---
title: "Alerting"
slug: "alerting-1"
description: "Explore the Kentik Alerting page to manage alerts, view historical data, and configure alert policies for effective network monitoring and response."
updated: 2025-12-03T20:38:01Z
published: 2025-12-03T20:38:01Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://kb.kentik.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Alerting

This article covers the **Alerting** page in the Kentik portal.

> [!NOTE]
> **Notes:**
> 
> - For an introduction to Kentik's alerting system, see [**Policy Alerts Overview**](/v1/docs/policy-alerts-overview).
> - For a list of all portal locations involved in managing alerts and mitigations, see [**Alerting Pages**](/v1/docs/policy-alerts-overview#alerting-pages).

![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/image(758).png)

*The Alerting page lists recent alerts generated by alert policies*

## Alerting Page

The Alerting page lists current and historical alerts from Kentik's alerting system, including alert time, severity, and state, and the dimensions/metric values defined in the alert conditions. It also provides access to the [**Alert Policies Page**](/v1/docs/alert-policies#alert-policies-page), where you can manage and configure alert policies and system responses to alerts (e.g., notifications and mitigations).

### Alerting Page UI

The Alerting page includes the following UI elements:

- **Favorite**: A star to the left of the page title, allowing you to add it to the **Favorites** tab (see [**Portal Search Tabs**](/v1/docs/portal-overview#portal-search-tabs)).
- **Alerting Overview**(button): Opens the [**Alerting Overview**](/v1/docs/alerting-overview-1).
- **Manage Alert Policies** (button): Opens the [**Alert Policies Page**](/v1/docs/alert-policies#alert-policies-page).
- **Actions** (button): Opens the [**Page-wide Actions Menu**](/v1/docs/alerting#pagewide-actions-menu).
- **Alerting breakdowns**: Cards with bar charts showing alert breakdowns by category (state, severity, type, policy, see [**Alerting Breakdowns**](/v1/docs/alerting#alerting-breakdowns)).
  - Breakdowns cover the time range selected in the Filters tab (see [**Alerts List Filters**](/v1/docs/alerting#alerts-list-filters)).
  - Hover over a bar to open a popup with additional information.
- **Show/Hide Filters** (filter icon): Toggles the expanded/collapsed **Filters** pane.
- **Group By**: A drop-down to choose a property for grouping alerts (e.g., by alert state, ack state, severity, type, policy, or primary dimension).
- **Search**(field): Shows lozenges for any filters applied via the Filter pane, and allows text input for further filtering. Click the **X** next to the field to clear entered text. Click**X** in a lozenge to clear the corresponding filter.
- **Filters**(pane): Controls for filtering the Alerts list (see [**Alerts List Filters**](/v1/docs/alerting#alerts-list-filters)).
- **Alert controls**: Apply actions to all selected alerts (controls activate when at least one alert is selected):
  - Action buttons: Click to apply actions such as **Acknowledge Alert** (see [**Alert Controls**](/v1/docs/alerting#alert-controls)).
  - Selection count: Shows the number of selected alerts.
- **Alerts list**: A table listing your organization’s alerts (see [**Alerts List**](/v1/docs/alerting#alerts-list)).

### Page-wide Actions Menu

This menu opens with the **Actions** button at the top right of the Alerting page. It includes:

- **Export**: Prepares a report (notification appears when ready to download).
  - Visual report (PDF): See [**Portal Export Options**](/v1/docs/portal-sharing-and-export#portal-export-options).
  - Data table (CSV): Opens the [**Export Alerting Data Dialog**](/v1/docs/alerting#export-alerting-data-dialog).
- **Subscribe**: Opens the Subscribe dialog to create an alert subscription. See [**Subscription Tab UI**](/v1/docs/portal-sharing-and-export#subscription-tab-ui)****for details, noting that this dialog also includes the Share, Selected View, and Lookback fields.
- **Unsubscribe**: Opens the Unsubscribe dialog to remove an alert subscription. Select the subscription to unsubscribe from the dropdown and click **Unsubscribe.**

> [!NOTE]
> **Note**: The Unsubscribe option appears only if you’re subscribed to one or more alert subscriptions.

### Export Alerting Data Dialog

The Export Alerting Data dialog appears when you select Actions » Export » **Data Table** on the Alerting page. It has the following UI elements:

- ![Options for exporting alerting data, including columns and data selection.](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/Alrt-Export_data_dialog.png)**Columns to Export**: Choose the columns to export to the CSV file (currently visible columns or all columns).
- **Data To Export**: Select the rows to export to the CSV file (currently loaded rows or the first 200, 500, 1000, or 2000 rows).
- **Export**(button): Closes the dialog and starts the alerting data export.

> **Note**: A notification appears at the top of your screen when the report is ready to download.

## Alerting Breakdowns

Cards across the page display bar charts representing a different breakdown of alerts over the selected **Time Range** (see [**Filter Categories**](/v1/docs/alerting#filter-categories)). Hovering on any bar opens a popup showing the kind and count of alerts. Clicking any bar adds a corresponding filter lozenge to the **Search** field (see [**Alerting Page UI**](/v1/docs/alerting#alerting-page-ui)), showing only alerts matching the clicked state, severity, type, or policy.

> [!NOTE]
> **Notes:** Adding a breakdown filter:
> 
> - Replaces any existing breakdown filter.
> - Can change the **Filters** pane settings, which won’t revert when the breakdown filter is removed.

![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/image(137).png)

*Bar charts show the breakdown of different kinds of alerts in various categories.*

Each category has a breakdown chart with bars representing various alert properties:

- **State**: Red bars represent active alerts, green bars represent cleared alerts.
- **Severity**: Bars represent alerts by their severity level (see [**General Threshold Settings**](/v1/docs/threshold-policy-settings#general-threshold-settings)):
  - Critical (dark purple)
  - Severe (plum)
  - Major (red)
  - Warning (orange)
  - Minor (yellow)
- **Type**: Bars represent alerts by type: Protect, Cloud, Traffic, or NMS.
- **Policies**: Bars represent individual policies that triggered during the selected time range, arranged in descending order based on alert count. Hover on a bar to view the name, type, ID, and alert count for the policy.

