When you enter the **Alert Definition** screen, you’ll see a list of all your configured alerts along with their current status, type, and configuration details. At the top, you can use the **search bar** to quickly find alerts by name. For example, typing `latency` returns all alerts with network latency or similar in the name. Use **Create Alert** to select the alert type, write a query, define conditions, and set notification rules. You can also add labels, group by fields, and customize how and when alerts trigger, all in 1 streamlined form. ## Filtering and searching alerts In the sidebar, use the **filters** to narrow your view: - **Alert Types**: Filter alerts by their source or logic type. This helps you quickly find alerts based on the kind of data or evaluation logic they use. For example, *Logs - Immediate*, *Logs - Ratio Threshold*, *Logs - Anomaly*, *Metric - Threshold*, *Tracing - Threshold*, and *Flow-based* alerts. - **Priority**: Narrow alerts by severity, from **P1** (highest urgency) to **P5** (lowest). Set priorities when you create or edit an alert; they help teams triage and respond based on business impact. Note Filters also match multi priority alerts. For example, if an alert has both **P1** and **P5** in different conditions, filtering for **P5** still shows it. - **Labels**: Use labels to group and filter alerts by tags. You add these when you define the alert (for example, `team:frontend`, `env:prod`) and they appear in the sidebar for quick filtering by team, environment, or service. ## Understanding alert status After you apply filters (or even without filters), the alert definitions table gives you a quick overview of all alerts. Each row shows useful metadata to help you monitor and manage alerts. - **Status**: - **Alerting**: One or more conditions currently trigger the alert. - **OK**: No condition permutations currently trigger the alert. - **No Data**: The alert entered a [no-data](https://coralogix.com/docs/user-guides/alerting/no-data/index.md) state because the underlying query returned no results during evaluation, and the alert’s no-data handling tracks missing data as a distinct state. The [No Data](https://coralogix.com/docs/user-guides/alerting/no-data/index.md) status depends on the alert’s no-data behavior setting in **Advanced settings**. You can configure alerts to transition to **OK**, **Alerting**, **No Data**, or to keep their last state when data is missing. - **- (Dash)**: Status not yet supported for this alert type (e.g., *Tracing*, *Dynamic*, *Unique*, *New Value*). Note A dash (`-`) does **not** mean the alert isn’t working. It simply means status tracking for this type is not yet supported. This is planned for a future update. ### How status works The system usually evaluates alerts once per minute, though this might vary depending on the alert type and configuration. When an alert transitions to **OK**, the system stops updating its timestamp unless the alert returns to **Alerting**. This reduces unnecessary back-end load. Note - An alert marked as **OK** can still have active [incidents](https://coralogix.com/docs/user-guides/alerting/incidents/index.md) in a **Triggering** state if you turn off **Notify on Resolved**. Close these manually. - Similarly, an alert marked **Triggering** might include downstream [incidents](https://coralogix.com/docs/user-guides/alerting/incidents/index.md) that someone already resolved manually. This behavior is expected and intentional and allows flexibility in incident workflows. ## Exploring alert definition fields Each alert row in the table includes: - **Bulk actions**: Select one or more alert definitions using the checkboxes to apply bulk actions. - **Snooze**: Temporarily silence notifications for the selected alerts. Choose a snooze duration of **30 minutes**, **1 hour**, **3 hours**, or **24 hours**. - **Delete**: Permanently remove the selected alert definitions. You can delete up to 100 alerts in a single bulk action. - **Status**: Shows the current evaluation state of the alert, such as **OK**, **Alerting**, **No Data**, or a dash (`–`) for alert types that do not support status tracking. - **Name**: Title of the alert definition. Select it to open and edit. - **Type**: Logic used to evaluate (for example, log threshold, anomaly, trace). - **Last Triggered**: Last time the alert fired. - **Priority**: Severity level (P1 to P5) for triage. - **Labels**: Tags for grouping or filtering. - **Last Modified**: Timestamp of the most recent edit. These fields provide a complete operational snapshot for each alert in your environment. ## Managing alert definitions Hover over any alert in the table to reveal quick actions: - **Snooze**: Temporarily mute notifications without deleting the alert. - **Duplicate**: Create a copy for reuse with changes. - **Edit**: Open the full configuration screen to modify the alert’s settings, including thresholds, conditions, labels, and [no-data](https://coralogix.com/docs/user-guides/alerting/no-data/index.md) handling behavior. - **Delete**: Permanently remove the alert. These tools help teams manage alerts quickly without navigating away. Once saved, your new alert appears in the table and begins evaluating. You’re now ready to monitor and respond to critical signals. Note New or updated alert definitions might take up to **15 minutes** to become active. ## Related resources [Configure alert definition](https://coralogix.com/docs/user-guides/alerting/configuring-alert-definition/) [Introduction to alerts](https://coralogix.com/docs/user-guides/alerting/introduction-to-alerts/) [Alert suppression rules](https://coralogix.com/docs/user-guides/alerting/alert-suppression-rules/) ## Next steps Configure how alerts behave when queries return no results in [No-data handling for alerts](https://coralogix.com/docs/user-guides/alerting/no-data/index.md).