alerts.history
Note
The alerts.history dataset is generated only for alerts processed through Notification Center. Customers must use Notification Center to have read and write access to this dataset.
Purpose
The alerts.history dataset serves to track the complete history of alert events. It records the lifecycle of alerts, including when they are triggered, their status, priority, and other related metadata. This dataset is vital for monitoring, auditing, and analyzing alert patterns across your environment. It enables users to track alert activity over time, review historical alerts, and ensure that alerts are being managed effectively.
Schema description
| Full JSON path | Field data type | Description |
|---|---|---|
type | String | Declares the root schema is an object. |
cxTemplatedPaths | Array/String | List of paths to fields that should be treated as template-enabled strings. |
properties.alertDef.$ref | String | References the schema definition for the alertDef field. |
properties.alert.$ref | String | References the schema definition for the alert field. |
definitions.AlertDef.type | String | Declares that AlertDef is an object. |
definitions.AlertDef.properties.name.type | String | Name of the alert definition. |
definitions.AlertDef.properties.description.type | String | Textual description of what the alert detects or notifies. |
definitions.AlertDef.properties.entityLabels.type | String | Object that defines additional labels or dimensions associated with the alert. |
definitions.AlertDef.properties.entityLabels.additionalProperties.type | String | Each label under entityLabels must be a string value. |
definitions.AlertDef.properties.incidentSettings.type | String | Settings that control incident generation and notification behavior. |
definitions.AlertDef.properties.incidentSettings.properties.retriggeringPeriod.type | String | Object defining how frequently the alert can re-trigger. |
definitions.AlertDef.properties.incidentSettings.properties.retriggeringPeriod.properties.minutes.type | String | Duration in minutes before the alert can be triggered again. |
definitions.AlertDef.properties.incidentSettings.properties.notifyOn.type | String | Defines when notifications should be sent (e.g., "Triggered"). |
definitions.AlertDef.properties.typeDefinition.type | String | Specifies the object holding the alert condition definition. |
definitions.AlertDef.properties.typeDefinition.oneOf | Array/Object | Alert condition must match exactly one of the specified definitions. |
definitions.AlertDef.properties.typeDefinition.oneOf[].$ref | String | References a specific alert condition type. |
definitions.AlertDef.properties.typeDefinition.discriminator.propertyName | String | "$type" |
definitions.AlertDef.properties.type.type | String | Alert type identifier (e.g., "metricThreshold"). |
definitions.AlertDef.properties.priority.type | String | Priority level of the alert (e.g., "P1", "P2"). |
definitions.AlertDef.properties.groupByKeys.type | String | Keys used to group matching events for correlation. |
definitions.AlertDef.properties.groupByKeys.items.type | Array/String | Allowed types for each group-by key. |
definitions.AlertDef.properties.createdTime.type | String | Timestamp (in ns since epoch) when the alert definition was created. |
definitions.AlertDef.properties.updatedTime.type | String | Timestamp (in ns since epoch) when the alert definition was last modified. |
definitions.AlertDef.properties.id.type | String | Unique identifier of the alert definition. |
definitions.AlertDef.properties.id.format | String | Indicates the format of id should be a UUID. |
definitions.AlertDef.properties.alertVersionId.type | String | Specifies the type of the alertVersionId field. |
definitions.AlertDef.properties.alertVersionId.format | String | Declares the format of alertVersionId as a UUID. |
definitions.DefinitionLogImmediate.type | String | Indicates that DefinitionLogImmediate is an object definition. |
definitions.DefinitionLogImmediate.cxEntitySubTypes | Array/String | Lists subtypes this alert definition supports for classification. |
definitions.DefinitionLogImmediate.properties.logsImmediate.type | String | Declares the root of the logs immediate alert condition. |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.notificationPayloadFilter.type | String | Array of string filters used to customize notification payloads. |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.notificationPayloadFilter.items.type | String | Each item in notificationPayloadFilter must be a string. |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.applicationName.type | String | Application name filter for logs; supports operator and value. |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.applicationName.items.type | String | Each filter entry for applicationName is an object with value and operation. |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.applicationName.items.properties.value.type | String | The value to match in the applicationName filter. |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.applicationName.items.properties.operation.type | String | Operator used for matching (e.g., equals, contains). |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.subsystemName.type | String | Subsystem name filter for log matching. |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.subsystemName.items.type | String | Each filter entry is an object with value and operation. |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.subsystemName.items.properties.value.type | String | The value to match for the subsystemName field. |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.subsystemName.items.properties.operation.type | String | Matching operation for subsystemName (e.g., equals, regex). |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.severities.type | String | List of severities to match (e.g., Info, Warning, Error). |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.severities.items.type | String | Each severity value must be a string. |