## Alerts List Filters

Use the Filters pane to filter the alerts listed on the Alerting page.

### Alert Filters Pane

The **Filters** pane at the left of the Alerts list includes filters to narrow the list based on the [**Filter Application Rules**](/v1/docs/alerting#filter-application-rules). It has the following general controls:

- **Reset to default**(button): Resets the **Filters** pane to its default settings (only available when filters are specified).
- **Collapse** (button): Collapses the **Filters** pane. Expand it by clicking the funnel icon (see [**Alerting Page UI**](/v1/docs/alerting#alerting-page-ui)).

The pane also includes controls that apply/remove filters in various [**Filter Categories**](/v1/docs/alerting#filter-categories) to narrow the list of alerts.

> [!NOTE]
> **Note:** All filters from a category are combined into a single lozenge in the Search field. Click the **X** in the lozenge to remove all filters from that category.

### Filter Categories

Filter criteria for the Alerts list fall into the following categories:![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/image(461).png)

- **Time Range**: Specify a time range for the listed alerts (see [**Time Range Filter**](/v1/docs/alerting#time-range-filter)).
- **Type** (checkboxes): Filter alerts by type (NMS, Traffic, Cloud, or Protect; see [**Policy Types**](/v1/docs/policy-alerts-overview#policy-types)).
- **Alert State**(checkboxes): Filter alerts by [**Alert State**](/v1/docs/alerting#alert-state) (Active or Cleared).
- **Ack State**(checkboxes): Filter alerts by [**Ack State**](/v1/docs/alerting#ack-state) (Ack Required, Acked, Not Acked, or Acked by Me).
- **Severity**(checkboxes): Filter alerts by severity (Critical, Severe, Major, Warning, or Minor), as determined by the alert policy threshold that triggered the alert.
- **Alert ID** (text field): Filter alerts by Kentik-assigned ID number (no partial matches).
- **Sites** (selection field): Include only alerts for the selected sites.
- **Policies** (selection field): Include only alerts for the selected policies.
- **Show Tenant Alerts**: When enabled:
  - Allows [**My Kentik Portal**](/v1/docs/my-kentik-portal) tenant alerts to be displayed in the Alerts list.
  - Displays the **Tenants** selection field.

> [!NOTE]
> **Note**: To show tenant alerts, click **Customize** at the top right of the Alerts list to display the [**Customize Columns Popup**](/v1/docs/alerting#customize-columns-popup) and select **Tenant**.
- **Tenants** (selection field): Include only alerts for the selected tenants (active only when **Show Tenant Alerts** is enabled).
- **Dimension Value** (text field): Include alerts where the dimension in the alert policy matches the entered text (see [**About Keys**](/v1/docs/policy-alerts-overview#about-keys)).

### Filter Application Rules

Kentik applies the following rules to filter categories and criteria:

- Alerts are displayed only if they match at least one selected criterion in all selected categories.
- Alerts are not evaluated for matches in categories with no selected criteria.

### Time Range Filter

The **Time Range** control filters alerts in the Alerts list to those active within a specified time range (UTC). Options include the last hour, last 8 hours, last 24 hours (default), last 7 days, last 14 days, last 30 days, last 90 days, or a custom time range (see [**Custom Time Range Settings**](/v1/docs/query-settings-overview#custom-time-range-settings)). Select a time range and click **Apply** to apply the filter or **Cancel** to exit without saving.

> [!NOTE]
> **Note**: You can change the start and end time values before applying the filter.

## Alerts List

The Alerts list is a filterable table (see [**Alerts List Filters**](/v1/docs/alerting#alerts-list-filters)) that shows information about alerts triggered by your organization's alert policies. Each row represents an alert. Click a row to open the [**Alert Details Drawer**](/v1/docs/alerting#alert-details-drawer) for more details.

![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/image(462).png)

*Individual alerts are selected with the checkbox at the left of their row.*

### Alerts List Columns

The columns shown in the Alerts list are customizable via the [**Customize Columns Popup**](/v1/docs/alerting#customize-columns-popup). The available columns are:

- **Select All** (in header row): Click the checkbox to select all alerts. Click it again to deselect all alerts.
- **Select** (in alert rows): Click a checkbox to select individual alerts. Once alerts are selected, the [**Alert Controls**](/v1/docs/alerting#alert-controls) appear at the top left of the list.
- **Alert State**: The alert’s current state (see [**Alert State**](/v1/docs/alerting#alert-state)).
- **Severity**: The severity level (Critical, Severe, Major, Warning, or Minor) as determined by the alert policy threshold.
- **Type**: The alert policy type: Protect, Traffic, Cloud, or NMS (see [**Policy Types**](/v1/docs/policy-alerts-overview#policy-types)).
- **Policy**: The alert policy name.
- **Policy ID**: The unique policy ID.
- **Tenant**: If enabled, includes alerts from the tenant (see [**Tenants and Packages**](/v1/docs/my-kentik-portal#tenants-and-packages)). Active only when you enable **Show Tenant Alerts** in the [**Alerts List Filters**](/v1/docs/alerting#alerts-list-filters).
- **Dimensions**: The key definition’s dimensions and their values for the keys that triggered the alert (see [**About Keys**](/v1/docs/policy-alerts-overview#about-keys)****and [**Dimensions Reference**](/v1/docs/non-flow-metrics)). For example, if the key definition is `Dest IP, Device` the dimensions column might show `Dest IP:1.10.1.174` and `Device:s414_ida9_nektie_com`.

