Severity and Status
The categories are:
- High (red)
- Medium (orange)
- Low (yellow)
- Info (blue)
The category Info refers to events, having little or no impact on operations, mostly containing informational messages.
Scripts that used the former severity values (0-7) will continue to work as expected, as the new categories are simplified groupings of those values.
This image outlines the former severity value breakdown:
Event Status
There are two primary states for Alert Events: triggered, and resolved. Sysdig Monitor also allows for three purely visual available to improve filtering practices: acknowledged, unacknowledged, and silenced.
Event Status | Description |
|---|---|
Triggered | The circumstances that triggered the event remain in place, for example, the node remains down. |
Resolved | The circumstances that triggered the event are no longer in place, for example, the metric value has returned to within a normal range. |
Acknowledged | Manual label to assist in filtering. When an alert is acknowledged, you will not be re-notified. The acknowledged label is a purely visual marker. It does not reflect the current state (triggered/resolved) of the event. Custom events cannot be marked as acknowledged. |
Unacknowledged | Manual label to assist in filtering. All events are marked as unacknowledged by default. |
Silenced | Manual label to assist in filtering. When an alert is silenced, you will not be re-notified for a period of time chosen when you create a silence. For more information, see Silence Alert Notifications. |
For more information on filtering the Events feed, refer to Filter and Search Events.
See Secure Events to understand the Event severity levels for Sysdig Secure.