definitions.DefinitionLogImmediate.properties.logsImmediate.properties.luceneQuery.type | String | Raw Lucene query string to filter logs for this alert. |
definitions.DefinitionLogImmediate.properties.$type.type | String | Required discriminator for alert definition type. |
definitions.DefinitionLogImmediate.properties.$type.enum | Array/String | Enum indicating allowed alert type value for this schema. |
definitions.DefinitionLogImmediate.required | Array/String | Declares $type as a required property. |
definitions.DefinitionLogThreshold.type | String | Declares the root type for threshold-based log alert definition. |
definitions.DefinitionLogThreshold.cxEntitySubTypes | Array/String | Subtypes of log threshold alerts handled by this schema. |
definitions.DefinitionLogThreshold.properties.logsThreshold.type | String | Main object for threshold alert settings. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.undetectedValuesManagement.type | String | Manages behavior for missing or undetected values. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.undetectedValuesManagement.properties.triggerUndetectedValues.type | String | "boolean" |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.undetectedValuesManagement.properties.autoRetireTimeframe.type | String | Time period after which undetected values are auto-retired. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.rules.type | String | List of threshold rules to evaluate. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.rules.items.type | String | Each rule is an object describing a condition and possible override. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.rules.items.properties.condition.type | String | Defines the threshold matching logic. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.rules.items.properties.condition.properties.threshold.type | String | The numeric threshold value for triggering the alert. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.rules.items.properties.condition.properties.timeWindow.type | String | Time window over which to evaluate the condition. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.rules.items.properties.condition.properties.timeWindow.properties.logsTimeWindowSpecificValue.type | String | A specific label for the time window (e.g., "5m", "10m"). |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.rules.items.properties.condition.properties.conditionType.type | String | Type of condition (e.g., greater_than, less_than). |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.rules.items.properties.override.type | String | Optional override properties to apply when rule matches. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.rules.items.properties.override.properties.priority.type | String | Priority override when this rule is matched. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.notificationPayloadFilter.type | String | Filters for customizing the alert notification payload. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.notificationPayloadFilter.items.type | String | Each payload filter is a string key. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.applicationName.type | String | Filter by application name, supports operators. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.applicationName.items.type | String | Each filter entry includes value and operation. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.applicationName.items.properties.value.type | String | The string value to match against the applicationName field. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.applicationName.items.properties.operation.type | String | The operator for the application name match (e.g., equals, contains). |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.subsystemName.type | String | Filter array for subsystemName in logs. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.subsystemName.items.type | String | Each entry specifies a value/operator pair for matching. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.subsystemName.items.properties.value.type | String | The subsystem name value to match. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.subsystemName.items.properties.operation.type | String | The operation to use for matching the subsystem name. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.severities.type | String | Array of log severity levels to match. |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.severities.items.type | String | Each severity must be a string (e.g., "Error"). |
definitions.DefinitionLogThreshold.properties.logsThreshold.properties.luceneQuery.type | String | A Lucene query string for filtering log events. |
definitions.DefinitionLogThreshold.properties.$type.type | String | The type discriminator for the threshold alert definition. |
definitions.DefinitionLogThreshold.properties.$type.enum | Array/String | Enum constraint for $type value. |
