Viewing Alerts

To understand the root cause of an alert you receive from the ThousandEyes platform, use the details of the alert to interpret what thresholds triggered it. You can look up the details of an alert from the Alert List widget in a dashboard, or from Alerts.

Looking Up Alerts from a Dashboard

The Dashboards screen is available as the default page when you log in to the ThousandEyes platform. If your dashboard includes the Alert List widget, click the name of the active alert in the Alert Source column (see figure below). This will take you to the Views screen for the affected test, where you can view details of the test anomaly that triggered the alert. See Getting Started with Views for more information about how to understand test views.

Looking Up Alerts from the Alerts Screen

Current and past alerts can be viewed on the Alerts screen. The Alerts screen has two tabs, with lists arranged chronologically by Start time by default (though you may sort by other columns as well):

• Active Alerts: List of alerts currently active for any test within your account group. The tab refreshes every two minutes.

• Alerts History: List of alerts no longer active from tests in your account group.

To quickly understand what an active alert is telling you:

1. When you receive an alert from the ThousandEyes platform, go to Alerts in the platform.

2. Use the search bar to find a specific alert. For more information on searching for alerts, see Active Alerts.

   
3. Having located the alert, use the Impacted Tests column to see the test that is associated with the alert rule that triggered. You can also see related metrics that help show why this alert rule triggered.

4. Expand an active alert by clicking anywhere on the row of the alert rule. A side panel will open.

   
5. Click the stack icon to the right of an impacted alert trigger (e.g., agent or monitor) to view the test results in a separate tab for that specific alert trigger. The test results offer a timeline view of the alert activity.

Active Alerts

The following sections describe how to understand and use all the elements of the Active Alerts and Alerts History screens, for a deeper understanding of alerts and their test implications.

On the Active Alerts tab, you will find:

• Search: Type search criteria into the field marked "Filter by test name or scope…" at the top to search for matching alerts. The number of results are shown to the right of the search field. The text you enter can match Alert ID, Alert Rule Name, Alert Type, Test ID, Test Name, Test Type, or Severity. If you enter more than one search criterion, select either All or Any in the dropdown next to the search field to specify whether the results returned should match all (AND) or any (OR) of the selected criteria. You must hit Return/Enter (not Space) between search criteria to create multiple search terms. When you search on the Alert Rule Name, the results include alerts with names that fit any of the following:

  • Match at least 75% of keywords in the search text.

  • Contain the search text as a phrase.

  • Match the search text exactly.

  Note: The search field acts exactly the same in the Alerts History tab.

  
• Alert Rule: Name of the alert rule currently active. For a quick overview of the alert criteria, click the info icon that appears next to the alert name on hover. A tooltip appears that identifies the test type, test direction, and alert condition(s) triggered.

  
• Start ([your_timezone]): The date and time when the alert first triggered, set to your timezone. For more information about timezones, see Working with Time Zone Settings.

• Scope: The objects that the alert covers, and their number. These are set by alert type, as listed below:

  Objects

  Alert Type

  Agents

  Agent to Server

  Agents

  Agent to Agent

  Agents

  Path Trace

  Agents

  DNS Trace

  Agents

  DNSSEC

  Agents

  HTTP Server

  Agents

  Page Load

  Agents

  Web Transaction

  Agents

  FTP Server

  Agents

  Endpoint End-to-End (Server)

  Agents

  Endpoint Path Trace

  Agents

  Endpoint

  Agents

  Application

  Agents

  API

  Locations

  Network Outage

  Locations

  Application Outage

  Networks

  SIP Server

  Networks

  RTP Stream

  Devices

  Device

  Devices

  Interface

  Endpoints

  Endpoint HTTP Server

  Servers

  DNS Server

  Monitors

  BGP

  Note: The Scope column in the details dialog for each alert may display a different object. For example, an alert with a scope of Network or Server in the Active Alerts screen will display agents in the Scope column of the details dialog. This is because the data for these tests ultimately comes from agents.

• Impacted Tests: The name of the test the alert applies to.

• Severity: Shows the severity of the alert. Find more information about alert severity in Alert Rule Severity.

• Action: Clicking the clock icon in this column on any given alert allows you to suppress the alert. See real-time alert suppression windows for more information.

Viewing Active Alert Details

To view detailed information about an active alert, click the alert's row in the Alert List. A side panel will open with detailed diagnostic information.

The side panel provides metadata about the alert at the top, followed by a Metric Details tab.

The following metadata is displayed:

• Status: Indicates if the alert is currently Active.

• Start: The date and time when the alert was first triggered.

• Duration: How long the alert has been in an active state.

• Scope: The number of tests and agents affected by the alert.

• Impacted: A link to the test(s) included in the alert.

• Severity: The severity level defined in the alert rule (e.g., Critical, Major, Minor).

• Detection Method: The type of rule that triggered the alert, either Adaptive or Manual.

Metric Details Tab

The Metric Details tab provides a summary of the alert's scope and impact.

