Skip to content

Alert Definition Management

When you enter the Alert Definition screen, you’ll see a list of all your configured alerts along with their current status, type, and configuration details.

At the top, you can use the search bar to quickly find alerts by name. For example, typing latency returns all alerts with network latency or similar in the name.

Use Create Alert to select the alert type, write a query, define conditions, and set notification rules. You can also add labels, group by fields, and customize how and when alerts trigger, all in 1 streamlined form.

new alert screen with filters, search bar, and alert definition table

Filtering and searching alerts

In the sidebar, use the filters to narrow your view:

  • Alert Types: Filter alerts by their source or logic type. This helps you quickly find alerts based on the kind of data or evaluation logic they use. For example, Logs - Immediate, Logs - Ratio Threshold, Logs - Anomaly, Metric - Threshold, Tracing - Threshold, and Flow-based alerts.

  • Priority: Narrow alerts by severity, from P1 (highest urgency) to P5 (lowest). Set priorities when you create or edit an alert; they help teams triage and respond based on business impact.

Note

Filters also match multi priority alerts. For example, if an alert has both P1 and P5 in different conditions, filtering for P5 still shows it.

  • Labels: Use labels to group and filter alerts by tags. You add these when you define the alert (for example, team:frontend, env:prod) and they appear in the sidebar for quick filtering by team, environment, or service.

Understanding alert status

After you apply filters (or even without filters), the alert definitions table gives you a quick overview of all alerts. Each row shows useful metadata to help you monitor and manage alerts.

  • Status:
  • Alerting: One or more conditions currently trigger the alert.
  • OK: No condition permutations currently trigger the alert.
  • No Data: The alert entered a no-data state because the underlying query returned no results during evaluation, and the alert’s no-data handling tracks missing data as a distinct state. The No Data status depends on the alert’s no-data behavior setting in Advanced settings. You can configure alerts to transition to OK, Alerting, No Data, or to keep their last state when data is missing.
  • - (Dash): Status not yet supported for this alert type (e.g., Tracing, Dynamic, Unique, New Value).

Note

A dash (-) does not mean the alert isn’t working. It simply means status tracking for this type is not yet supported. This is planned for a future update.

How status works

The system usually evaluates alerts once per minute, though this might vary depending on the alert type and configuration.

When an alert transitions to OK, the system stops updating its timestamp unless the alert returns to Alerting. This reduces unnecessary back-end load.

Note

  • An alert marked as OK can still have active incidents in a Triggering state if you turn off Notify on Resolved. Close these manually.
  • Similarly, an alert marked Triggering might include downstream incidents that someone already resolved manually. This behavior is expected and intentional and allows flexibility in incident workflows.

Exploring alert definition fields

Each alert row in the table includes:

  • Name: Title of the alert definition. Select it to open and edit.
  • Type: Logic used to evaluate (for example, log threshold, anomaly, trace).
  • Last Triggered: Last time the alert fired.
  • Priority: Severity level (P1 to P5) for triage.
  • Labels: Tags for grouping or filtering.
  • Last Modified: Timestamp of the most recent edit.

These fields provide a complete operational snapshot for each alert in your environment.

Managing alert definitions

Hover over any alert in the table to reveal quick actions:

alert definition edit options

  • Snooze: Temporarily mute notifications without deleting the alert.
  • Duplicate: Create a copy for reuse with changes.
  • Edit: Open the full configuration screen to modify the alert’s settings, including thresholds, conditions, labels, and no-data handling behavior.
  • Delete: Permanently remove the alert.

These tools help teams manage alerts quickly without navigating away.

Once saved, your new alert appears in the table and begins evaluating. You’re now ready to monitor and respond to critical signals.

Note

New or updated alert definitions might take up to 15 minutes to become active.

Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.
Previous Introduction to Alerts
Next No-Data Handling for Alerts