Alert Statuses
Updating the Status of an alert has two key benefits:
- Communication: the rest of your team will know that somebody has triaged the issue and if it still pending or not. Filtering just for alerts with no status is an easy way to ensure nothing has fallen through the cracks.
- Reporting: key operational metrics, like Time to Response and Status Update Rate, are only calculated if the status is updated. These metrics are valuable for setting goals and communicating progress to leadership.
Alert statuses do not provide feedback to the models that generate thresholds. Thresholds will not change or adjust based on the alert status provided. Model feedback is managed through a separate process (Tune thresholds).
| Status | Intended purpose |
|---|---|
| No Status | The default for a newly created alert. |
| Acknowledged (formerly Investigating) | Someone has acknowledged and is actively investigating if this is a meaningful issue. |
| Work in progress | It was a meaningful issue that is currently being fixed. |
| Fixed | The issue was fixed and the data is now back to normal. |
| Expected | The detection was a valid anomaly from a statistical standpoint, but was the expected result of something like a pipeline change or planned maintenance. |
| No action needed | The detection was a valid anomaly from a statistical standpoint, but was not important enough to merit any further action. |
| False positive | The detection was not a valid statistical anomaly. Sometimes, this can be the result of a data collection issue from Monte Carlo. |
Updated about 1 month ago