LOGALERT: Alert
An alert produced by a LOGRULE when its condition fired. Carries the rule context, the alert severity, a human-readable summary, sample event IDs for investigation, and triage workflow status (Open → Acknowledged → Investigating → Resolved / False Positive). Created exclusively by the logRuleEvaluator Lambda. never created from the UI.
Default definition. This article describes the default
LOGALERT definition shipped with DemandFlow. Administrators can add, remove, rename, or re-type fields, change which ones are required, and alter the layout from the Definitions screen in Settings. Your tenant's current schema may differ from what is shown here. To read the current definition at any time, GET the DEFINITION object whose id matches LOGALERT.Entity properties
| Property | Value |
|---|---|
| Entity code | LOGALERT |
| Display name | Alert |
| Plural | Alerts |
| Level | 9150 |
Use cases
LOGALERT records are ALWAYS created by the rule evaluator, never by hand. The comboKey format SUB|LOGRULE|LOGALERT puts each alert under its parent rule so the rule's Recent Alerts panel works as a relatedlist. Status follows a standard triage workflow with colour coding so the Kanban view groups alerts naturally.
Fields
Alert
| Field | Type | Required | Notes |
|---|---|---|---|
ruleName | text | Yes | Rule Read only. |
rule | reference → LOGRULE | Rule record Read only. | |
severity | enum | Yes | Severity Read only. Valid ids: info (Info), notice (Notice), warn (Warning), error (Error), critical (Critical). |
status | enum | Yes | Status Valid ids: open (Open), acknowledged (Acknowledged), investigating (Investigating), resolved (Resolved), falsePositive (False positive). |
triggeredAt | datetime | Yes | Triggered Read only. |
matchingEvents | number | Number of LOG events that matched the rule condition during this evaluation cycle. Read only. |
Context
| Field | Type | Required | Notes |
|---|---|---|---|
platform | reference → NWPLATINST | The platform this alert is associated with. copied from the rule at creation time so the alert keeps its platform context even if the rule is later reassigned. Read only. | |
groupKey | text | When the source rule is grouped (e.g. per host), this is the value of the group field for this specific alert. e.g. 'host=web-01'. Empty for ungrouped rules. Read only. | |
summary | text (multi-line) | Auto-generated description of why the alert fired. Read only. |
Triage
| Field | Type | Required | Notes |
|---|---|---|---|
assignedTo | reference → user | Assigned to | |
acknowledgedAt | datetime | Acknowledged at Read only. | |
resolvedAt | datetime | Resolved at Read only. | |
resolvedBy | reference → user | Resolved by Read only. | |
resolution | enum | Resolution Valid ids: fixed (Fixed . root cause addressed), transient (Transient . condition cleared on its own), expected (Expected . known operational behaviour), duplicate (Duplicate of another alert), ruleAdjusted (Rule adjusted . alert was over-sensitive), notReproducible (Not reproducible). | |
notes | text (multi-line) | Triage notes |
Linked Ticket
| Field | Type | Required | Notes |
|---|---|---|---|
linkedTicketRef | text | Populated when an ITSM ticket is created from this alert via the Create Ticket toolbar action. Read only. | |
linkedTicketId | text | Ticket ID Read only. |
Sample matching events
| Field | Type | Required | Notes |
|---|---|---|---|
sampleEventIds | text (multi-line) | Up to 10 LOG record IDs that matched the rule condition. Use the Jump to Events toolbar action to open the Logs screen pre-filtered to the rule's window. Read only. |
Activity. Activity timeline panel attached.
Relationships
- Lookups:
rulepoints at aLOGRULErecord.platformpoints at aNWPLATINSTrecord.
Creating a Alert via the API
POST /v1/objects
Authorization: Bearer <your-pat>
Content-Type: application/json
{
"entity": "LOGALERT",
"level": 9150,
"comboKey": "SUB:<your-sub-id>|ENT:",
"ruleName": "Example",
"severity": "info",
"status": "open",
"triggeredAt": "2026-01-01T12:00:00Z"
}Listing Alerts records
# All alerts in your tenant
GET /v1/entities/LOGALERT/SUB