The Triggered alerts page offers an updated list of notifications of recently triggered alerts, as long as they were not suppressed.
You can think of it as a live dashboard summary of all the triggered alert notifications sent. So that even if you’re not on the recipients list, you can still know which events occurred.
To view the Triggered alerts page, select Logs > Triggered alerts from the top menu.
To view the raw logs for a particular event, click the button View in Kibana.
You’ll be taken to Kibana Discover, with the logs filtered to return the exact logs that caused the alert to trigger. Using Kibana, you can explore your logs and get a better idea of the conditions that led to the triggered alert.
This is the same link that appears in the alert notification.
View the latest triggered alert events, regardless of suppression
You can easily view the event logs written by the alert over the last 36 hours, regardless of notification suppression.
- Open the Logs > Alert definitions page from the navigation menu.
- Hover over an alert and click its Menu button .
- Select View last events.
You’ll be taken to the Kibana Discover view, filtered by the alert ID for the last 36 hours. You can easily adjust the time picker to filter for another time frame.
Each log document represents an event, when the alert’s query and triggering conditions were met. Click the Investigate button on a select event to drill down on the raw logs that caused the alert to trigger.