definitions.DefinitionLogThreshold.required | Array/String | Declares $type as a required field. |
definitions.DefinitionMetricThreshold.type | String | Root object for metric threshold-based alert definitions. |
definitions.DefinitionMetricThreshold.cxEntitySubTypes | Array/String | Entity subtypes covered by this definition (resolved/triggered states). |
definitions.DefinitionMetricThreshold.properties.$type.const | String | Constant value to identify this alert definition type. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.type | String | Defines the core logic for the metric threshold alert. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.promql.type | String | A PromQL query string used to extract the metric data. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.rules.type | String | Array of condition rules for threshold evaluation. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.rules.items.type | String | Each rule defines conditions and optional overrides. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.rules.items.properties.condition.type | String | The condition logic for triggering the rule. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.rules.items.properties.condition.properties.threshold.type | Array/String | Numeric threshold value; nullable for some conditions. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.rules.items.properties.condition.properties.forOverPct.type | Array/String | Percentage of time condition must be true to trigger. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.rules.items.properties.condition.properties.ofTheLast.type | String | Time window specification object. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.rules.items.properties.condition.properties.ofTheLast.properties.metricTimeWindowSpecificValue.type | String | Time window label (e.g., "5m", "1h"). |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.rules.items.properties.condition.properties.conditionType.type | String | The type of metric condition (e.g., greater_than). |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.rules.items.properties.override.type | String | Optional rule-level overrides (e.g., priority). |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.rules.items.properties.override.properties.priority.type | String | Override the default alert priority when this rule matches. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.missingValues.type | String | Controls behavior when metric values are missing. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.missingValues.properties.replaceWithZero.type | String | Whether missing values should be treated as 0. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.missingValues.properties.minNonNullValuesPct.type | Array/String | Minimum percent of non-null values required for evaluation. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.missingValues.properties.minNonNullValuesPct.default | Number | Default threshold for minimum non-null value percent. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.undetectedValuesManagement.type | String | Handles how undetected values are managed over time. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.undetectedValuesManagement.properties.triggerUndetectedValues.type | String | Whether to trigger alert when expected data becomes undetected. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.undetectedValuesManagement.properties.triggerUndetectedValues.default | String | Default setting for triggering on undetected values. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.undetectedValuesManagement.properties.autoRetireTimeframe.type | String | Time duration before automatically retiring undetected metrics. |
definitions.DefinitionMetricThreshold.properties.metricThreshold.properties.undetectedValuesManagement.properties.autoRetireTimeframe.default | String | Default setting for auto-retire timeframe (never retire). |
definitions.DefinitionSloThreshold.type | String | Root definition for Service Level Objective (SLO) thresholds. |
definitions.DefinitionSloThreshold.cxEntitySubTypes | Array/String | Subtypes for SLO-based alerting using burn rate evaluation. |
definitions.DefinitionSloThreshold.properties.$type.const | String | Type discriminator for SLO threshold definitions. |
definitions.DefinitionSloThreshold.properties.sloThreshold.type | String | Root schema for an SLO-based threshold alert definition. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.sloDefinition.type | String | Embedded SLO metadata used for alert evaluation. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.sloDefinition.properties.sloId.type | String | Unique identifier of the SLO associated with this alert. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.sloDefinition.properties.name.type | String | Human-readable name of the SLO. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.sloDefinition.properties.window.type | String | Time window over which the SLO is calculated. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.sloDefinition.required | Array/String | Required fields for a valid SLO definition. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.rules.type | String | Array of rule objects defining alert conditions. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.rules.items.type | String | A single rule object containing logic for triggering. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.rules.items.properties.condition.type | String | Defines the threshold condition to be evaluated. