Here are some answers to frequently asked questions about alerts.
- Where can I find alerts generated by the ExtraHop system?
- Can I add custom text to email notifications?
- How can I see which alerts are assigned to a source?
- Can I assign an alert configuration to an activity group?
- How are metrics calculated for alert configurations assigned to a device group?
- How are trends calculated?
While the Alerts page provides quick access to all alerts, there are indicators and links to alerts throughout the Web UI.
- On a dashboard, you can add an Alerts widget that displays up to 40 recent alerts.
- On the Overview page for a device, device group, or application displays an Alerts chart.
- On an activity map, the color of a device corresponds to the most severe alert status for all alerts assigned to the device.
- On a geomap, the color of a data point corresponds to the most severe alert for all alerts tracking the same metric.
There is no text field for custom messages in email notifications. However, information can be added to the Description field in the alert settings, and that text appears in the email. For example, the text could direct your team to take action, such as restarting devices, when they receive emails for specific alerts.
In addition, the Description field supports Markdown, which is a simple formatting syntax that converts plain text into HTML. When placed before or around text, certain non-alphabetic characters specify which HTML styling to apply to the text. For example, place double asterisks (**) before and after the text that you want to display as bold. The following table shows common Markdown formats that are supported in the text box.
|Headings||Place a number sign (#) before your text to format headings. The level of heading is determined by the amount of number signs.||####Example H4 heading|
|Unordered lists||Place a single asterisk (*) before your text.||* First example * Second example|
|Ordered lists||Place a single number and period (1.) before your text.||1. First example 2. Second example|
|Bold||Place double asterisks before and after your text.||**bold text**|
|Italics||Place an underscore before and after your text.||_italicized text_|
|Hyperlinks||Place link text in brackets before the URL in parentheses or type the URL to
display the URL without link text.
Links to external websites open in a new browser tab. Links within the ExtraHop Web UI, such as dashboards or custom pages, open in the current browser tab.
|[Visit our home page](https://www.extrahop.com)https://www.extrahop.com|
|Blockquotes||Place a right angle bracket and a space before your text.||On the ExtraHop website:> Access the live demo and review case studies.|
|Monospace font||Place a backtick (`) before and after your text.||`example code block`|
|Emojis||Copy and paste a Unicode block emoji into the text box. Adding emojis in Markdown syntax is unsupported.||For Unicode emojis examples, see the Unicode Emoji Chart website.|
You can find alert assignments from the source Overview page.
- From a device Overview page, click Edit Assignments.
- From a device group Overview page, click Assignments from the top-right corner.
- From an application or network Overview page, click Alerts from the top-right corner.
A window that contains the following alert assignment information is displayed:
- Alert configurations directly assigned to the source.
- Alert configurations assigned through a device group.
- Alert configurations globally assigned to the source.
- Alert configuration status.
From the window that contains the alert information, you can remove an alert assignment from the source by clicking the remove (X) icon next to the alert name. If the alert has been assigned globally to all applications or devices, you cannot remove the assignment from an individual source.
You cannot assign an alert to an activity group. However, you can create a custom dynamic device group that contains devices with specified protocol activity. For example, if you want an alert to monitor HTTP processing time on any device, assign the alert to a dynamic device group that contains all devices with HTTP server traffic.
If you assign an alert to a device group, it is equal to assigning the alert to each device in the group. If you want to aggregate metrics across all of the members of a group, you can create an application that consolidates the devices into a single metric source, and then assign the alert to that application.
Appliances calculate trends by looking at historical data and establishing a baseline. Trend-based alerts are well suited for metrics where meaningful thresholds are difficult to define, such as errors.
Trend-based alerts are generated when a metric is outside of the normal trend learned by the system. In most cases, historical data is available and trend alerts are active as soon as they are enabled. However, if you configure a trend alert that requires more historical data than your appliance currently has, the appliance calculates the trend with whatever data is available.