> [!NOTE]
> **Note:** If a dimension value is blue, you can click it to go to its Details page (see [**Core Details Pages**](/v1/docs/core-details-pages)).
- **Metric**: The volume of traffic matching the key (see [**About Keys**](/v1/docs/policy-alerts-overview#about-keys)). The top-X ranking is based on the volume of matching traffic measured in the primary metric (see [**Data Funneling**](/v1/docs/threshold-policy-settings#data-funneling)).
- **Mitigation ID**: The unique mitigation ID. Click to open the [**Mitigations**](/v1/docs/mitigations) page in a new tab, filtered for that ID.
- **Alert ID**: The unique alert ID. Click to open the alert’s [**Alert Details Page**](/v1/docs/alerting#alert-details-page) in a new tab.
- **Time**: The time of the following (in UTC where applicable):
  - Event start time that triggered the alarm state.
  - Alert clearance time (if applicable).
  - Event duration.
- **Silence State**: Indicates whether the alert’s notifications are paused ("Silenced" plus the expiration date of the pause) or not ("Not Silenced").
- **Ack State**: The alert’s acknowledgement state (e.g., “Ack Required”; see [**Ack State**](/v1/docs/alerting#ack-state)).

> [!NOTE]
> **Note**: If the state is "Acked," the column also displays the alert’s acknowledgement time and user.
- **Action menu**: A vertical dots icon at the right of each alert row, which opens a menu for actions to take on that alert (see [**Alert-specific Actions**](/v1/docs/alerting#alertspecific-actions)).

> [!NOTE]
> **Note:** Alert policies don't generate alerts when in error states. If you don’t see alerts when expected, check the **Policy Status** on the [**Alert Policies**](/v1/docs/alert-policies) page (see [**General Policy Settings**](/v1/docs/threshold-policy-settings#general-policy-settings)).

#### Alert Controls

When one or more alerts are selected, the following controls appear above the Alerts list:

- **Acknowledge Alert**(button): Click to acknowledge that you’ve seen the alert (see [**Acknowledging Alerts**](/v1/docs/alerting#acknowledging-alerts)).
- **Clear Alert** (button): Click to change the [**Alert State**](/v1/docs/alerting#alert-state) from Active to Cleared. You can do this regardless of the alert’s [**Ack State**](/v1/docs/alerting#ack-state) or if the conditions that triggered the alarm are still present.

> [!NOTE]
> **Note**: Either button may be greyed out if the selected alerts have already been acknowledged and/or cleared.

### Customize Columns Popup![Customize visible columns including Severity, Policy, Time, and Tenant for user profiles.](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/AP-customize-columns-popup(1).png)

Choose up to 11 columns to include in the Alerts list using the Customize Columns popup. To access, click the **Customize** button at the top right of the list. The popup includes the following UI elements:

- **Choose columns**: Check the boxes next to the columns to include them in the table.
- **Order columns**: Drag the handles next to the checkboxes to reorder the columns.

When finished, click outside to close the popup and return to the Alerts list.

### Alert-specific Actions

Actions can be applied to an individual alert from the following locations:

- ![Menu options for managing alerts including viewing, acknowledging, and debugging alerts.](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/AP-alert-specific-actions.png)

**Action menu**: In the [**Alerts List**](/v1/docs/alerting#alerts-list)**,**click the vertical dots icon for an alert to open a list of actions.
- **Take Action**: Buttons that appear in the following areas of the portal:
  - [**Alert Details Drawer**](/v1/docs/alerting#alert-details-drawer)
  - [**Alert Details Page Sidebar**](/v1/docs/alerting#alert-details-page-sidebar)
  - [**NMS Alert Details Sidebar**](/v1/docs/alerting#nms-alert-details-sidebar)
  - [**Attack Details Drawer**](/v1/docs/ddos-defense#attack-details-drawer)

#### Available Actions

Available actions vary depending on the alert’s state or your location in the portal, and may include:

- ![Options for managing alerts including viewing details, investigating, and editing policies.](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/AL-alert-details-drawer-take-action-pane.png)**View Alert Details**: Opens the alert’s [**Alert Details Page**](/v1/docs/alerting#alert-details-page) in a new tab.
- **Investigate with AI Advisor**: Open a new conversation with Kentik’s AI agent about this alert (see [**AI Advisor**](/v1/docs/ai-advisor)).
- **Edit Policy**: (Take Action section only): Go to the Edit Policy page for the alert policy (see [**Policy Settings Pages**](/v1/docs/alert-policies#policy-settings-pages)).
- **Ack Alert**: Opens the [**Acknowledge Alert Dialog**](/v1/docs/alerting#acknowledge-alert-dialog) to confirm you’ve seen the alert.
- **Remove Ack**: Change the ack state back to “Not Acked” or “Ack Required” (as per alert policy).
- **Clear Alert** (Take Action section only): Manually change [**Alert State**](/v1/docs/alerting#alert-state) from “Active” to “Cleared”, regardless of [**Ack State**](/v1/docs/alerting#ack-state) or trigger conditions being met.
- **Silence Notifications**: Pause alert notifications for seven days.
- **Unsilence Notifications**: Lift the pause on alert notifications.
- **Suppress Alert**: Clear the alert and prevent policy from alerting on same key for seven days (see [**About Alert Suppressions & Silences**](/v1/docs/alert-suppressions#about-alert-suppressions-silences)).
- **Add Comment**(Action menu only): Add alert comment (see [**Alert Comments**](/v1/docs/alerting#alert-comments)).

> [!NOTE]
> **Note**: A **Comments** field appears above the **Take Action** section in all other areas.
- **Open Dashboard**: Go to the dashboard specified the in Policy Dashboard setting (see [**General Policy Settings**](/v1/docs/threshold-policy-settings#general-policy-settings)).
- **Debug Alert**: Open the [**Alert Debug Dialog**](/v1/docs/alerting#alert-debug-dialog) for this alert.

