Search for Kubernetes Alerts

To search for Kubernetes policy rule violations (alerts), perform the following procedure.

Procedure

On the left navigation pane, click Alerts.
Search and filter for Kubernetes violations using the filters in the left pane and the Search text box. For help constructing a query, see the in-product Search Guide.
Note:
- You can define search results by time.
- The Alerts page offers four ways to filter alerts for Containers and Kubernetes:
  - K8s Cluster
  - K8s Namespace
  - K8s Workload
  - K8s Policy
  You can combine filters to achieve a particular result.
- Click the vertical 3-dot Configuration menu to configure the filters that display in the console.
- Alerts with Monitor action rules are not visible by default. They are part of the Other Activity > Observed filter category.
- You can exclude search results by clicking the Exclude icon to the right of a filter value. For example:
Example search results table:
- To view details about a workload, click the workload name in the Asset column. See View a Kubernetes Workload - Overview.
- To view a summary of the policy assigned to a workload, click the policy name.
- To view the Process Analysis tree and details for this alert, click the Process Analysis icon. See Investigate Containers Events on the Process Analysis Page.
- To investigate the alert on the Investigate page, click the Investigate icon. See Investigating Container Events on the Investigate Page.
- Click the Actions dropdown menu for actions you can perform on the alert:
  - Close the alert.
    Important: Closing alerts is only recommended for excluding specific workloads that exhibit known behaviors from the alerts list.
  - Mark the alert as being in progress.
  - View the notifications that have been sent out about the alert.
  - Add the alert behavior to the baseline. See Kubernetes Scope Baselines for Runtime Policies.
- To view more alert details, click the arrow icon at the right of the fow. See View Kubernetes Alert Details.