Experience Center
Triggering an Alert
When configuring an alert rule, you can set up alerts to receive notifications about your device, application, network performance, or ZDX Score when it meets the alert rule criteria.
The alerts triggered have a display delay of 30 minutes.
When adding a new alert rule, in the Throttling options:
- Alert Only if Repeated: The number of times a situation should repeat for an alert to be triggered.
- Number of Active Devices is: The number of active devices impacted based on the In Group selection.
- Minimum Devices Impacted: The number or percentage of devices impacted based on the In Group selection.
- In Group: The Departments, Cities, Organization, Regions, or Zscaler Locations the alert applies to.
Example Alert Criteria
In the following alert criteria:
- Alert Only if Repeated 3 Times in a Row
- Number of Active Devices: 5
- Minimum Devices Impacted: 20%
- Page Fetch Time (PFT): > 1000ms
- In Group: Cities (city = Cairo)
Scenario with Alert Criteria Not Met
If there is only one device present in Cairo and the following occurs:
- The PFT of the device exceeds 1000ms.
- This situation repeats 3 times in a row.
- The minimum devices impacted is 1.
The alert won't trigger because there is only one active device in Cairo and therefore does not meet the Number of Active Devices: 5 criteria.
Scenario with Alert Criteria Met
If there are 5 active devices (Device 1 to 5) and the following occurs:
- The PFT of the device exceeds 1000ms.
- This situation repeats 3 times in a row.
- The minimum devices impacted is 1.
Then an alert is triggered at T3 as shown in the following table.
| Device # | Times in a Row (T1) | Times in a Row (T2) | Times in a Row (T3) |
| Device 1 | Device impacted | Device impacted | Alert triggered |
| Device 2 | Device impacted | Device impacted | Alert triggered |
| Device 3 | Device impacted | Device impacted | Alert triggered |
| Device 4 | Device impacted | Device impacted | Alert triggered |
| Device 5 | Device impacted | Device impacted | Alert triggered |
More Example Scenarios
Here are more example scenarios for setting up alert criteria.
Alerts by Cities Filter
If you are setting up alerts based on the cities the devices are in, select Cities from the In Group drop-down menu. An alert triggers when the criteria you have set up for the alert are met. In this example, an alert triggers when all the following occur:
- Page Fetch Time (PFT) of an application exceeds <1000ms> (added in the Configure Rule tab).
- There are <10> devices in <city_name> city.
- There are at a minimum <5> devices impacted.
- The above situation repeats <5> times in a row.
Alerts by Organization Filter
If you are setting up alerts based on the organization the devices are in, select Organization from the In Group drop-down menu. An alert triggers when the criteria you have set up for the alert are met. In this example, an alert triggers when all the following occur:
- Page Fetch Time (PFT) of an application exceeds <1000ms> (added in the Configure Rule tab).
- There are <10> devices across the organization.
- There are at a minimum <5> devices impacted.
- The above situation repeats <5> times in a row.
Alerts by Cities and Geolocations Filter
If you are setting up alerts based on city grouping using the geolocation filter, click Add Filter in the Filters tab, and select Geolocations. Choose the desired cities from the drop-down menu. An alert triggers when the criteria you have set up for the alert are met. In this example, an alert triggers when all the following occur:
- Cities are defined in the Geolocations filter (e.g., city = Atlanta).
- Page Fetch Time (PFT) of an application exceeds <1000ms> (added in the Configure Rule tab).
- There are <10> devices in group=city.
- There are at a minimum <5> devices impacted.
- The above situation repeats <5> times in a row.