### Alert State

There are two possible states for alerts in Kentik:

- **Active**: The alert conditions are still present; displayed as a red lozenge.
- **Cleared**: The alert has been manually cleared or the conditions are no longer present; displayed as a green lozenge.

> [!NOTE]
> **Note:**You can narrow the Alerts list based on state using the **Alert State** filters (see [**Alerts List Filters**](/v1/docs/alerting#alerts-list-filters)).

### Ack State

Any alert can be acknowledged ("acked") by users with access to Kentik’s Alerting or DDoS Defense pages. The following alert ack states are available:

- **Ack Required**: The alert requires acknowledgement and hasn’t been acknowledged.
- **Acked**: The alert has been acknowledged.
- **Not Acked**: The alert hasn’t been acknowledged.
- **Acked by Me** (**Filters** pane only): Filters the Alerts list for alerts you’ve acknowledged.

Alert ack state is available in the following places in the Kentik portal:

- [**Alerting Page**](/v1/docs/alerting#alerting-page):
  - [**Alerts List**](/v1/docs/alerting#alerts-list): Ack State column
  - [**Alert Details Drawer**](/v1/docs/alerting#alert-details-drawer)**:**Alert Overview****section
  - [**Alert Details Page Sidebar**](/v1/docs/alerting#alert-details-page-sidebar): Alert Overview****section
- [**DDoS Defense Page**](/v1/docs/ddos-defense#ddos-defense-page):
  - “Attacks Active Within the Last 24 Hours” table

### Alert Comments

When acknowledging an alert in the [**Acknowledge Alert Dialog**](/v1/docs/alerting#acknowledge-alert-dialog), you can add a comment visible by other users.

- **All Alerts**: Alert comments appear in the [**Alert Details Drawer**](/v1/docs/alerting#alert-details-drawer) and [**Alert Details Page Sidebar**](/v1/docs/alerting#alert-details-page-sidebar):
  - **Ack statement**: The comment appears under the traffic chart, along with the user name who acked the alert.
  - **Comments pane**: Comments are displayed as cards in chronological order. You can add another comment in the **Comment** field below any existing comments (see [**Comments Pane**](/v1/docs/alerting#comments-pane)).
- **Auto-acknowledged Alerts Only**: Alert comments also appear in the [**Auto-acknowledgements Page**](/v1/docs/auto-acknowledgements#autoacknowledgements-page).

> [!NOTE]
> **Note:** For step-by-step procedures, see [**Add an Alert Comment**](/v1/docs/manage-alerts#add-an-alert-comment), [**Edit an Alert Comment**](/v1/docs/manage-alerts#edit-an-alert-comment), and [**Remove an Alert Comment**](/v1/docs/manage-alerts#add-an-alert-comment).

## Acknowledge Alert Dialog

Access the Acknowledge Alert dialog from these portal locations:

- Click **Acknowledge Alert** above the Alerts list (see [**Alert Controls**](/v1/docs/alerting#alert-controls)).
- Choose **Ack Alert** from the Action menu at the right of each Alerts list row (see [**Alert-specific Actions**](/v1/docs/alerting#alertspecific-actions)).
- Click **Ack Alert** in the **Take Action** pane of the [**Alert Details Drawer**](/v1/docs/alerting#alert-details-drawer).
- Click **Ack Alert** in the [**Alert Details Page Sidebar**](/v1/docs/alerting#alert-details-page-sidebar).

### Ack Alert Dialog UI

The Acknowledge Alert dialog has the following UI elements:

- ![Alert acknowledgment options including duration and notification settings for River Song.](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/Alrt-Ack_Alert_dialog.png)**Cancel**(buttons): Click the**X** at top right or**Cancel** at bottom to close the dialog without acknowledging the alert.
- **Acknowledgement info**: A statement identifying you as the person that acknowledged the alert (see [**Acknowledging Alerts**](/v1/docs/alerting#acknowledging-alerts)).
- **Comment**: A field to input a comment for the alert (see [**Alert Comments**](/v1/docs/alerting#alert-comments)).
- **Acknowledge additional occurrences (auto-ack)**: A checkbox to enable auto-acknowledgement for this alert. When checked, the **Duration** controls are shown.
- **Silence notifications for this alert**: A checkbox to silence notifications for this alert for the specified duration (see [**Silence Alert Notifications**](/v1/docs/manage-alerts#silence-alert-notifications)). When checked, the **Duration** controls are shown.

> [!NOTE]
> **Note**: This option is not active when the alert has already been silenced.
- **Duration**: Specify a duration for auto-acknowledgement and/or silencing notifications. The method is chosen by radio button:
  - **For**: Specify a duration forward from the present in either hours or days (whole numbers only).
    - **Hours**: The duration must be between 1 and 24 hours.
    - **Days**: The duration must be between 0 and 7 days for Member-level users, or up to 365 days for Admin-level users.
  - **Until**: Specify a future date-time at which the duration will expire.
    - Click the field to open the calendar.
    - Enter a date-time at least 1 hour and up to 7 days from the present for Member-level users, or up to 365 days for admin-level users.
- **Confirm**: Click to acknowledge the alert, save changes, and exit the dialog.

> [!NOTE]
> **Note**: You cannot set separate time durations for the “auto-ack” and “silence” features. The selected duration applies to both.

### Acknowledging Alerts

Acknowledging alerts informs other users that you are aware of them. When you acknowledge (ack) an alert, your **Full Name**from your user profile (see [**General Settings**](/v1/docs/user-profile#general-settings)) appears with ack state “Acked” in these locations of the portal:

- [**Alerting Page**](/v1/docs/alerting#alerting-page): **Ack State** column of Alerts list. In **Details** drawer.
- [**DDoS Defense Page**](/v1/docs/ddos-defense#attack-table): **Ack State** column of Attack table. In **Details** drawer.
- [**Alert Details Page**](/v1/docs/alerting#alert-details-page): **Ack State** column of**Alert Overview** sidebar.

