Monitor incoming alerts

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 4 minutes de lecture

    • You can monitor incoming alerts in Service Operations Workspace. You can also monitor and manage alerts in the Event Management interface.

    Avant de commencer

    Role required: evt_mgmt_admin, evt_mgmt_operator
    Remarque :
    The evt_mgmt_user role is view-only and does not have permission to perform this action.

    Procédure

    1. Navigate to Workspaces > Service Operations Workspace.
    2. From the navigation bar, select the Express list icon .
    3. View the alert information.
      Tableau 1. Alerts column headings
      Column heading Description
      Number Unique ID generated by Event Management to identify the alert.
      Group An entry in this column indicates that the associated alert is a member of an alert group. Alerts that do not have an entry in this column are ungrouped alerts.
      • Automated: Aggregated automatically by alert aggregation. A virtual alert is added to the group as the primary alert of the group.
      • Rules-based: Alert group created as a result of a user-configured correlation rule.
      • Manual: This alert is a member of an alert group that is formed when right-clicking an alert and setting it as secondary to the selected primary alert.
      • CMDB: CIs without historical data that were aggregated by alert aggregation based on CI relationships in the CMDB.
      • Secondary: This alert is a component of an alert group. The alert at the head of the group is known as the primary alert. When Correlated Alerts is selected, the secondary alerts that are under the primary alert do not display, making the Alerts list less cluttered and easier to review.
      • None: This alert is an ungrouped alert. To make an ungrouped alert become a member of a group, right-click it and select in the topic Add to Groups. Select the alert and click Add Selected.
      • Text: This alert is a member of an alert group that was created based on the similarity of their text or description.
      • Log Analytics: This alert is a member of a Log Analytics alert group.
      • Component-based: This alert is a member of a Log Analytics group that was created based on the affected IT components or services.
      • Tag Cluster: This alert is a member of an alert group that was created based on common tags or labels assigned to them.
      • Network Traffic: This alert is a member of an alert group that was created based on network traffic connections between processes of host CIs.
      • Mixed: This alert is a member of a grouping method that combines alerts using multiple grouping strategies, such as CMBD-based grouping and tag-based grouping, into a single, cohesive group.
      Severity The severity of the event. The value for this field is copied from the event unless the event closes the alert, in which case the previous severity is retained for reporting.
      • Critical: Immediate action is required. The resource is either not functional or critical problems are imminent.
      • Major: Major functionality is severely impaired or performance has degraded.
      • Minor: Partial, non-critical loss of functionality or performance degradation occurred.
      • Warning: Attention is required, even though the resource is still functional.
      • OK: An alert is created. The resource is still functional.
      • Clear: No action is required. An alert is not created from this event. Existing alerts are closed.
      Priority group Indicates which alerts should be attended to first. Priority is calculated for each open alert and then mapped into one of four priority categories.
      Priority Value providing a guide as to the priority of the alert, based on a number of accumulated categories. For example, alert state and business criticality.
      Source Event monitoring software that generated the event, for example, SolarWinds or SCOM. Optionally, you can enter a description, for example, Group Alert. This field has a maximum length of 100.
      Description The alert description.
      Node Node name, fully qualified domain name (FQDN), IP address, or MAC address that is associated with the event, such as IBM-ASSET. This field has a maximum length of 100.
      Configuration item JSON string that represents a configuration item. For example, {"name":"SAP ORA01","type":"Oracle"}. The CI identifier that generated the event appears in the Additional information field. This field has a maximum length of 1000. Click Dependency view icon to open the alert in dependency view.
      Impacted Services Lists the services affected by this alert group. Select an impacted service to view its record.
      Remarque :
      You can access the Service Map in Service Operations Workspace directly from the impacted service form by selecting Service Map. The service map shows the impacted path of alerts, enabling you to quickly assess their effect on the service. For more information, see View unified service map and the impact paths in Service Operations Workspace.

      Service Map button on the impacted service form.el-imp-service-open-map.png
      Metric Name Unique name that describes which metrics are collected and for which this alert has been created.
      Maintenance Shows whether the resource affected by the alert is in maintenance, Valid values are true or false.
      Task The corresponding task for the alert, such as an incident, change, or problem.
      Parent Reference to a parent alert.
      Initial event generation time Time that the initial event occurred in the remote system.

    Que faire ensuite

    If Operational Intelligence is activated, you can right-click an alert and click View Metrics to open the integrated Insights Explorer and Dependency Views map for the CI that is associated with the alert.