Definitions and descriptions for each alert field that can be returned from an alert query. Fields can also be used to query for specific information, such as the inventories associated with an alert. See Get Inventories for Alert for an example cURL statement.
| Field Name | Alert Type | Description |
| acknowledgedAt | All | Date and time in epoch format when the alert was acknowledged. |
| acknowledgeType | All | Method used to acknowledge the alert. Valid values are user, suppress, or null. Null means the alert is not yet acknowledged. |
| alarmId | All | Unique numerical identifier for the alert. |
| asset | All | The monitored prefix, IP address, origin, Cloudzone, or CDN. |
| category | All | Category of the alert. See Alert Categories and Types for more information on alert categories. |
| cdn | CDN Alert Types | CDN involved in the alert. |
| cloudzone | Cloudzone Alert Types | Cloudzone involved in the alert. |
| collectorSet | Performance, Cloudzone, and CDN Alert Types | Vantage points identifying the performance, cloudzone, or CDN alert information. |
| firstEvidenceAt | All | Date and time in epoch format when the alert was first detected. |
| inventories | All | Portfolio inventories where the asset involved in this alert is included. |
| ip | Performance Alert Types | IP address involved in the alert. |
| loweredAt | All | Date and time in epoch format when the event causing the alert stopped. |
| newUpstream | New Upstream Alert Types | Alert type raised when a new upstream adjacent AS (peer or provider) is seen announcing a route to your monitored prefixes by at least one of our peers. |
| origin | Origin Alert Types | The observed origin (ASN) at the time of the alert. |
| peerCount | Routing Alert Types | Number of peers observing this alert. |
| peerList | Routing Alert Types | List of peers observing this alert. |
| prefix | Routing Alert Types | The monitored prefix or the prefix leaked by the monitored ASN. |
| previousOrigin | Origin Alert Types | ASN announcing the prefix prior to the event causing the alert. |
| raisedAt | All | Date and time in epoch format when the event was first identified as worth of an alert. |
| subprefix | Subprefix – Hijack
Unexpected-Subprefix-Activity |
Subprefix involved in the alert. |
| threshold | Performance, Cloudzone, and CDN Alert Types | Measured value on a monitored asset that when crossed triggers the alert. |
| type | All | Same as typeName. It is there for consistency with request parameters (eg. you can query for alerts with ?type=asn-leak). See Alert Categories and Types for more information on alert types. |
| typeName | All | Same as type. Identifies type of alert within the category. Included for backward compatibility. See Alert Categories and Types for more information on alert types. |
| updatedAt | All | Date and time in epoch format of the most recent update about the event. |
| userName | All | User name provided for the API call. |
| validOrigins | Origin Alert Types | The origins that are normally authorized to announce the prefix. |