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.rules.items.properties.condition.properties.threshold.type | String | Numeric threshold that triggers the alert. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.rules.items.properties.override.type | String | Optional overrides for rule behavior. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.rules.items.properties.override.properties.priority.type | Array/String | Override priority level when rule triggers. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.details.type | String | Additional metadata used for UI and display. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.details.properties.timeWindow.type | String | Long-duration SLO time window configuration. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.details.properties.timeWindow.properties.duration.type | String | Duration of the main time window, in hours. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.details.properties.timeWindow.properties.unit.type | String | Time unit used (e.g., "hours"). |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.details.properties.timeWindow.properties.unit.enum | Array/String | Allowed unit values for the time window. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.details.properties.timeWindow.cxEntitySubTypes | Array/String | SLO threshold alert subtypes supported by this window. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.details.properties.shortTimeWindow.type | String | Short-duration time window for high-burn detection. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.details.properties.shortTimeWindow.properties.duration.type | String | Duration of the short window, in minutes. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.details.properties.shortTimeWindow.properties.unit.type | String | Time unit for the short window (e.g., "minutes"). |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.details.properties.shortTimeWindow.properties.unit.enum | Array/String | Allowed enum values for the short window unit. |
definitions.DefinitionSloThreshold.properties.sloThreshold.properties.details.properties.shortTimeWindow.cxEntitySubTypes | Array/String | ["sloThresholdDualBurnRateResolved", "sloThresholdDualBurnRateTriggered"] |
definitions.Alert.type | String | Object schema representing a triggered alert instance. |
definitions.Alert.properties.timestamp.type | String | Epoch nanoseconds when the alert was triggered. |
definitions.Alert.properties.id.type | String | Unique identifier for the alert instance. |
definitions.Alert.properties.id.format | String | Indicates UUID format for the alert ID. |
definitions.Alert.properties.status.type | String | Current status of the alert (e.g., Triggered, Resolved). |
definitions.Alert.properties.groupingKey.type | String | Key used to deduplicate and group alerts. |
definitions.Alert.properties.highestPriority.type | String | Highest severity priority across all alert groups. |
definitions.Alert.properties.alertDataUrl.type | String | Link to the alert's dashboard view. |
definitions.Alert.properties.statusBreakdown.type | String | Summary of alert group status counts. |
definitions.Alert.properties.statusBreakdown.description | String | "As the number of groups can be large, we only include a limited number of groups here..." |
definitions.Alert.properties.statusBreakdown.properties.totalGroupCount.type | String | Count of all groups regardless of alert status. |
definitions.Alert.properties.statusBreakdown.properties.totalGroupCount.description | String | "The total number of groups in the alert, no matter the status." |
definitions.Alert.properties.statusBreakdown.properties.totalTriggeredGroupCount.type | String | Count of groups still in a triggered state. |
definitions.Alert.properties.statusBreakdown.properties.totalTriggeredGroupCount.description | String | "The total number of groups that have not been resolved yet." |
definitions.Alert.properties.statusBreakdown.properties.totalResolvedGroupCount.type | String | Count of groups that are resolved. |
definitions.Alert.properties.statusBreakdown.properties.totalResolvedGroupCount.description | String | "The total number of groups that have been resolved." |
definitions.Alert.properties.statusBreakdown.required | Array/String | Required keys in the statusBreakdown object. |
definitions.Alert.properties.groups.type | String | Array of alert group objects. |
definitions.Alert.properties.groups.items.$ref | String | "#/definitions/Group" |
definitions.Group.type | String | Schema definition for a group within an alert. |
definitions.Group.properties.status.type | String | The alert status of this specific group. |
definitions.Group.properties.priority.type | String | The assigned alert priority level. |
definitions.Group.properties.keyValues.type | String | Key-value metadata for this alert group (e.g., labels). |
definitions.Group.properties.keyValues.additionalProperties.type | String | Each key-value pair must be a string. |
definitions.Group.properties.details.type | String | Alert-specific rule match details. |
definitions.Group.properties.details.oneOf | Array/Object | Supports polymorphic schema resolution for group details. |
definitions.Group.properties.details.oneOf[].$ref | String | "#/definitions/DetailsLogImmediate" |
definitions.Group.properties.details.discriminator.propertyName | String | "$type" |
definitions.Log.type | Array/String | ["object", "null"] |
