Incidents and Events

The Stackdriver Monitoring console provides information about the incidents and other events associated with alerting policies.

Alerting policy menu

Incidents

An incident is a record that an alerting policy has been triggered. When events trigger a policy, Stackdriver opens an incident. The incident remains open until the policy stops triggering.

To view incidents, select Alerting > Incidents on the Stackdriver Monitoring console. This brings up a tabbed view that provides lists of open, acknowledged, and resolved incidents.

Incident states

“Open” or “Resolved”

Incidents appear in the Stackdriver Monitoring console and can be in one of two states:

  • Open: A policy's set of conditions is currently being met, based on the available data1.

    If a policy specifies multiple conditions, incidents open depending on how the conditions are combined. See Combining conditions for more information.

  • Resolved: The policy's conditions are no longer met2. For example, Monitoring measured HTTP latency above two seconds for 10 consecutive minutes, but in its next measurement, latency is equal to or below two seconds. So the policy resolves the incident and resets the duration window.

    Currently, you cannot manually change the state of an incident to Resolved. The policy resolves the incident when its conditions are no longer met (either because updated measurements no longer meet the conditions or because someone changed the policy's conditions).

1An incident will also be listed as open if there is no data to indicate that the condition is no longer met.
2An incident will also be listed as resolved if there is no data to indicate whether the condition still holds and the incident has expired.

In the Stackdriver Monitoring console, acknowledged incidents that are still open appear on a separate tab. This lets other people who might be notified know that someone is looking at the issue. When an incident resolves, the Stackdriver Monitoring console moves it to the Resolved tab whether or not it was acknowledged.

Acknowledging Incidents

After you view an open incident, you can mark it “acknowledged” to indicate that you have seen the report and it is being worked on. Acknowledgement does not resolve an open incident.

To acknowledge an incident, click on an incident on the Alerting > Incidents page. This brings up the incident-report page:

Acknowledging an incident

The policy-violation box summarizes the incident and provides an Acknowledge button. Click the button to acknowledge the incident.

The rest of the report provides more details on the incident and provides links to other useful information, including related logs.

Inspecting events

To see a list of all the events associated with the resources in your account, select Alerting > Events from the Stackdriver Monitoring console.

This brings up the Events page, which shows a history of events affecting the monitored resources under the Stackdriver account. In addition to alerting incidents, this list also includes maintenance tasks and resource stops and starts.

The following screenshot shows part of an event listing:

Part of an events listing

This list be searched and filtered, for example, to restrict the list to a particular resource. You can also add custom events to the event record.

Was this page helpful? Let us know how we did:

Send feedback about...

Stackdriver Monitoring