/alerts/activity/{fingerprint} - Per-alert audit timeline

GET /alerts/activity/{fingerprint}
Bearer auth

Returns the audit timeline for the alert identified by fingerprint, most recent first. Events are written transparently as silences are created, updated, or removed via the /api/alerts/silences and /api/systems/:id/alerts/silences endpoints.

Operator notes are stored as the silence comment (Alertmanager native), so a note edit appears here as a silence_updated event whose details payload includes the new comment.

Requires read:systems permission.

Path parameters

  • fingerprint string Required

    Alertmanager fingerprint of the alert (hex hash of its labels). Stable across re-firings of the same alert.

    Format should match the following pattern: ^[A-Za-z0-9._:-]{1,128}$.

Query parameters

  • limit integer

    Max events to return. Default 100, max 500.

    Minimum value is 1, maximum value is 500. Default value is 100.

  • organization_id string Required

    Tenant the alert belongs to. Required for non-Customer roles.

Responses

  • 200 application/json

    Activity timeline

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object
      Hide data attribute Show data attribute object
      • events array[object]
        Hide events attributes Show events attributes object

        One event in the per-alert audit timeline (silence created/updated/removed).

        • id integer(int64)
        • organization_id string
        • fingerprint string

          Alertmanager fingerprint of the alert this event belongs to

        • action string

          Event kind. Note edits are surfaced as silence_updated (note = silence comment).

          Values are silenced, silence_updated, or unsilenced.

        • actor_user_id string | null

          logto_id of the user who triggered the action

        • actor_name string | null

          Display name of the actor (denormalized for cheap render)

        • silence_id string | null

          Silence ID associated with this event

        • details object

          Free-form payload for the event. For silenced / silence_updated: {comment, end_at, duration_minutes?}. For unsilenced: empty.

          Additional properties are allowed.

        • created_at string(date-time)
  • 400 application/json

    Bad request - validation error

    Hide response attributes Show response attributes object
    • code integer

      HTTP error code

    • message string

      Error message

    • data object
      Hide data attributes Show data attributes object
      • type string

        Type of error

        Values are validation_error or external_api_error.

      • errors array[object]
        Hide errors attributes Show errors attributes object
        • key string

          Field name that failed validation

        • message string

          Error code or message

        • value string

          Value that failed validation

      • details

        Additional error details
  • 401 application/json

    Unauthorized - invalid or missing token

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
  • 403 application/json

    Forbidden - insufficient permissions

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
GET /alerts/activity/{fingerprint} 
curl \
 --request GET 'https://api.your-domain.com/api/alerts/activity/{fingerprint}?organization_id=string' \
 --header "Authorization: Bearer $ACCESS_TOKEN"
Response examples (200)
Events are most-recent first. Both rows share the same `silence_id` because they describe the same silence's lifecycle. `actor_user_id` is the logto_id of the operator who performed the action; `details` carries the silence metadata captured at action time (comment, end_at, etc.). 
{
  "code": 200,
  "message": "alert activity retrieved successfully",
  "data": {
    "events": [
      {
        "id": 5,
        "organization_id": "m4m3mdjdiizs",
        "fingerprint": "0a9d04bb6eed523f",
        "action": "unsilenced",
        "actor_user_id": "c5gpnoo2do48",
        "actor_name": "R1C1 Admin",
        "silence_id": "d9f91c6e-1b33-484e-befa-bfb41020e178",
        "details": {},
        "created_at": "2026-05-12T08:20:38.410596Z"
      },
      {
        "id": 4,
        "organization_id": "m4m3mdjdiizs",
        "fingerprint": "0a9d04bb6eed523f",
        "action": "silenced",
        "actor_user_id": "c5gpnoo2do48",
        "actor_name": "R1C1 Admin",
        "silence_id": "d9f91c6e-1b33-484e-befa-bfb41020e178",
        "details": {
          "comment": "silenced during maintenance window",
          "end_at": "2026-05-12T09:16:36Z",
          "duration_minutes": 0
        },
        "created_at": "2026-05-12T08:16:36.661832Z"
      }
    ]
  }
}
The alert has fired but has never been silenced. The events array is empty (not `null`). 
{
  "code": 200,
  "message": "alert activity retrieved successfully",
  "data": {
    "events": []
  }
}
Response examples (400) 
{
  "code": 400,
  "message": "validation failed",
  "data": {
    "type": "validation_error",
    "errors": [
      {
        "key": "username",
        "message": "required",
        "value": "string"
      }
    ]
  }
}
Response examples (401) 
{
  "code": 401,
  "message": "invalid token",
  "data": {}
}
Response examples (403) 
{
  "code": 403,
  "message": "insufficient permissions",
  "data": {}
}