Alerts is a centralized experience for detecting important conditions across your Cribl environment and routing them to the right people and systems. It provides out-of-the-box Monitors, an Active Alerts page, and Notification routing, so you can act quickly when thresholds are reached or behavior changes.

Why Use Alerts ​

• Proactive detection: Get notified when health, throughput, or data behavior deviates, instead of finding issues downstream.
• Single place to manage: Review alert activity, adjust Monitors, mute noise, and route Notifications without switching products.
• Faster triage: Each alert links directly to relevant views and context, reducing time from detection to resolution.

How It Works ​

• Monitors: Include preconfigured Monitors for common system and data signals, plus custom Monitors you define. For preconfigured Monitors, you can change thresholds, evaluation windows, and notification routing. For custom Monitors, you control those settings and the metric query.
• Active Alerts: The Active Alerts page lists Monitors to browse, filter, and investigate alerts. Each entry shows what triggered, when, and current state, with links to dashboards and logs for context.
• Notifications: Route alerts to supported targets, such as email or webhooks. Policies control which notifications are sent, how often, and when to suppress them during maintenance windows. Policy matching uses alert labels from each Monitor and its evaluation. Muting rules suppress notifications temporarily by Monitor or tag.