You can acknowledge an alert type (Protect, Cloud, Traffic, NMS) regardless of **Acknowledgement Required** being enabled in the policy threshold. Each alert can be acknowledged by one user at a time, but if removed (see [**Remove an Alert Ack**](/v1/docs/manage-alerts#remove-an-alert-ack)) another user can acknowledge the same alert (see [**Acknowledge an Alert**](/v1/docs/manage-alerts#acknowledge-an-alert)).

### Auto-acknowledgement

Auto-acknowledgement allows you to set a duration for automatic acknowledgement of all instances of a given alert (triggered by a policy threshold and based on the same key). The minimum duration is one hour, and the maximum is seven days for member-level users or one year for admin-level users. The duration is set when you [**Auto-acknowledge an Alert**](/v1/docs/manage-alerts#autoacknowledge-an-alert) and can be managed on the [**Auto-acknowledgements**](/v1/docs/auto-acknowledgements) page.

### Silence Notifications

To silence notifications for a given alert for seven days, click **Silence Notifications** in one of the following locations:

- [**Alerting Page**](/v1/docs/alerting#alerting-page):
  - In the [**Alert-specific Actions**](/v1/docs/alerting#alertspecific-actions) menu for the alert.
  - In the [**Alert Details Drawer**](/v1/docs/alerting#alert-details-drawer), under Take Action.
- [**Alert Details Page**](/v1/docs/alerting#alert-details-page):
  - Under Take Action.

You can also silence an alert’s notifications for a custom duration when you acknowledge the alert (see [**Custom Silence Alert**](/v1/docs/manage-alerts#custom-silence-alert)).

## Alert Debug Dialog

The Alert Debug dialog provides context to understand why an alert was triggered by a policy threshold (see [**About Alert Thresholds**](/v1/docs/threshold-policy-settings#about-alert-thresholds)). Accessible to all user levels, alert types, and states, it’s accessed via the******Debug Alert** button (see [**Alert-specific Actions**](/v1/docs/alerting#alertspecific-actions)).

### Debug Dialog UI

The Debug Alert dialog includes the following UI elements:

- **Title bar**: Displays “Debug [policy type] Alert,” where policy type is Protect, Traffic, Cloud, or NMS.
- **Close**: Click the **X** in the upper right to close the dialog.
- **Policy**: The policy name that triggered the alert (top left).
- **Alert ID**: The unique alert ID (top right).
- **Alert triggers**: The dimensions that triggered the alert (e.g. Dest IP; see [**Alert Details Drawer**](/v1/docs/alerting#alert-details-drawer)).
- **Lookback**: Use the dropdown to adjust the time range back from the present (between 30 minutes and 15 days).

> [!NOTE]
> **Note**: If the alert was triggered before the start of the selected time range, the start of the range will be adjusted to include the start of the alert.
- **Graph**: A dot chart covering the selected **Lookback** range, with plots as listed in [**Debug Graph**](/v1/docs/alerting#debug-graph).

### Debug Graph

The Debug graph is a dot plot for alert data. Hover over a dot to open a popup with a timestamp and additional information, or dim all dots of a different type (e.g., baseline dots dim when hovering over a match). ![Dots representing alert-related events are plotted against the Lookback time range.](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/Alrt-Debug_dialog(1).png)The chart includes:

- **Time**: Horizontal axis showing the time range set with the **Lookback** control (see [**Debug Dialog UI**](/v1/docs/alerting#debug-dialog-ui)).
- **Values**: Vertical axis with measurement and units determined by the policy dimensions and metrics.
- **Triggering event**: Vertical red line showing the alert trigger time.
- **Matches**: Purple dots representing matches between the evaluated traffic and policy thresholds (see [**About Matches**](/v1/docs/policy-alerts-overview#about-matches)).
- **Baseline**: Brown dots representing baseline values, if baselining is enabled (see [**Policy Baseline Settings**](/v1/docs/threshold-policy-settings#policy-baseline-settings)).
- **Baseline Fallback**: Green dots representing fallback baseline values if baselining is enabled but no baseline exists (see [**Threshold Configuration**](/v1/docs/threshold-policy-settings#threshold-configuration)).
- **Static Threshold**: Horizontal red dashed line representing the policy’s static threshold (see [**Threshold Conditions**](/v1/docs/threshold-policy-settings#threshold-conditions)).
- **Policy Min Traffic**: Horizontal purple line representing the minimum traffic threshold (see [**Building Your Dataset**](/v1/docs/threshold-policy-settings#building-your-dataset)). Keys with traffic below this amount won't be plotted.
- **Legend**: Combinations of dots and labels showing data types and their colors. Hover over a combination to dim all other data types, or click a combination to dim plots of that type.

## Alert Details Drawer

The Alert Details drawer slides out from the right of the Alerting page when you click anywhere in the [**Alerts List**](/v1/docs/alerting#alerts-list) row for an alert.

