Severity and Status
Event Severity
Event severity is broken down into four categories in the Sysdig Monitor UI, to better visualize issue priority, and allow for easier filtering practices.
Scripts that used the former severity values (0-7) will continue to work as expected, as the new categories are simplified groupings of those values.
The image below outlines the severity value breakdown:

Event Status
There are two primary event states: triggered, and resolved. In addition, there are two additional statuses available to improve filtering practices.
Event Status | Description |
---|---|
Triggered | The circumstances that triggered the event remain in place (for example, the node remains down). |
Resolved | The circumstances that triggered the event are no longer in place (for example, the metric value has returned to within a normal range). |
Acknowledged | Manual label to assist in further filtering the events feed. When an alert is acknowledged, you will not be renotified. The acknowledged label is a purely visual marker. It does not reflect the current state (triggered/resolved) of the event. Custom events cannot be marked as acknowledged. |
Unacknowledged | Manual label to assist in further filtering the events feed. All events are marked as unacknowledged by default. |
Silenced | List of silenced event alerts. For more information, see Silence Alert Notifications. |
For more information on filtering the Events feed, refer to Filtering and Searching Events.
In Sysdig Secure, event severity levels are documented here.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.