Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Monitor incoming alerts

Log in to subscribe to topics and get notified when content changes.

Monitor incoming alerts

You can monitor incoming alerts in Alert Intelligence in Workspace. You can also monitor alerts in the Alerts Console.

Before you begin

You can learn about Event Management basics, including the Alerts Console, from the following video.

Role required: evt_mgmt_admin, evt_mgmt_operator, or evt_mgmt_user


  1. Navigate to Event Management > Alert Intelligence Alert Intelligence.
  2. You can also navigate to Event Management > Alert Console.
    Table 1. Alert Console column headings
    Column heading Description
    Number Unique ID generated by Event Management to identify the alert.
    Group An entry in this column indicates that the associated alert is a member of an alert group. Alerts that do not have an entry in this column are ungrouped alerts.
    • CMDB: CIs without historical data that were aggregated by alert aggregation and RCA based on CI relationships in the CMDB.
    • Manual: This alert is a member of an alert group that is formed when right-clicking an alert and setting it as secondary to the selected primary alert.
    • Secondary: This alert is a component of an alert group. The alert at the head of the group is known as the primary alert. When Correlated Alerts is selected, the secondary alerts that are under the primary alert do not display, making the Alerts Console less cluttered and easier to review.
    • Blank: This alert is an ungrouped alert. To make an ungrouped alert become a member of a group, right-click it and select in the topic Add to Groups. Select the alert and click Add Selected.
    • Automated: Aggregated automatically by alert aggregation and RCA. A virtual alert is added to the group as the primary alert of the group.
    • Rule: Alert group created as a result of a user configured correlation rule.
    Severity The severity of the event. The value for this field is copied from the event unless the event closes the alert, in which case the previous severity is retained for reporting.
    • Critical: Immediate action is required. The resource is either not functional or critical problems are imminent.
    • Major: Major functionality is severely impaired or performance has degraded.
    • Minor: Partial, non-critical loss of functionality or performance degradation occurred.
    • Warning: Attention is required, even though the resource is still functional.
    • Info: An alert is created. The resource is still functional.
    • Clear: No action is required. An alert is not created from this event. Existing alerts are closed.
    Priority group Indicates which alerts should be attended to first. Priority is calculated for each open alert and then mapped into one of four priority categories.
    Priority Value providing a guide as to the priority of the alert, based on a number of accumulated categories. For example, alert state and business criticality.
    Source Event monitoring software that generated the event, for example, SolarWinds or SCOM. Optionally, you can enter a description, for example, Group Alert. This field has a maximum length of 100.
    Description The alert description.
    Node Node name, fully qualified domain name (FQDN), IP address, or MAC address that is associated with the event, such as IBM-ASSET. This field has a maximum length of 100.
    Configuration item JSON string that represents a configuration item. For example, {"name":"SAP ORA01","type":"Oracle"}. The CI identifier that generated the event appears in the Additional information field. This field has a maximum length of 1000. Click Dependency view icon to open the alert in dependency view.
    Impacted Services Indicates the number of business services affected by this alert group. For example, an alert with a severity status of Major, might affect eight business services. Whereas, an alert with a severity status of Critical, might affect one business service.
    Metric Name Unique name that describes which metrics are collected and for which this alert has been created.
    Maintenance Shows whether the resource affected by the alert is in maintenance, Valid values are true or false.
    Task The corresponding task for the alert, such as an incident, change, or problem.
    Parent Reference to a parent alert.
    Initial event generation time Time that the initial event occurred in the remote system.

What to do next

If Operational Intelligence is activated, you can right-click an alert and click View Metrics to open the integrated Insights Explorer and Dependency Views map for the CI that is associated with the alert.