definitions.Log.properties.dollarM.type | String | Metadata associated with the log entry. |
definitions.Log.properties.dollarM.properties.timestamp.type | String | Time the log event occurred. |
definitions.Log.properties.dollarM.properties.timestamp.format | String | Format of the timestamp, in ISO 8601. |
definitions.Log.properties.dollarM.properties.severity.type | String | Severity level of the log (e.g., Info, Error). |
definitions.Log.properties.dollarM.properties.logID.type | String | Unique identifier for the log entry. |
definitions.Log.properties.dollarM.properties.entityType.type | String | Logical type of the entity that produced the log. |
definitions.Log.properties.dollarL.type | String | Label metadata for the log (used for classification). |
definitions.Log.properties.dollarL.additionalProperties.type | Array/String | Additional label values which can be string or null. |
definitions.Log.properties.dollarD.type | String | Payload of the log containing dynamic content. |
definitions.Log.properties.dollarD.additionalProperties | String | Accepts any additional user-defined fields. |
definitions.DetailsLogImmediate.type | String | Schema for alerts triggered immediately by log content. |
definitions.DetailsLogImmediate.cxEntitySubTypes | Array/String | Supported subtypes for immediate log alerts. |
definitions.DetailsLogImmediate.properties.logsImmediate.type | String | Core details about the triggering log. |
definitions.DetailsLogImmediate.properties.logsImmediate.properties.log.$ref | String | Reference to the triggering log object. |
definitions.DetailsLogImmediate.properties.$type.type | String | Alert type identifier for discriminating schema. |
definitions.DetailsLogImmediate.properties.$type.enum | Array/String | Enumerated value for immediate alert type. |
definitions.DetailsLogImmediate.required | Array/String | Fields required for valid schema matching. |
definitions.DetailsLogThreshold.type | String | Schema for alerts triggered by threshold conditions. |
definitions.DetailsLogThreshold.cxEntitySubTypes | Array/String | Variants of threshold-based log alerts. |
definitions.DetailsLogThreshold.properties.logsThreshold.type | String | Contains evaluated metrics and timestamps for logs. |
definitions.DetailsLogThreshold.properties.logsThreshold.properties.fromTimestamp.type | String | Start of the evaluated time window (in ns). |
definitions.DetailsLogThreshold.properties.logsThreshold.properties.toTimestamp.type | String | End of the evaluated time window (in ns). |
definitions.DetailsLogThreshold.properties.logsThreshold.properties.countResult.type | String | Number of matching log entries. |
definitions.DetailsLogThreshold.properties.logsThreshold.properties.isUndetectedValue.type | String | Whether expected values were missing or undetected. |
definitions.DetailsLogThreshold.properties.logsThreshold.properties.conditionType.type | String | Condition type that triggered the alert (e.g., lessThan). |
definitions.DetailsLogThreshold.properties.logsThreshold.properties.log.$ref | String | Reference to one of the matching logs. |
definitions.DetailsLogThreshold.properties.$type.type | String | Type discriminator for the schema. |
definitions.DetailsLogThreshold.properties.$type.enum | Array/String | Allowed value for this alert type. |
definitions.DetailsLogThreshold.required | Array/String | Required field for schema resolution. |
definitions.DetailsMetricThreshold.type | String | Schema for alerts based on metric thresholds. |
definitions.DetailsMetricThreshold.cxEntitySubTypes | Array/String | Variants of metric-based alert types. |
definitions.DetailsMetricThreshold.properties.$type.const | String | Constant value for alert type discrimination. |
definitions.DetailsMetricThreshold.properties.metricThreshold.type | String | Core details for metric threshold evaluation. |
definitions.DetailsMetricThreshold.properties.metricThreshold.properties.conditionType.type | String | Type of metric condition (e.g., avg, sum). |
definitions.DetailsMetricThreshold.properties.metricThreshold.properties.fromTimestamp.type | String | Start of the metric evaluation window. |
definitions.DetailsMetricThreshold.properties.metricThreshold.properties.toTimestamp.type | String | End of the metric evaluation window. |
definitions.DetailsMetricThreshold.properties.metricThreshold.properties.maxValueOverThreshold.type | Array/String | Highest value that exceeded the threshold. |
definitions.DetailsMetricThreshold.properties.metricThreshold.properties.minValueOverThreshold.type | Array/String | Lowest value above the threshold. |
definitions.DetailsMetricThreshold.properties.metricThreshold.properties.avgValueOverThreshold.type | Array/String | Average value of those over the threshold. |
definitions.DetailsMetricThreshold.properties.metricThreshold.properties.pctOverThreshold.type | Array/String | Percent of total that exceeded the threshold. |
definitions.DetailsMetricThreshold.properties.metricThreshold.properties.isUndetectedValue.type | String | Whether a value was missing or couldn’t be collected. |
definitions.DetailsMetricThreshold.properties.metricThreshold.properties.isUndetectedValue.default | String | Default value indicating a value was expected. |
definitions.DetailsSloThreshold.type | String | Schema for alerts triggered by SLO threshold breaches. |
definitions.DetailsSloThreshold.cxEntitySubTypes | Array/String | Supported SLO-based threshold alert types. |
