Tanzu Observability supports smart alerts that dynamically filter noise and capture true anomalies.
- When the alert condition is met, an alert notifies one or more alert targets, which receive the alert notification(s).
- The alert notification includes an image and a link to see the alert in context.
- Look all alerts in the Alert Browser or examine a single firing alert in the Alert Viewer.
How Alerts Work Video
In this video, Clement explains how single-threshold alerts work:
Alert Viewer Tutorial
Alert Viewer is for investigating a single alert.
When you receive an alert notification, it includes a link to the alert in Alert Viewer. The related information in Alert Viewer can help you determine what’s going on.
Step 1: Connect and Get the Big Picture
Click the link in the alert notification and start with the 10-second briefing in the top left.
Step 2: Examine Related Firing Alerts
|In the top right, examine Related Firing Alerts.
When an alert fires, Wavefront scans all the other alerts that have fired within 30 minutes and correlates them with the initial event using AI/ML algorithms. You can filter by alert severity.
Step 3: Investigate Affected Point Tags and Sources
Scroll down and examine the Affected section on the left.
When an alert fires, Wavefront analyzes the point tags that are most likely to be related to the firing alert and displays them in ranked order in the Alert Viewer. These point tags are a list of suspects for why the alert is firing. For example, if the alert is caused by an outage in region=us-west-2, Wavefront ranks this tag higher than other tags.
Step 4: Learn From Other Firings
|Other Firings shows past firings of the same alert with a link to the corresponding firing in the Alert Viewer. For multi-threshold alerts, you can see the severity. Click the links to see details.|
Step 5: Explore Alert Data
|Scroll to the Data section.
You can have a first look at the alert query, filter what's displayed, and open the alert query.
Alerts Browser Tutorial
You can view and manage all alerts in the Alerts Browser.
The Alerts Browser allows you to
- search and sort alerts
- filter, for example, to see only firing alerts,
- organize alerts by state, properties, and alert tags.
Step 1: Go to Alerts Browser
On any page in the Wavefront GUI, a colored dot next to Alerting indicates that there are firing alerts. The color shows the alert severity.
Step 2: Filter Alerts in Alerts Browser
By default, the Alerts Browser shows all alerts for your cluster. To find exactly the alerts that you need you can:
Step 3: Examine an Alert in Alerts Browser
For each alert, the Alerts Browser includes detailed information. For example, an alert that is firing looks like this:
Follow these steps for a tour:
- Click the ellipsis icon to the left for a menu.
- Click the chart icon next to the status for alert details. If the alert is firing, click to examine the alert in Alert Viewer.
- View the alert condition and points.
- View details below the severity:
- View the last affected series, including the affected sources and point tags.
- View the targets. For multi-threshold alerts, you see this information for each severity.
- Examine alert tags. You can add a tag to make filtering for the alert easier.
Step 4: View Alert History
Alert history shows:
To access the alert history, click the ellipsis icon on the left of the alert in the Alerts Browser and click Versions.
Step 5: Organize Related Alerts With Tags
You can use alert tags to organize related alerts into categories. Alert tags are especially useful for setting up maintenance windows. You can:
- Search or filter the list of alerts in the Alerts Browser to show only a category of alerts.
- Suppress a category of alerts during a maintenance window.
- Reference a group of alert metrics in a single expression.
To add a new or existing alert tag at any time:
For example, you might assign tags like networkOps, underDevelopment, and eastCoast. All users can later search for one or more of these tags to find any other alerts that are in the same category or combination of categories.
Step 6: (Optional) Use Multi-Level Alert Tags
If your environment has a nested set of categories, you can use alert tag paths. For example, suppose you have created a group of alerts that you use as demo examples, and:
- Within the demo group, some alerts monitor network activity, while others monitor request latency.
- Within each subgroup, some alerts monitor production applications, while others monitor development applications.
To manage these alerts, you assign the tag paths
example.latency.dev. The Alerts Browser below shows the tag paths as a hierarchy under Tag Paths on the left. You can click example and then network to view all alerts that have a tag path that starts with
When you create a maintenance window, you can use a wildcard to match tag path components:
example.*.*matches the entire group of demo alerts.
example.latency.*matches all of the alerts that monitor request latency.
example.*.prodmatches all of the production alerts.
When you have many and complex tag paths, you can search them by parent. For example, if you have the tag paths
example.latency.dev, you can perform a search by example and the search returns all of its children.
Clone an Alert
To make copies of an existing alert, then change the copy, you can clone an alert.
- Click Alerting in the taskbar to display the Alerts Browser.
- Click the ellipsis icon next to the alert.
- Select Clone, make changes when prompted, and click Save.
- Create a classic alert or a multi-threshold alert.
- Learn about alert states and life-cycle.
- For troubleshooting, read the following KBs:
- If you want to update multiple alerts using API or CLI, see the KB How Do I Bulk Update Multiple Alerts?
Note: The CLI is not maintained by VMware and is not officially supported.