### Alert Details Drawer UI

The information in the drawer varies depending on the alert type and available information:

- ![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/image(148).png)**Policy**: The name of the alert policy that triggered the alert (see [**Alert Policies**](/v1/docs/alert-policies)).
- **View in Metrics Explorer** (NMS only): Opens [**Metrics Explorer**](/v1/docs/metrics-explorer) with the alert policy’s settings pre-populated in the Query sidebar.
- **Lookback** (NMS alerts only): A dropdown to set the visualization time range.
  - **Options**: Alert +/- 1 hour (default), Alert +/- 24 hours, Last hour, Last day, Last 7 days, Last 14 days, and Last 30 days.
  - The graph shows between 1 and 24 hours before the alert was triggered until the current time.
- **Visualization**: A visualization is available for most alerts, appropriate to the alert type:
  - **Threshold alerts**: A traffic representation with context (baseline and thresholds) for why the alert triggered.
  - **NMS alerts**: An [**Up/Down Visualization**](/v1/docs/alerting#updown-visualization).
- **Ack statement**: Displays who acked the alert and at what time. If a comment was added, it will display here in addition to in the [**Comments Pane**](/v1/docs/alerting#comments-pane).
- **Alert Overview**: Displays key alert information (see [**Alert Overview**](/v1/docs/alerting#alert-overview)).
- **Target** (not present for NMS alerts): Shows the key dimension (target) that matched the threshold conditions, along with the values, from the Dimensions and Metric columns of the Alerts list (plus any secondary metrics).
- **Triggering Event**: The alert policy conditions that triggered the alert (see [**Triggering Event**](/v1/docs/alerting#triggering-event)).
- **Triggered Threshold**: A summary of the policy’s [**Triggered Threshold**](/v1/docs/alerting#triggered-threshold), including dimensions, primary and secondary metrics, conditions, and activation/clearance times.
- **Mitigation Details**: Information about automatically triggered the mitigations (if defined by the alert policy) including ID, start date/time, platform, and method.
- **Comments**: A field to add comments and view [**Alert Comments**](/v1/docs/alerting#alert-comments) already added (see [**Comments Pane**](/v1/docs/alerting#comments-pane)).
- **Take Action**: Buttons for additional alert-related actions (see [**Alert-specific Actions**](/v1/docs/alerting#alertspecific-actions)).
- **Warning**: If the policy has changed since alert activation, a sidebar warning might appear in the affected sections.

### Alert Overview

The **Alert Overview** section in the **Details** drawer offers the following information:

- **ID**: The system-generated unique ID for the alert. Click it to open the [**Alert Details Page**](/v1/docs/alerting#alert-details-page) in a new tab.
- **Severity**: The alert’s severity level (Critical, Severe, Major, Warning, or Minor). Severity is determined by the alert policy threshold that triggered the alert.
- **Alert State**: The state of the alert (Active or Cleared). See [**Alert State**](/v1/docs/alerting#alert-state).
- **Ack State**: The acknowledgement state of the alert (Ack Required, Acked, or Not Acked). See [**Ack State**](/v1/docs/alerting#ack-state).
- **Start Time**: The start of the period evaluated for the alert.
- **Event End Time**: The end of the period evaluated for the alert, calculated based on the counter reset time on the policy for threshold alerts.
- **Clear Time**: The end of the period evaluated for the alert or "Currently Active" if the alert is ongoing.

### Triggering Event

The **Triggering Event** section in the Details drawer depends on the alert type.

#### NMS Triggering Event

An NMS alert’s **Triggering Event** section provides:

- **Metrics**: The metrics that triggered the alert as displayed in the Metric column (see [**Alerts List Columns**](/v1/docs/alerting#alerts-list-columns)).
- **Dimensions**: The dimensions that triggered the alert as displayed in the Dimensions column (see [**Alerts List Columns**](/v1/docs/alerting#alerts-list-columns)).
- **Context**: The policy’s selected measurement (see [**Measurement Pane Parameters**](/v1/docs/metrics-explorer#measurement-pane-parameters)) and the affected device name (see [**NMS Device Details Page**](/v1/docs/nms-devices#nms-device-details-page)).

#### Threshold Triggering Event

A threshold alert’s **Triggering Event** section shows:

- The triggered policy’s [**Threshold Conditions**](/v1/docs/threshold-policy-settings#threshold-conditions)
- The traffic value that triggered the alarm (displayed as a table).

### Triggered Threshold

The **Triggered Threshold** section in the Details drawer provides the following about the policy threshold that triggered the alert (when applicable):

- **Dimensions**: The dimensions used to evaluate traffic for the threshold (see [**Data Funneling**](/v1/docs/threshold-policy-settings#data-funneling)).
- **Primary and Secondary Metrics**: The metrics used to evaluate traffic for the threshold [**Data Funneling**](/v1/docs/threshold-policy-settings#data-funneling)).
- **Conditions**: Match criteria (see [**Threshold Conditions**](/v1/docs/threshold-policy-settings#threshold-conditions)).
- **Activates**: The required number of matching conditions within the specified time period (see [**Threshold Frequency**](/v1/docs/threshold-policy-settings#threshold-frequency)).
- **Clears**: Time after which the counter resets if conditions aren’t met (see [**Threshold Frequency**](/v1/docs/threshold-policy-settings#threshold-frequency)).

### Mitigation Details

The**Mitigation Details** section in the Details drawer provides the following about any mitigations triggered by the policy’s threshold (see [**Mitigation Overview**](/v1/docs/mitigation-overview#mitigation-overview)):

- **ID**: The system-generated unique ID for the mitigation. Click it to open the [**Mitigations List**](/v1/docs/mitigations#mitigations-list) filtered for this ID.
- **Started**: The date and time the mitigation was initiated.
- **Platform**: The platform on which the mitigation was exec (see [**Platforms and Methods**](/v1/docs/manage-mitigations#platforms-and-methods)).
- **Method**: The individual configuration that ran on the mitigation platform (see [**Platforms and Methods**](/v1/docs/manage-mitigations#platforms-and-methods)).

### Comments Pane

The **Comments** pane allows you to add and manage comments for a single alert. It’s found in both the [**Alert Details Drawer**](/v1/docs/alerting#alert-details-drawer) and [**Alert Details Page Sidebar**](/v1/docs/alerting#alert-details-page-sidebar), and includes the following UI elements:

- **Comment count**: The number of comments, in parentheses next to the heading.![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/image(232).png)
- **Comment card**: Each alert comment added shows as a separate card with the following elements:
  - **Ack statement**: Displays the user who acked the alert and when.
  - **Edit** (only for the original commenter): Allows modifying the comment. Click **Save** to update the comment or **Cancel** to exit without saving changes.
  - **Remove** (only for the original commenter): Opens a confirmation dialog to remove the selected comment.
  - **Comment**: The original comment.
- **Add Comment**: A field to add a comment to the alert (see [**Add an Alert Comment**](/v1/docs/manage-alerts#add-an-alert-comment)).

