Severity and Status
Event Severity
Event severity is broken down into four categories in the Sysdig Monitor UI, to better visualize issue priority, and allow for easier filtering practices.
The categories are as follows:
- High (red)
- Medium (orange)
- Low (yellow)
- Info (blue)
The category Info refers to events, having little or no impact on operations, mostly containing informational messages.
Scripts that used the former severity values (0-7) will continue to work as expected, as the new categories are simplified groupings of those values.
This image outlines the former severity value breakdown:
Event Status
There are two primary states for Alert Events: triggered, and resolved. Sysdig Monitor also allows for three purely visual available to improve filtering practices: acknowledged, unacknowledged, and silenced.
Event Status | Description |
|---|---|
Triggered | The circumstances that triggered the event remain in place, for example, the node remains down. |
Resolved | The circumstances that triggered the event are no longer in place, for example, the metric value has returned to within a normal range. |
Acknowledged | Manual label to assist in filtering. When an alert is acknowledged, you will not be re-notified. The acknowledged label is a purely visual marker. It does not reflect the current state (triggered/resolved) of the event. Custom events cannot be marked as acknowledged. |
Unacknowledged | Manual label to assist in filtering. All events are marked as unacknowledged by default. |
Silenced | Manual label to assist in filtering. When an alert is silenced, you will not be re-notified for a period of time chosen when you create a silence. For more information, see Silence Alert Notifications. |
For more information on filtering the Events feed, refer to Filter and Search Events.
See Secure Events to understand the Event severity levels for Sysdig Secure.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.