Skip to main content
An alert is one signal that something might be wrong. It arrives from a monitoring tool, lands on the service it relates to, and gets routed to whoever is on-call for that service’s team. From there, your job is simple: acknowledge it, decide if it’s real, and either resolve it or escalate to an incident.

Status

A user-visible alert moves through three states:
StatusMeaning
OpenNew, nobody’s looking yet.
AcknowledgedSomeone has it. The on-call is aware.
ResolvedFixed (or judged not to be a real problem).
Two other states exist behind the scenes:
  • Grouped under a parent when Auto-Group rolls it up. The child still exists, you just see it nested under the parent.
  • Suppressed when an integration or rule silences it.

Severity

Four levels, displayed as a coloured icon and label everywhere:
  • Critical (red, solid icon)
  • High (red, outlined icon)
  • Medium (orange)
  • Low (grey)
Severity is editable from the alert detail page. It shapes escalation and how prominently the alert sits in lists.

Where alerts come from

Most alerts come from integrations attached to a service. See Integrations for the full list of supported sources. You can also create an alert manually from the dashboard (rarely needed, useful for “I just noticed something” cases) or programmatically via the API.

The alerts list

/alerts is your home base. By default it shows everything not yet resolved, with quick filters along the top:
  • Status tabs - Not Resolved, Open, Ack’d, Resolved, All Alerts.
  • Filters - severity, service, team, acknowledged by.
  • Search - free-text across title and description.
You can switch between paginated and infinite scroll, and toggle a side peek panel so opening an alert doesn’t take you off the list. Select multiple alerts and a floating toolbar appears with bulk Acknowledge, Resolve, and Create Incident.

The alert detail page

Opening an alert gives you a dual-pane workspace:
  • Properties and timeline on one side - editable title, tags, description, status, severity, and a chronological feed of comments and activity.
  • Workspace on the other - the Warrnagen investigation, suggested runbooks, related and grouped alerts, and a chat panel to ask Warrn questions about this alert.
Across the bottom you’ll find quick actions: create a Jira ticket, open a Google Meet war room, declare or view the linked incident, or open the full activity log.

Linking to an incident

Two ways an alert becomes part of an incident:
  • Manually. Click Declare Incident on the alert. You’ll get a dialog to set the title and severity; the alert is linked automatically.
  • Automatically. If the org has Auto-create incidents on, alerts that look serious enough trigger an incident on their own. The alert that did it shows a View Incident button, and the incident lists this alert as one of its triggers.

How alerts reach you

Beyond the dashboard, alerts can find you through:
  • Slack - posted into a channel, with Acknowledge and Resolve buttons inline.
  • Mobile push - if you have the Warrn mobile app installed.
  • Email - depending on your notification settings.
Where notifications land is determined by the integrations attached to the service and team.