### Take Action Pane

The******Take Action**pane of the Details drawer is described in [**Alert-specific Actions**](/v1/docs/alerting#alertspecific-actions).

## Alert Details Page

The******Alert Details Page** shows details about an individual threshold alert.

> [!NOTE]
> **Note:** The NMS Alert Details page is slightly different (see [**NMS Alert Details Page**](/docs/alerting-1#Ga05-NMS_Alert_Details_Page)).

![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/image(234).png)

*The Details page for a non-Protect alert*

### Alert Details Page Access

Access the Details page for an individual threshold alert from the following locations:

- [**Alerts List**](/v1/docs/alerting#alerts-list): Either:
  - Click the alert’s ID in the **Alert ID** column or;
  - Click the vertical dots icon at the right and choose **View Alert Details**.
- [**Alert Details Drawer**](/v1/docs/alerting#alert-details-drawer) (via the [**Alerting Page**](/v1/docs/alerting#alerting-page) or [**DDoS Defense DDoS Defense Page**](/v1/docs/ddos-defense#ddos-defense-page)): Either:
  - Click the ID under Alert Overview or;
  - Click **View Details** under Take Action.
- [**DDoS Defense Page**](/v1/docs/ddos-defense) (alert type: Protect only): In the “Attacks Active Within the Last 24 Hours” table:
  - Click the alert’s ID in the **Alert ID** column, or;
  - Click the vertical dots icon at the right and choose **View Details**.

> [!NOTE]
> **Note:** Depending on your browser settings, Details pages may open in a new tab or window.

### Alert Details Subnav

The subnav of an alert’s Details page includes the following elements:

- **Breadcrumbs**: Indicates your current location within the Kentik portal. Click Alerting to return to the Alerting page.
- **Share**: Opens the **Share** dialog (see [**Sharing via the Share Dialog**](/v1/docs/portal-sharing-and-export#sharing-via-the-share-dialog)).
- **Actions**: Choose **Export** from the dropdown to download a visual report (PDF) of the page’s visualizations and tables. A notification appears when the PDF is ready to download.

### Alert Details Main Display

The main display area of the Details page for a threshold policy alert has several panes that provide actionable details.

#### Title Pane

The **Title** (top-most) pane contains the following information:

- **Alert name**: The alert name, as defined in its policy.
- **Description**: A brief summary of the situation this alert policy addresses.

#### Threshold Statistics Pane

The **Statistics** pane illustrating the situation that generated the alert. Its elements vary depending on the alert type and the dimensions in the key definition:

- **Alert State**: The alert state (Cleared or Active) and how long ago it was reached.
- **Dimensions**: The names and values of key dimensions that triggered the alert (e.g., a device and a destination IP address).
- **Statistics**: Statistics illustrating the situation that generated the alert (e.g., baseline flows/s, actual flows/s, and actual Kpackets/s).

> [!NOTE]
> **Note:** Comparison of the actual value to the triggering value is defined in the alert policy. For example, if policy threshold condition is "flows/s value is greater than 200% of baseline" then the statistics will include not only the actual flow/s but also the percent difference to the baseline flows/s.

#### Threshold Data Pane

The **Data** pane shows charts and tables for the condition that caused the alert. Its structure depends on the type of alert:

- **Cloud and traffic alerts**: Includes a time series chart of the traffic that caused the alert (displays metrics selected in the policy).
- **Protect alerts**: Six tabs displaying charts and tables showing different aspects of the traffic covered by the alert (see [**Protect Data Tabs**](/v1/docs/alerting#protect-data-tabs)).

For all alerts, the following elements are present:

- **View in Data Explorer**: A link below each chart to [**Data Explorer**](/v1/docs/data-explorer), with the alert’s key pre-populated in the **Query** sidebar.
- **Why Was This Triggered**: A description of the policy threshold conditions and their actual values.

> **Note:** For Protect alerts, this appears on the Insights tab.
- **History**: A table detailing recent or active alerts with matching dimensions. Click the ID column link to go to the alert’s Details page or click **Ack********Alert** to open the [**Acknowledge Alert Dialog**](/v1/docs/alerting#acknowledge-alert-dialog).

#### Protect Data Tabs

The **Data** pane on a Protect (DDoS) alert’s Details page displays tabs with different visualizations.

![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/image(236).png)

The following tabs are included in the Data pane for a Protect alert:

- **Alert**: A time series chart showing the traffic that triggered the alert (based on volume metrics defined in the policy). Below, it details the trigger conditions and state changes.
- **Ingress Interfaces**: A chart showing traffic volume for the affected interfaces, along with device and site details.
- **Traffic Patterns**: A chart and table characterizing traffic volumes, sources, services, and directionality.
- **Source Countries**: A chart showing unique source IPs of the attack traffic, and a table ranking the corresponding countries.
- **Source Services**: A chart showing originating services for the traffic and a table ranking them.
- **Packet Size Distribution**: A bar chart showing packet sizes, and a table ranking them by traffic volume.

> [!NOTE]
> **Note:** The charts start 30 minutes before the alert's start time and end with the current time (if active) or its end time.

### Alert Details Page Sidebar

The right sidebar of an alert’s Details page provides additional details.

