Alerts Report
Last updated on 23 August, 2024The Alerts report returns a list of all alerts, which can include every individual alert that matches the parameters or a count of the number of times each alert occurred, during a specified time period. By reviewing these non-critical alerts in a report, you can reduce the number of alerts you need to be notified of and gain additional insight by seeing alerts in context with other alerts.
The following are a few common use cases for the Alerts report type:
- Review all the alerts for those resources in scheduled downtime (SDT) and address potential issues before SDT ends.
- Identify alerts that have been active for a long period of time and then tune your thresholds to reduce future occurrences of similar alerts.
- Evaluate how long it takes for users to acknowledge alerts.
- Deliver a daily report that includes all alerts from the past 24 hours.
- Because the report can show you how much a threshold was exceeded, you can determine which thresholds need adjusting.
- You can also use this daily report to determine if alert notifications should be routed to email, text, and so on, and adjust your alert rules.
Configuring an Alerts Report
To add a new Alerts report:
- Select Reports > Add > Report > Alerts to open the report settings.
General Settings
- (Required) Enter a Name. Report names cannot include the operators and comparison functions used in LogicMonitor’s datapoint expression syntax.
- Enter a Description. For example, describe the specific purpose of the report.
- (Required) Enter a Report Group to set where your report will be stored. Matching groups will display as you type and you can select from the list.
- Set the report’s output Format, which can be HTML, CSV, or PDF.
Alerts Report Settings
- Select Include pre-existing alerts to include alerts that began prior to the specified date range, but meet all other criteria.
- Select Summarize alert counts to add a column to the alerts report that details the frequency that an alert occurred during the report time range.
- If this option is selected you will be able to sort the report by “Alerts”, which you can use to see the top sources of alerts, allowing you to remediate highly impactful issues or tune datapoint thresholds.
- Select a Sort by option from the list.
- When you sort the Alerts report by “Severity”, the report will also automatically sort by the time the alert began in descending order. This is similar to the Alerts page, which allows you to sort on both the alert severity level and the time the alert began.
- Use the toggles to sort in ascending (ASC) or descending (DESC) order.
Report Schedule Settings
You can use the Report Schedule settings to schedule recurring reports that will email the results to the configured addresses.
- Select Generate this report on a schedule.
- Select the Frequency that you want this report to run.
- Select the time or day that the report will run. This option will depend on the Frequency you selected previously.
- Set the time zone for the report.
- Enter one or more Recipients email addresses.
Note: Upon configuring or editing a delivery schedule, your report will be generated and emailed immediately if it has not been generated within the last 24 hours. After that, emailed delivery will only occur according to the schedule.
Note: A configured maximum value of DataSource instances can require report delivery. If this maximum value is exceeded, a text box prompt will appear for the user to enter email addresses for report delivery, to avoid display delay rather than attempting report viewing.
Alerts Report Preview
You can configure and preview the results in a panel at the bottom of the page by selecting the following options:
Severity Levels: You can sort the report based on the severity level (e.g., critical, error, or warning).
Note: When you choose to sort the Alerts report by severity, secondary sorting by time began (in descending order) will automatically enable. This secondary sorting functionality is similar to that available from the Alerts page, allowing you to simultaneously sort on both the alert severity level (primary sort) and the time the alert began (secondary sort).
Alert Filters: You can click on the Filter icon to select the filters for the alerts displayed in the report using a variety of criteria (e.g., resource, instance, datapoint, severity level, etc.). As you set filter criteria, you’ll notice that the alerts table located immediately beneath the filters is dynamically updated to provide a preview of the alerts that the report will return.
Note: A maximum of 30,000 alerts will be returned in a report. If more than 30,000 alerts match your filter criteria, the resources/groups with the most alerts will be auto-excluded from the report. To avoid the issue, ensure to sufficiently narrow your filters.
Clear: You can click Clear to the set preview to default settings.
Time Range: In the Time Range field, indicate the duration of time for which alerts will be pulled for display.
Column Settings: You can click Show Table Settings, to reorder columns, grab the icon to the far left of a column name, and drag and drop the column into its new position. Click on the Watch icon to exclude the columns from the report.
You can add custom columns to your Alerts report using the Add Custom Column field. LogicMonitor supports the addition of columns that represent properties or custom tokens.
Save the Report
When you finish configuring your report, you can:
- Click Save to save the report and its parameters.
- Click Save and Run to save and run the new report to review its output.
Threshold Limits
Adhoc Requests Thresholds (Limit for number of items)
CSV | HTML | |
---|---|---|
85000 | 30000 | 2000 |
Scheduled Requests Thresholds
CSV | HTML | |
720000 | 30000 | 4000 |