Aggregate alert statistics

GET /alerts/stats

Returns aggregate statistics over alert_history for the caller's scope: total, severity buckets, top-N alertname and system_key by count, plus MTTR (mean time to resolve) and MTBF (mean time between failures, approximated).

Scope follows the same three modes as /alerts/totals:

organization_id omitted → caller's full hierarchy.
organization_id=X → single tenant.
organization_id=X&include=descendants → sub-tree drill-down.

MTBF formula:

When both from_date and to_date are provided: (to - from) / total.
Otherwise: (max(starts_at) - min(starts_at)) / (total - 1).
Omitted from the response when the result is undefined.

Query parameters

organization_id string
include string

Value is descendants.
from_date string(date-time)

Lower bound on created_at (inclusive). RFC3339 timestamp.
to_date string(date-time)

Upper bound on created_at (exclusive). RFC3339 timestamp.
top integer

Cap for top-N alertname / system_key buckets. Default 10, max 50.

Minimum value is 1, maximum value is 50. Default value is 10.

Responses

200 application/json

Alert stats retrieved
Hide response attributes Show response attributes object
- code integer
- message string
- data object
  
  Hide data attributes Show data attributes object
  
  total integer
  
  Total alerts in scope (sum of severity buckets, including null severity).
  
  by_severity object
  
  Hide by_severity attribute Show by_severity attribute object
  
  * integer Additional properties
  
  top_alertnames array[object]
  
  Hide top_alertnames attributes Show top_alertnames attributes object
  
  alertname string
  
  count integer
  
  top_systems array[object]
  
  Hide top_systems attributes Show top_systems attributes object
  
  system_key string
  
  count integer
  
  mttr_seconds integer
  
  Mean time to resolve (avg ends_at - starts_at over rows with ends_at set). Omitted when no resolved alerts.
  
  mtbf_seconds integer
  
  Mean time between failures (approximation, see endpoint description). Omitted when undefined.
400 application/json

Bad request - validation error
Hide response attributes Show response attributes object
- code integer
  
  HTTP error code
- message string
  
  Error message
- data object
  
  Hide data attributes Show data attributes object
  
  type string
  
  Type of error
  
  Values are validation_error or external_api_error.
  
  errors array[object]
  
  Hide errors attributes Show errors attributes object
  
  key string
  
  Field name that failed validation
  
  message string
  
  Error code or message
  
  value string
  
  Value that failed validation
  
  details
  
  Additional error details
401 application/json

Unauthorized - invalid or missing token
Hide response attributes Show response attributes object
- code integer
- message string
- data object | null
403 application/json

Forbidden - insufficient permissions
Hide response attributes Show response attributes object
- code integer
- message string
- data object | null

GET /alerts/stats

curl \
 --request GET 'https://api.your-domain.com/api/alerts/stats' \
 --header "Authorization: Bearer $ACCESS_TOKEN"

Response examples (200)

{
  "code": 200,
  "message": "alert stats retrieved successfully",
  "data": {
    "total": 42,
    "by_severity": {
      "critical": 30,
      "warning": 100,
      "info": 26
    },
    "top_alertnames": [
      {
        "alertname": "string",
        "count": 42
      }
    ],
    "top_systems": [
      {
        "system_key": "string",
        "count": 42
      }
    ],
    "mttr_seconds": 42,
    "mtbf_seconds": 42
  }
}

Response examples (400)

{
  "code": 400,
  "message": "validation failed",
  "data": {
    "type": "validation_error",
    "errors": [
      {
        "key": "username",
        "message": "required",
        "value": "string"
      }
    ]
  }
}

Response examples (401)

{
  "code": 401,
  "message": "invalid token",
  "data": {}
}

Response examples (403)

{
  "code": 403,
  "message": "insufficient permissions",
  "data": {}
}