Skip to main content
The UTMStack API uses Elasticsearch for alert storage. To query alerts, use the Elasticsearch Search endpoint with filters and pagination.

Count Open Alerts

Get the count of currently open alerts.

Response

Returns the number of open alerts as an integer.
count
integer
Number of alerts with open status (status code 2)
curl -X GET https://your-utmstack-instance.com/api/utm-alerts/count-open-alerts \
  -H "Authorization: Bearer eyJhbGciOiJIUzUxMiJ9..."

42

Alert Status Codes

Alerts in UTMStack have the following status codes:
  • 1 - Automatic Review
  • 2 - Open
  • 3 - In Progress
  • 4 - Completed
  • 5 - Incident Created

Querying Alerts

To retrieve detailed alert information, use the Elasticsearch endpoint: 
POST /api/elasticsearch/search
With a query body filtering on the alerts index. See Search Alerts for details.

Response Structure

Alert objects contain:
id
string
Unique alert identifier
name
string
Alert name/title
status
integer
Alert status code (1-5)
severity
integer
Alert severity level (1=Low, 2=Medium, 3=High, 4=Critical)
category
string
Alert category
timestamp
string
Alert creation timestamp (ISO 8601 format)
source
string
Source of the alert (data source, rule, etc.)
tags
array
Array of tag names associated with the alert
notes
string
Alert notes/observations
statusObservation
string
Observation notes when status was updated

Build docs developers (and LLMs) love

Get started for freeTalk to us