Unveiling Sysdig Monitor Events.

By Dhaval Shah - DECEMBER 17, 2018


At Sysdig, we have built a cloud-native intelligence platform to create a single, more effective way to monitor and secure your critical applications. We want to empower our users to quickly identify critical events and focus on events that need the most attention from you.

As a result, our product and design teams have spent countless hours understanding how power users are triaging their events and used this learning to design an intuitive, streamlined events workflow. As part of this events workflow, all of your alerts, Docker, Kubernetes and custom events are combined in a single event feed.

Feature Overview

Event Feed

The event feed will provide a summary view of all events. You can click on any event to dig into type, scope, metric, trigger condition, additional details.

Scope for Events

You can now apply scope for your event feed and narrow events for a specific range.

Explore Events

For custom events, there is an easy option to create an Alert from the event. You can also open explore to investigate further.

Quick Filters

You can apply quick filters to include any:


  • Alert
  • Custom
  • Docker
  • Kubernetes


  • High
  • Medium
  • Low


  • Triggered
  • Resolved
  • Acknowledged
  • Unacknowledged

Severity Levels

We have ramped up our thinking around severity levels and wanted to make sure to make it easy for you to monitor/flag these instances based on their severity levels and eliminating any vagueness. We are introducing four new severity levels: High, Medium, Low and Info. Mapping of old to new severity levels is as shown below

Please Note:

If you are using API to query for severity levels, we will continue to respond to the request by sending both old and new severity levels, so your scripts will continue to work as is. API response snippet is shown below:

 “severity”: 5,
 “severityLabel”: “LOW”,

We are also renaming statuses for events. When an alert value crosses a threshold, the corresponding alert event will have TRIGGERED status, and when the alert value goes below a threshold, an alert event will transition to RESOLVED status. You can ACKNOWLEDGE/UNACKNOWLEDGED an alert event to help you focus on events that matter the most.

These are the first significant set of updates that should help you triage your events more effectively. New events workflows will be available in our December SaaS and OnPrem releases. We will continue to make refinements in the coming months and look forward to your feedback!

Subscribe and get the latest updates