alert is a component of an alert group. The alert at the head of the group is known as the primary alert. When Correlated Alerts is selected, the secondary alerts that are under the primary alert do not display, making the Alerts Console less cluttered and easier to review.
  • Blank: This alert is an ungrouped alert. To make an ungrouped alert become a member of a group, right-click it and select in the topic Add to Groups. Select the alert and click Add Selected.
  • Automated: Aggregated automatically by Service Analytics. A virtual alert is added to the group as the primary alert of the group.
  • Rule: Alert group created as a result of a user configured correlation rule.
Severity The severity of the event. The value for this field is copied from the event unless the event closes the alert, in which case the previous severity is retained for reporting.
  • Critical: Immediate action is required. The resource is either not functional or critical problems are imminent.
  • Major: Major functionality is severely impaired or performance has degraded.
  • Minor: Partial, non-critical loss of functionality or performance degradation occurred.
  • Warning: Attention is required, even though the resource is still functional.
  • Info: An alert is created. The resource is still functional.
  • Clear: No action is required. An alert is not created from this event. Existing alerts are closed.
Source Event monitoring software that generated the event, for example, SolarWinds or SCOM. Optionally, you can enter a description, for example, Group Alert. This field has a maximum length of 100.
Description The alert description.
Node Node name, fully qualified domain name (FQDN), IP address, or MAC address that is associated with the event, such as IBM-ASSET. This field has a maximum length of 100.
Configuration item JSON string that represents a configuration item. For example, {"name":"SAP ORA01","type":"Oracle"}. The CI identifier that generated the event appears in the Additional information field. This field has a maximum length of 1000.
Metric Name Unique name that describes which metrics are collected and for which this alert has been created.
Maintenance Shows whether the resource affected by the alert is in maintenance, Valid values are true or false.
Task The corresponding task for the alert, such as an incident, change, or problem.
Parent Reference to a parent alert.
Impacted Services Indicates the number of business services affected by this alert group. For example, an alert with a severity status of Major, might affect eight business services. Whereas, an alert with a severity status of Critical, might affect one business service.
Initial event generation time Time that the initial event occurred in the remote system.

What to do next

If ITOM Metric Management is activated, you can right-click an alert and click View Metrics to open the integrated Metrics Explorer and Dependency Views map for the CI that is associated with the alert.