definitions.DetailsSloThreshold.properties.$type.const | String | Constant for SLO threshold alert type. |
definitions.DetailsSloThreshold.properties.sloThreshold.type | String | Core details for SLO evaluation. |
definitions.DetailsSloThreshold.properties.sloThreshold.properties.pctOverThreshold.type | String | Percentage over the allowed error budget. |
definitions.DetailsSloThreshold.properties.sloThreshold.properties.fromTimestamp.type | String | Start of the SLO analysis window. |
definitions.DetailsSloThreshold.properties.sloThreshold.properties.toTimestamp.type | String | End of the SLO analysis window. |
definitions.DetailsSloThreshold.properties.sloThreshold.properties.shortWindowOutput.type | String | Optional details for fast-burn rate analysis. |
definitions.DetailsSloThreshold.properties.sloThreshold.properties.shortWindowOutput.properties.pctOverThreshold.type | String | Percentage over budget in the short window. |
definitions.DetailsSloThreshold.properties.sloThreshold.properties.shortWindowOutput.cxEntitySubTypes | Array/String | ["sloThresholdDualBurnRateResolved", "sloThresholdDualBurnRateTriggered"] |
definitions.DetailsSloThreshold.properties.sloThreshold.discriminator.propertyName | String | "$type" |
examples | Array/Object | Example alert and definition payloads to illustrate usage. |
examples[].alertDef.name | String | Name of the alert definition. |
examples[].alertDef.description | String | Description of the alert and its purpose. |
examples[].alertDef.entityLabels.property1 | String | Example key-value for labeling the alert definition. |
examples[].alertDef.entityLabels.property2 | String | Another label associated with the alert definition. |
examples[].alertDef.incidentSettings.retriggeringPeriod.minutes | Number | Time window (in minutes) before the alert can retrigger. |
examples[].alertDef.incidentSettings.notifyOn | String | The condition under which to notify about incidents. |
examples[].alertDef.typeDefinition.$type | String | "metricThreshold" |
examples[].alertDef.typeDefinition.metricThreshold.promql | String | PromQL expression used in the metric alert rule. |
examples[].alertDef.typeDefinition.metricThreshold.rules | Array/Object | Metric alert rules including thresholds and overrides. |
examples[].alertDef.typeDefinition.metricThreshold.rules[].condition.threshold | Number | Value used as the threshold for the alert condition. |
examples[].alertDef.typeDefinition.metricThreshold.rules[].condition.forOverPct | Number | Percentage of values exceeding the threshold. |
examples[].alertDef.typeDefinition.metricThreshold.rules[].condition.ofTheLast.metricTimeWindowSpecificValue | String | Specific time window evaluated in the alert rule. |
examples[].alertDef.typeDefinition.metricThreshold.rules[].condition.conditionType | String | Type of comparison used in the alert rule. |
examples[].alertDef.typeDefinition.metricThreshold.rules[].override.priority | String | Priority override if the rule is matched. |
examples[].alertDef.typeDefinition.metricThreshold.missingValues.replaceWithZero | String | Whether to treat missing values as 0. |
examples[].alertDef.typeDefinition.metricThreshold.missingValues.minNonNullValuesPct | Number | Minimum % of non-null values needed for evaluation. |
examples[].alertDef.typeDefinition.metricThreshold.undetectedValuesManagement.triggerUndetectedValues | String | Whether to trigger an alert for undetected values. |
examples[].alertDef.typeDefinition.metricThreshold.undetectedValuesManagement.autoRetireTimeframe | String | When the alert should auto-disable due to inactivity. |
examples[].alertDef.type | String | The general type of alert (e.g., "metricThreshold"). |
examples[].alertDef.priority | String | Priority classification of the alert (e.g., P1, P2). |
examples[].alertDef.groupByKeys | Array/String | Keys used to group the alert (e.g., "host", "service"). |
examples[].alertDef.createdTime | Number | Timestamp when the alert definition was created. |
examples[].alertDef.updatedTime | Number | Timestamp of the most recent update to the alert. |
examples[].alertDef.id | String | Unique identifier for the alert definition. |
examples[].alertDef.alertVersionId | String | Version identifier of the alert definition. |
examples[].alert.timestamp | Number | Timestamp of when the alert was triggered. |
examples[].alert.id | String | Unique identifier for the alert instance. |
examples[].alert.status | String | Current status of the alert (e.g., Triggered, Resolved). |
examples[].alert.groups | Array/Object | Groups of alert matches, typically grouped by deduplication keys. |
examples[].alert.groups[].status | String | Status of a specific alert group. |
examples[].alert.groups[].priority | String | Assigned priority level of the alert group. |
examples[].alert.groups[].keyValues.property1 | String | First key-value associated with the alert group, e.g., service or team. |
examples[].alert.groups[].keyValues.property2 | String | Second key-value for grouping, e.g., region or host. |
examples[].alert.groups[].details.$type | String | Type discriminator for the alert group details structure. |
examples[].alert.groups[].details.metricThreshold.conditionType | String | Condition type used in the metric threshold logic. |
examples[].alert.groups[].details.metricThreshold.fromTimestamp | Number | Start time of the window in which the condition was evaluated. |
examples[].alert.groups[].details.metricThreshold.toTimestamp | Number | End time of the evaluated window for the alert condition. |