The table below the metadata lists each individual trigger for the alert (for example, the specific agents or BGP monitors that met the alert conditions). The columns in this table will vary depending on the test type. You can search this table using the search field at the top.

Next to each trigger is a Jump to View icon (a stack icon). Clicking this opens a new browser tab and takes you directly to the relevant Test View, anchored to the exact time the alert triggered, allowing for immediate investigation.

At the bottom left, you can find and copy the Alert ID for use with API calls or custom webhooks.

The "Why Did This Alert Trigger?" Tab

For adaptive alerts, this tab provides a clear, concise explanation of the system's decision-making process, helping you understand why the alert triggered in the first place.

• Important Indicators: This section provides a high-level summary, including the calculated alert probability, the number of agents with anomalies versus the expected baseline, and the configured sensitivity level.

• System Observation: This section contains a bulleted list of observations the system made that contributed to the alert decision.

• Agents with Anomalies Over Time: This bar chart visualizes the number of agents reporting anomalies over time leading up to the alert, making it easy to see the deviation from the normal baseline.

• Alert Probability Over Time: This line graph shows how the system's confidence in an underlying issue evolved over time. The solid line represents the calculated issue probability. The dotted line is the alert threshold based on your configured sensitivity level. An alert is triggered once the calculated issue probability crosses and remains above this threshold for the duration required by the rule.

• Recommended Actions: This section provides direct links to Troubleshoot impacted test, Review alert rule, or Suppress this alert.

Important Indicators

This section provides a high-level summary of the alert's trigger condition in three key tiles:

• Probability an Alert Was Triggered: Displays the final issue probability score that caused the alert to trigger. This value represents the system's calculated confidence that a real issue was occurring at that moment.

• Agents with anomalies: Displays the number of agents that were reporting anomalies compared to the number the system expected based on historical data (e.g., [X] Agents with anomalies, vs < [Y] expected).

• Alert Sensitivity: Shows the sensitivity level (High, Medium, or Low) configured for the rule and the corresponding probability score required to trigger an alert.

System Observation

This section contains a bulleted list of observations the system made that contributed to the alert decision. For a detailed explanation of these concepts, refer to the Adaptive Alerting documentation.

Agents with Anomalies Over Time

This bar chart visualizes the number of agents reporting anomalies over time leading up to the alert. It plots the actual number of anomalous agents against the expected number, making it easy to see when and how significantly the test deviated from its normal baseline.

Alert Probability Over Time

This line graph shows how the system's confidence in an underlying issue evolved over time. The solid line represents the calculated issue probability. The dotted line represents the alert threshold based on your configured sensitivity level. The alert triggers at the exact point where the solid line crosses above the dotted line.

Recommended Actions

This section provides three direct links to help you take the next step:

• Troubleshoot impacted test: Navigates you to the main Test View, anchored to the time of the alert, so you can begin a deep-dive investigation.

• Review Alert Rule: Opens the settings page for the associated alert rule, allowing you to review or adjust its configuration.

• Suppress this alert: Opens the Alert Suppression window, allowing you to temporarily silence notifications for this alert, for example, during a planned maintenance window.

Alerts History

The Alerts History tab provides a searchable archive of all alerts that are no longer active. Use this view to review past incidents, analyze trends, and investigate the root cause of cleared alerts.

Using the Alert History Tab

To find specific past alerts, you can filter the list by a time frame and search for keywords.

• Date and Time Selector: The most important filter in this view is the date and time selector, located in the top right. * The Fixed Time Interval lets you select a specific date range on the calendar. * The Relative Time Interval lets you choose a time span looking backward from the present, such as "Last 7 days" or "Last 30 days".

• Search: The Search field allows you to filter the list by keywords found in the Alert Rule, Scope, or Metrics columns.

The main table lists all cleared alerts that match your time frame and search criteria. It includes columns for the Alert Rule, Scope, and Start time. A key column in this view is Duration, which shows how long the alert was active before it cleared.

Viewing Cleared Alert Details

To view detailed information about a specific cleared alert, click its row in the list. A side panel will open.

The side panel provides metadata about the alert at the top, followed by two tabs: Metric Details and Why Did This Alert Trigger?.

The following metadata is displayed:

• Status: Indicates the alert is Cleared.

• Start: The date and time when the alert was first triggered.

• Clear: The date and time when the alert's conditions were no longer met and the alert was resolved.

• Duration: How long the alert was in an active state.

• Scope: The number of tests and agents affected by the alert.

• Impacted: A link to the test(s) included in the alert.

• Severity: The severity level defined in the alert rule (e.g., Critical, Major, Minor).

• Detection Method: The type of rule that triggered the alert, either Adaptive or Manual.

Metric Details Tab

The Metric Details tab provides a summary of the alert's scope and impact. For more information, see the section Metric Details Tab.

The "Why Did This Alert Trigger?" Tab

This tab provides a clear explanation of the system's decision-making process for adaptive alerts. For more information, see the section The "Why Did This Alert Trigger" Tab.