Documentation Index
Fetch the complete documentation index at: https://docs.flashcat.cloud/llms.txt
Use this file to discover all available pages before exploring further.
Alert List
The alert management page provides an alert-centric view independent of incidents, where you can see detailed information about all alerts regardless of whether they have been grouped into incidents. Go to Incident List → Alert List to access the alert management page. The alert list displays the following information:| Column | Description |
|---|---|
| Severity | Displays alert severity as a color bar (Critical, Warning, Info) |
| Title | Alert title description |
| Processing Status | Current recovery status of the alert (Recovered / Active). The list header supports quick filtering by “Active Alerts” and “Recovered Alerts” tabs |
| Incident Progress | Current processing progress of the incident associated with this alert |
| Associated Events | Number of raw events associated with the alert |
| Associated Incident | The incident this alert belongs to; click to navigate to incident details |
| Trigger Time | When the alert was first triggered |
| Integration Source | Integration name and type (shared or dedicated) that the alert originated from |
| Channel | The channel this alert belongs to |
Silenced or inhibited alerts display a special marker before the title to help you quickly identify them.
Field Reference
The alert list involves three easily confused field dimensions — please distinguish them carefully:| Field | Values | Description |
|---|---|---|
| alert_severity (Severity) | Critical / Warning / Info | Determined when the alert is created and never changes afterward. The severity filter at the top of the list also acts on this field |
| alert_status (Alert Status) | Critical / Warning / Info / Ok | Reflects the alert’s current recovery state, where Ok means recovered and any other value means unrecovered |
| Incident Progress | Triggered / Processing / Closed | This column shows the progress of the incident the alert is associated with, not the alert’s own status |
Filtering and Search
The following filters are available at the top of the alert list:| Filter | Description |
|---|---|
| Alert Title | Fuzzy match on the title |
| Severity | Multi-select Critical / Warning / Info |
| Channel | Filter by the channel the alert belongs to |
| Integration | Filter by the source integration of the alert |
| Labels | Filter by label key-value pairs, with candidate values loaded dynamically |
| Alert ID | Supports entering multiple IDs; invalid IDs are marked with a red tag |
| Silenced / Inhibited | Filter alerts that were ever silenced or inhibited |
View Settings
Click the view settings button at the top of the list to adjust the following options in the popup panel:| Option | Description |
|---|---|
| Detail Display | Choose to open alert details as a Page or in a Side Panel when clicking an alert |
| Auto Refresh | Options: Off / 5 seconds / 10 seconds / 20 seconds / 30 seconds / 1 minute / 2 minutes / 3 minutes / 5 minutes / 10 minutes, defaulting to 10 seconds |
| Display Attributes | Toggle visibility of columns such as recovery status, incident progress, associated events, associated incident, trigger time, integration source, and channel |
Batch Operations
You can select multiple alerts in the list and click the Merge button at the top to merge them into a specified incident in one action.Using Aggregate View
In addition to the standard list view, the alert list also supports Aggregate View. Aggregate view groups alerts by specified dimensions, displaying group cards on the left and alert details for the selected group on the right.Create aggregate view
After switching to aggregate view, if no aggregation rules have been created, the system guides you to create your first aggregate view.
Select grouping dimension
Select the aggregation rule for grouping. The system groups alerts by that dimension.
In aggregate view, the system matches at most 100 records for grouping display. To view full data, switch to list view.
Alert Details
Click an alert title to enter the alert details page. The top of the page is a HeaderInfo bar that shows the alert title, severity tag, alert ID (hover to copy the full ID), recovery status (Recovered / Not Recovered), and the progress tag of the incident it belongs to. If the alert has ever been silenced or inhibited, the corresponding icon is displayed before the title. The right side of the header provides a Merge action button to merge the current alert into an incident. The details page body is split into two tabs:| Tab | Description |
|---|---|
| Alert Overview | The left side shows the alert description, labels, and related events preview (up to 5 entries, with a link to the Associated Events tab for the full list); the right side shows attributes (channel, trigger time), images, alert source, associated incident, and Links |
| Associated Events | Shows the list of all raw events associated with this alert |
Alert Lifecycle Records
The entire process from trigger to close is fully recorded by the system. Common record types include:| Record Type | Meaning |
|---|---|
a_new | A new alert event was received; the system automatically triggered the alert |
a_update | A new alert event was received; the system automatically updated the alert |
a_merge | The alert was merged into an incident |
a_comm | Post a comment |
a_m_silence | Matched a silence rule; notification was skipped |
a_m_inhibit | Matched an inhibit rule; notification was not sent |
Differences between silence and inhibit:
- Silence: Alerts matching a silence rule do not send notifications at all. Suitable for planned maintenance windows.
- Inhibit: While certain “source alerts” are active, related target alerts’ notifications are proactively suppressed. Suitable for secondary alerts triggered by a common underlying failure.
Related Topics
What is an Incident
Understand the relationship between incidents, alerts, and events
Noise Reduction
Learn about alert grouping, silence, and inhibit rules