View an Incident Response alert
View all acknowledged and unacknowledged alerts in the system.
Before you begin
Role required: Responder, Manager, or Administrator
- Log in to Lightstep Incident Response.
- On the left navigation pane, select Alerts.
View the alerts list.
The alert list view can be sorted in order by:
You can filter the listings using the Filters button in the header.Note:
- Priority (asc)
- Priority (desc)
- Number (asc)
- Number (desc) - Default
Filters for the same fields evaluate as AND, filters for different fields evaluate as OR. For example, if you filter for Priority and State is Open, the filter evaluates as P1-Critical OR P2-High OR P3-Moderate AND State Open.
If you select Alerts in the left navigation, Filters defaults to all Open alerts for everyone, and Open and My team for responders and above.
When you change your alert list view filters, it remembers your settings, automatically, so that if you navigate away they are still set when you return.
If the default alert filters do not give you the alert list you are looking for, try the Filter Builder in your list view. See Search for an alert using Filter Builder for more information.The Export button only becomes available if there are records in the list view. For information on exporting alerts, see Export alert information to a CSV file.Note: Bulk selection has no affect on export criteria and should not be used for it. Any record that matches the current filter criteria during export will be included, regardless of whether or not it is selected in the list view.Activate the Actions menu to perform bulk acknowledge, promote, close, or group actions using the list check boxes for each alert or for all alerts.Note: Filters apply when doing selections for alerts. Make sure you have the correct filters set and selections before using the Actions menu.
The Actions list menu gives you options for them.
See Manually group alerts for more information on grouping alerts and their results.
See Promote an alert to an incident for more information on promoting alerts and their results.
Select the information icon to the left of an alert for a preview.
The fly-out screen contains the alert header including tags, Details, and Activity areas of the alert. See Alert workspace for more information on those fields.
The More actions menu in the fly-out contains all the same options as the Alert form as well as Show full details which opens the full alert form.
You can edit the Service, Priority, Assigned team, Assigned to, or Incident fields.
Select an alert from the list view.
The Details tab alert form contains not only the information related to the alert but options to search for further information and take actions. See the following example of an acknowledged alert.
Only an acknowledged alert can be promoted to an incident. See Promote an alert to an incident for more information.Once you acknowledge it, the alert is assigned to you and you can:
- Promote to Incident: (hidden if there is already an incident).
- Close: Closes the alert.
- Save: Saves all changes.
- From the More actions menu, you can:
- Unacknowledge: Unassigns the alert.
- Select the Related alerts tab to view any alerts associated with this alert.
- Select the Response rules tab to view any response rules associated with the alert.
View the Compose panel to add Work notes.
View the Alert timeline panel for system activity
including Work notes.
Note: When an automation rule updates an alert, the rule is identified in the timeline.
- Add or view attachments using the icon in the upper right of the Attachments panel. This icon opens or hides the column.
View the Collaboration panel using the collaboration
icon . This icon opens or hides the column.
- Start or join an available Zoom meeting.
- Start or join an available Microsoft Teams channel.
- Start or join an available Slack channel.
- Add responders to the alert.
See Alert workspace for more information on each of the actions listed.
View the Helpful links panel using the helpful links
icon helpful links icon. This panel contains links defined
on the affected service for this record.
See Alert workspace for more detailed information.