examples[].alert.groups[].details.metricThreshold.maxValueOverThreshold | Number | Maximum value observed above the defined threshold. |
examples[].alert.groups[].details.metricThreshold.minValueOverThreshold | Number | Minimum value observed above the defined threshold. |
examples[].alert.groups[].details.metricThreshold.avgValueOverThreshold | Number | Average value of the metric when above the threshold. |
examples[].alert.groups[].details.metricThreshold.pctOverThreshold | Number | Percentage of time the metric stayed above the threshold. |
examples[].alert.groups[].details.metricThreshold.isUndetectedValue | String | Indicates whether the alert was triggered due to missing or undetectable data. |
alerts.history schema
$schema
type: string
$id
type: string
type
type: string
{ cxTemplatedPaths
type: array
[ cxTemplatedPaths[n]
item
type: string
]
}
{ properties
{ alertDef
$ref
type: string
}
{ alert
$ref
type: string
}
}
{ definitions
{ AlertDef
type
type: string
{ properties
{ name
type
type: string
}
{ description
type
type: string
}
{ entityLabels
type
type: string
{ additionalProperties
type
type: string
}
}
{ incidentSettings
type
type: string
{ properties
{ retriggeringPeriod
type
type: string
{ properties
{ minutes
type
type: string
}
}
}
{ notifyOn
type
type: string
}
}
}
{ typeDefinition
type
type: string
{ oneOf
type: array
[ oneOf[n]
{ item
$ref
type: string
}
]
}
{ discriminator
propertyName
type: string
}
}
{ type
type
type: string
}
{ priority
type
type: string
}
{ groupByKeys
type
type: string
{ items
{ type
type: array
[ type[n]
item
type: string
]
}
}
}
{ createdTime
type
type: string
}
{ updatedTime
type
type: string
}
{ id
type
type: string
format
type: string
}
{ alertVersionId
type
type: string
format
type: string
}
}
}
{ DefinitionLogImmediate
type
type: string
{ cxEntitySubTypes
type: array
[ cxEntitySubTypes[n]
item
type: string
]
}
{ properties
{ logsImmediate
type
type: string
{ properties
{ notificationPayloadFilter
type
type: string
{ items
type
type: string
}
}
{ applicationName
type
type: string
{ items
type
type: string
{ properties
{ value
type
type: string
}
{ operation
type
type: string
}
}
}
}
{ subsystemName
type
type: string
{ items
type
type: string
{ properties
{ value
type
type: string
}
{ operation
type
type: string
}
}
}
}
{ severities
type
type: string
{ items
type
type: string
}
}
{ luceneQuery
type
type: string
}
}
}
{ $type
type
type: string
{ enum
type: array
[ enum[n]
item
type: string
]
}
}
}
{ required
type: array
[ required[n]
item
type: string
]
}
}
{ DefinitionLogThreshold
type
type: string
{ cxEntitySubTypes
type: array
[ cxEntitySubTypes[n]
item
type: string
]
}
{ properties
{ logsThreshold
type
type: string
{ properties
{ undetectedValuesManagement
type
type: string
{ properties
{ triggerUndetectedValues
type
type: string
}
{ autoRetireTimeframe
type
type: string
}
}
}
{ rules
type
type: string
{ items
type
type: string
{ properties
{ condition
type
type: string
{ properties
{ threshold
type
type: string
}
{ timeWindow
type
type: string
{ properties
{ logsTimeWindowSpecificValue
type
type: string
}
}
}
{ conditionType
type
type: string
}
}
}
{ override
type
type: string
{ properties
{ priority
type
type: string
}
}
}
}
}
}
{ notificationPayloadFilter
type
type: string
{ items
type
type: string
}
}
{ applicationName
type
type: string
{ items
type
type: string
{ properties
{ value
type
type: string
}
{ operation
type
type: string
}
}
}
}
{ subsystemName
type
type: string
{ items
type
type: string
{ properties
{ value
type
type: string
}
{ operation
type
type: string
}
}
}
}
{ severities
type
type: string
{ items
type
type: string
}
}
{ luceneQuery
type
type: string
}
}
}
{ $type
type
type: string
{ enum
type: array
[ enum[n]
item
type: string
]
}
}
}
{ required
type: array
[ required[n]
item
type: string
]
}
}
{ DefinitionMetricThreshold
type
type: string
{ cxEntitySubTypes
type: array
[ cxEntitySubTypes[n]
item
type: string
]
}
{ properties
{ $type
const
type: string
}
{ metricThreshold
type
type: string
{ properties
{ promql
type
type: string
}
{ rules
type
type: string
{ items
type
type: string
{ properties
{ condition
type
type: string
{ properties
{ threshold
{ type
type: array
[ type[n]
item
type: string
]
}
}
{ forOverPct
{ type
type: array
[ type[n]
item
type: string
]
}
}
{ ofTheLast
type
type: string
{ properties
{ metricTimeWindowSpecificValue
type
type: string
}
}
}
{ conditionType
type
type: string
}
}
}
{ override
type
type: string
{ properties
{ priority
type
type: string
}
}
}
}
}
}
{ missingValues
type
type: string
{ properties
{ replaceWithZero
type
type: string
}
{ minNonNullValuesPct
{ type
type: array
[ type[n]
item
type: string
]
}
default
type: number
}
}
}
{ undetectedValuesManagement
type
type: string
{ properties
{ triggerUndetectedValues
type
type: string
default
type: string
}
{ autoRetireTimeframe
type
type: string
default
type: string
}
}
}
}
}
}
}
{ DefinitionSloThreshold
type
type: string
{ cxEntitySubTypes
type: array
[ cxEntitySubTypes[n]
item
type: string
]
}
{ properties
{ $type
const
type: string
}
{ sloThreshold
type
type: string
{ properties
{ sloDefinition
type
type: string
{ properties
{ sloId
type
type: string
}
{ name
type
type: string
}
{ window
type
type: string
}
}
{ required
type: array
[ required[n]
item
type: string
]
}
}
{ rules
type
type: string
{ items
type
type: string
{ properties
{ condition
type
type: string
{ properties
{ threshold
type
type: string
}
}
}
{ override
type
type: string
{ properties
{ priority
{ type
type: array