- **Ack statement** (if the alert’s been acknowledged): Displays who acked the alert and when. If a comment was added, it’ll display here and in the [**Comments Pane**](/v1/docs/alerting#comments-pane).
- **Alert Overview**: Key information about the alert (see [**Details Page Alert Overview**](/v1/docs/alerting#details-page-alert-overview)).
- **Mitigation Details**: Info about the mitigation automatically triggered by this alert, if defined by the alert policy (see [**Mitigation Details**](/v1/docs/alerting#mitigation-details)).
- **Policy**: Information about the alert policy:
  - **Edit Policy**: Links to the Edit Policy page for the alert (see [**Policy Settings Pages**](/v1/docs/alert-policies#policy-settings-pages)).
  - **Name**: The policy name that triggered the alert (see [**Alert Policies**](/v1/docs/alert-policies)).
  - **Last Edited**: How long ago the policy was edited.
  - **Alerts for Policy**: The number of alerts generated from this policy in the last 7 days.
- **Comments**: A field to view and add comments (see [**Comments Pane**](/v1/docs/alerting#comments-pane)).
- **Take Action**: Buttons for additional alert-specific actions (see [**Alert-specific Actions**](/v1/docs/alerting#alertspecific-actions)).
- **Warning**: If the policy’s changed since the alert started, a warning appears in the affected sidebar sections.

> [!NOTE]
> **Notes:**
> 
> - Sidebar info can vary between Protect and non-Protect alerts.
> - For NMS alerts, see [**NMS Alert Details Sidebar**](/v1/docs/alerting#nms-alert-details-sidebar).

#### Details Page Alert Overview

The **Alert Overview** section in the Details page sidebar includes:

- **Copy Alert ID**: Copies the alert’s ID to your clipboard.
- **ID**: The unique alert ID.
- **Severity**: The alert’s severity level (Critical, Severe, Major, Warning, or Minor). Severity is determined by the alert policy threshold that triggered the alert.
- **Alert State**: The alert’s state: Active (red) or Cleared (green). See [**Alert State**](/v1/docs/alerting#alert-state).
- **Ack State**: The alert’s acknowledgement state (Ack Required, Acked, or Not Acked). See [**Ack State**](/v1/docs/alerting#ack-state).
- **Start Time**: The start of the period evaluated for the alert.
- **Event End Time**: The end of the period evaluated for the alert, calculated based on the counter reset time from the threshold policy settings. Only present when the alert is cleared.
- **Clear Time**: The end of the period evaluated for the alert. Displays “Currently Active” if the alert is ongoing.

## NMS Alert Details Page

Access the NMS Alert Details page as described in [**Alert Details Page Access**](/v1/docs/alerting#alert-details-page-access). While similar to a typical [**Alert Details Page**](/v1/docs/alerting#alert-details-page), there are some differences.

### NMS Alert Details Display

The main display area is divided into a set of panes, as described in [**Alert Details Main Display**](/v1/docs/alerting#alert-details-main-display). Below, we’ll cover the contents of those panes for an NMS alert.

#### NMS Statistics Pane

The fields across the top of the page provide NMS-specific statistics, including the measurement, metric, and dimensions specified on the policy that generated the alert.

#### NMS Data Pane

The Data pane shows charts and tables related to the condition that caused the alert, varying by alert type as follows:

- **NMS Up/Down**: Includes an up/down chart that details the alert status over time (see [**Up/Down Visualization**](/v1/docs/alerting#updown-visualization)).
- **NMS Threshold**: Includes a line chart detailing the alert’s activity over the time specified in the **Lookback** dropdown at top right.

The**View in Metrics Explorer** link above the chart takes you to [**Metrics Explorer**](/v1/docs/metrics-explorer), where the alert policy settings are pre-populated in the Query sidebar. The pane also includes a History table, which details recently-triggered or currently active alerts.

#### Up/Down Visualization

This time-based chart type displays a series of bars on a horizontal time axis, each representing a segment of the current time range. The color of each bar indicates the state of the policy’s data sources (devices, interfaces, or BGP neighbors) at that point: green = up, red = down, and gray = unknown. Hover over any bar to open a popup displaying the timestamp and state during that segment. Up/Down visualizations have a **Lookback** dropdown for choosing the timeframe covered:

- **NMS Details drawer**: Last hour, Last day, Last 7 days, Last 14 days, and Last 30 days.
- **NMS Details page**: Alert +/- 1 hour, Alert +/- 24 hours, Last hour, Last day, Last 7 days, Last 14 days, and Last 30 days.

In the NMS Details drawer, if an event occurred during a segment, its bar will be slightly elevated an icon will appear above it:

- **Red Bell**: An alert was triggered.
- **Green Checkmark**: The alert was cleared (according to policy settings).

### NMS Alert Details Sidebar

The right sidebar on the Details page for an NMS alert provides different details than for non-NMS alerts. It includes:

- **Alert Overview**: Information about the alert (see [**Details Page Alert Overview**](/v1/docs/alerting#details-page-alert-overview)).
- **Device**: The device being alerted on (if applicable), with various device details including site, model, location, IP address, manufacturer, and serial number.
  - **View Details**: Link to the [**NMS Device Details Page**](/v1/docs/nms-devices#nms-device-details-page) for that device.
- **Policy**: Info about the alert policy:
  - **Edit Policy**: Links to the alert’s Edit Policy page (see [**Policy Settings Pages**](/v1/docs/alert-policies#policy-settings-pages)).
  - **Name**: The policy name that triggered the alert (see [**Alert Policies**](/v1/docs/alert-policies)).
  - **Last Edited**: How long ago the policy was edited.
  - **Alerts for Policy**: The number of alerts generated from this policy in the last 7 days.
- **Take Action**: Buttons for additional alert-related actions (see [**Alert-specific Actions**](/v1/docs/alerting#alertspecific-actions)).
- **Comments**: A field to view and add comments (see [**Comments Pane**](/v1/docs/alerting#comments-pane)).
- **Warning**: If the policy’s changed since the alert started, a warning appears in the affected sidebar sections.