Alert Definition Management
When you enter the Alert Definition screen, you’ll see a list of all your configured alerts along with their current status, type, and configuration details.
At the top, you can use the search bar to quickly find alerts by name. For example, typing latency
would return all alerts with network latency or similar in the name.
When you click Create Alert, you’ll be guided through selecting the alert type, writing a query, defining conditions, and setting notification rules. You can also add labels, group by fields, and customize how and when alerts are triggered—all in one streamlined form.
Filtering and searching alerts
On the left panel, use the filters to narrow your view:
Alert Types: Filter alerts by their source or logic type. This helps you quickly find alerts based on the kind of data or evaluation logic they use. For example, Logs – Immediate, Logs – Ratio Threshold, Logs – Anomaly, Metric – Threshold, Tracing – Threshold, and Flow-based alerts.
Priority: Narrow alerts by severity, from P1 (highest urgency) to P5 (lowest). Priorities are set when creating/editing an alert, helping teams triage and respond based on business impact.
Note
Filters will also match multi-priority alerts. For example, if an alert has both P1 and P5 in different conditions, filtering for P5 will still show it.
- Labels: Use labels to group and filter alerts by tags. These are added when defining the alert (e.g.,
team:frontend
,env:prod
) and appear in the sidebar for quick filtering by context like team, environment, or service.
Understanding alert status
Once filters are applied (or even without them), the alert definitions table gives you a quick overview of all alerts. Each row shows useful metadata to help you monitor and manage alerts.
- Status:
- Alerting: One or more conditions are currently triggered.
- OK: No condition permutations are currently triggered.
- No Data: The alert couldn’t be evaluated due to missing/unavailable data (often seen with newly created alerts).
- – (Dash): Status not yet supported for this alert type (e.g., Tracing, Dynamic, Unique, New Value).
Note
A dash (–
) does not mean the alert isn’t working. It simply means status tracking for this type is not yet supported. This will be added in a future update.
How status works
Alerts are usually evaluated once per minute, though this may vary depending on the alert type and configuration.
When an alert transitions to OK, the system stops updating its timestamp unless it becomes Alerting again. This reduces unnecessary backend load.
Note
- An alert marked as OK can still have active incidents in a Triggering state if Notify on Resolved is not enabled. These must be closed manually.
- Similarly, an alert marked Triggering may have downstream incidents already manually resolved. This is expected and intentional, allowing flexibility in incident workflows.
Exploring alert definition fields
Each alert row in the table includes:
- Name: Title of the alert definition. Click to open and edit.
- Type: Logic used to evaluate (e.g., log threshold, anomaly, trace).
- Last Triggered: Last time the alert fired.
- Priority: Severity level (P1–P5) for triage.
- Labels: Tags for grouping or filtering.
- Last Modified: Timestamp of the most recent edit.
These fields provide a complete operational snapshot for each alert in your environment.
Managing alert definitions
Hover over any alert in the table to reveal quick actions:
- Snooze: Temporarily mute notifications without deleting the alert.
- Duplicate: Create a copy for re-use with changes.
- Edit: Open full configuration to update alert logic or metadata.
- Delete: Permanently remove the alert.
These tools help teams manage alerts quickly without navigating away.
Once saved, your new alert appears in the table and begins evaluating. You’re now ready to monitor and respond to critical signals.
Note
New or updated alert definitions may take up to 15 minutes to become active.