[ type[n]
item
type: string
]
}
}
}
}
}
}
}
{ details
type
type: string
{ properties
{ timeWindow
type
type: string
{ properties
{ duration
type
type: string
}
{ unit
type
type: string
{ enum
type: array
[ enum[n]
item
type: string
]
}
}
}
{ cxEntitySubTypes
type: array
[ cxEntitySubTypes[n]
item
type: string
]
}
}
{ shortTimeWindow
type
type: string
{ properties
{ duration
type
type: string
}
{ unit
type
type: string
{ enum
type: array
[ enum[n]
item
type: string
]
}
}
}
{ cxEntitySubTypes
type: array
[ cxEntitySubTypes[n]
item
type: string
]
}
}
}
}
}
}
}
}
{ Alert
type
type: string
{ properties
{ timestamp
type
type: string
}
{ id
type
type: string
format
type: string
}
{ status
type
type: string
}
{ groupingKey
type
type: string
}
{ highestPriority
type
type: string
}
{ alertDataUrl
type
type: string
}
{ statusBreakdown
type
type: string
description
type: string
{ properties
{ totalGroupCount
type
type: string
description
type: string
}
{ totalTriggeredGroupCount
type
type: string
description
type: string
}
{ totalResolvedGroupCount
type
type: string
description
type: string
}
}
{ required
type: array
[ required[n]
item
type: string
]
}
}
{ groups
type
type: string
{ items
$ref
type: string
}
}
}
}
{ Group
type
type: string
{ properties
{ status
type
type: string
}
{ priority
type
type: string
}
{ keyValues
type
type: string
{ additionalProperties
type
type: string
}
}
{ details
type
type: string
{ oneOf
type: array
[ oneOf[n]
{ item
$ref
type: string
}
]
}
{ discriminator
propertyName
type: string
}
}
}
}
{ Log
{ type
type: array
[ type[n]
item
type: string
]
}
{ properties
{ dollarM
type
type: string
{ properties
{ timestamp
type
type: string
format
type: string
}
{ severity
type
type: string
}
{ logID
type
type: string
}
{ entityType
type
type: string
}
}
}
{ dollarL
type
type: string
{ additionalProperties
{ type
type: array
[ type[n]
item
type: string
]
}
}
}
{ dollarD
type
type: string
additionalProperties
type: string
}
}
}
{ DetailsLogImmediate
type
type: string
{ cxEntitySubTypes
type: array
[ cxEntitySubTypes[n]
item
type: string
]
}
{ properties
{ logsImmediate
type
type: string
{ properties
{ log
$ref
type: string
}
}
}
{ $type
type
type: string
{ enum
type: array
[ enum[n]
item
type: string
]
}
}
}
{ required
type: array
[ required[n]
item
type: string
]
}
}
{ DetailsLogThreshold
type
type: string
{ cxEntitySubTypes
type: array
[ cxEntitySubTypes[n]
item
type: string
]
}
{ properties
{ logsThreshold
type
type: string
{ properties
{ fromTimestamp
type
type: string
}
{ toTimestamp
type
type: string
}
{ countResult
type
type: string
}
{ isUndetectedValue
type
type: string
}
{ conditionType
type
type: string
}
{ log
$ref
type: string
}
}
}
{ $type
type
type: string
{ enum
type: array
[ enum[n]
item
type: string
]
}
}
}
{ required
type: array
[ required[n]
item
type: string
]
}
}
{ DetailsMetricThreshold
type
type: string
{ cxEntitySubTypes
type: array
[ cxEntitySubTypes[n]
item
type: string
]
}
{ properties
{ $type
const
type: string
}
{ metricThreshold
type
type: string
{ properties
{ conditionType
type
type: string
}
{ fromTimestamp
type
type: string
}
{ toTimestamp
type
type: string
}
{ maxValueOverThreshold
{ type
type: array
[ type[n]
item
type: string
]
}
}
{ minValueOverThreshold
{ type
type: array
[ type[n]
item
type: string
]
}
}
{ avgValueOverThreshold
{ type
type: array
[ type[n]
item
type: string
]
}
}
{ pctOverThreshold
{ type
type: array
[ type[n]
item
type: string
]
}
}
{ isUndetectedValue
type
type: string
default
type: string
}
}
}
}
}
{ DetailsSloThreshold
type
type: string
{ cxEntitySubTypes
type: array
[ cxEntitySubTypes[n]
item
type: string
]
}
{ properties
{ $type
const
type: string
}
{ sloThreshold
type
type: string
{ properties
{ pctOverThreshold
type
type: string
}
{ fromTimestamp
type
type: string
}
{ toTimestamp
type
type: string
}
{ shortWindowOutput
type
type: string
{ properties
{ pctOverThreshold
type
type: string
}
}
{ cxEntitySubTypes
type: array
[ cxEntitySubTypes[n]
item
type: string
]
}
}
}
{ discriminator
propertyName
type: string
}
}
}
}
}
{ examples
type: array
[ examples[n]
{ item
{ alertDef
name
type: string
description
type: string
{ entityLabels
property1
type: string
property2
type: string
}
{ incidentSettings
{ retriggeringPeriod
minutes
type: number
}
notifyOn
type: string
}
{ typeDefinition
$type
type: string
{ metricThreshold
promql
type: string
{ rules
type: array
[ rules[n]
{ item
{ condition
threshold
type: number
forOverPct
type: number
{ ofTheLast
metricTimeWindowSpecificValue
type: string
}
conditionType
type: string
}
{ override
priority
type: string
}
}
]
}
{ missingValues
replaceWithZero
type: string
minNonNullValuesPct
type: number
}
{ undetectedValuesManagement
triggerUndetectedValues
type: string
autoRetireTimeframe
type: string
}
}
}
type
type: string
priority
type: string
{ groupByKeys
type: array
[ groupByKeys[n]
item
type: string
]
}
createdTime
type: number
updatedTime
type: number
id
type: string
alertVersionId
type: string
}
{ alert
timestamp
type: number
id
type: string
status
type: string
{ groups
type: array
[ groups[n]
{ item
status
type: string
priority
type: string
{ keyValues
property1
type: string
property2
type: string
}
{ details
$type
type: string
{ metricThreshold
conditionType
type: string
fromTimestamp
type: number
toTimestamp
type: number
maxValueOverThreshold
type: number
minValueOverThreshold
type: number
avgValueOverThreshold
type: number
pctOverThreshold
type: number
isUndetectedValue
type: string
}
}
}
]
}
}
}
]
}
Theme
Light