NearIRM

Alerts

Understand alert lifecycle, states, and available actions

What are Alerts?

Alerts are the core objects in NearIRM. When your monitoring tool detects an issue and sends a webhook, NearIRM creates an alert and routes it through your policies.

Alert Lifecycle

Alerts flow through these states:

Firing -> Acknowledged -> Resolved

Firing

Initial state when alert arrives. Means:

  • Issue is active
  • Notifications being sent
  • Escalation timer running

Acknowledged

Someone has seen and is working on the alert:

  • Escalation stops
  • No further notifications for this alert
  • Issue still exists but being handled

Resolved

Issue is fixed. Can happen via:

  • Manual resolution in NearIRM
  • Resolved webhook from monitoring tool
  • Auto-resolve after timeout

Alert Properties

PropertyDescription
TitleAlert name from source
DescriptionDetailed information
SeverityCritical, High, Medium, Low, Info
SourceIntegration that received it
LabelsKey-value metadata
StatusCurrent lifecycle state
CreatedWhen alert first fired

Alert Actions

Acknowledge

Stops escalation and marks you as handling the issue:

  1. Go to alert detail page
  2. Click Acknowledge
  3. Status changes to "acknowledged"

Via notification: Click the acknowledge link in email/push notifications.

What happens:

  • Escalation timer cancels
  • No more notifications for this alert
  • Alert stays visible until resolved

Resolve

Marks the issue as fixed:

  1. Go to alert detail page
  2. Click Resolve
  3. Add optional resolution note
  4. Status changes to "resolved"

Auto-resolve: Alerts auto-resolve after a configurable timeout if no new firing events received.

External resolve: When your monitoring tool sends a "resolved" webhook, NearIRM automatically resolves the alert.

Alert Timeline

Each alert has a timeline showing:

  • When alert was created
  • Notifications sent (with delivery status)
  • Acknowledgments (who, when)
  • Escalations triggered
  • Resolution (manual, auto, or external)

Filtering Alerts

The alerts list supports filtering by:

FilterOptions
StatusFiring, Acknowledged, Resolved
SeverityCritical, High, Medium, Low, Info
SearchTitle, labels, description

Tip: Bookmark filtered views for quick access (e.g., "Firing Critical Alerts").

Alert Deduplication

NearIRM deduplicates alerts by fingerprint:

  • Same source + same labels = same alert
  • Repeated firing events update existing alert
  • Prevents notification spam for flapping alerts

Best Practices

  1. Acknowledge promptly - Stops unnecessary escalation
  2. Add resolution notes - Helps future debugging
  3. Review resolved alerts - Look for patterns
  4. Configure auto-resolve - Prevents stale alerts

Integrations

Connect monitoring tools and configure notification channels

Authentication

How to authenticate with NearIRM webhooks and APIs

On this page

What are Alerts?Alert LifecycleFiringAcknowledgedResolvedAlert PropertiesAlert ActionsAcknowledgeResolveAlert TimelineFiltering AlertsAlert DeduplicationBest Practices