/systems/{id}/alerts - Get active alerts for a system

GET /systems/{id}/alerts

Returns current alerts from Mimir scoped to a single system. Mirrors the filter, pagination, and sort surface of GET /alerts: the only difference is that system_key is pinned to the URL path (the multi-value system_key query filter is therefore not exposed). Suppressed alerts remain visible so silenced alerts can still be inspected in the system detail view.

System identity is carried as labels on each alert (system_id, system_key, system_name, system_type), stamped at ingest time.

Multi-value filters: OR within the same filter, AND across filters.

Requires read:systems permission.

Path parameters

id string Required

System ID (database UUID)

Query parameters

page integer

1-based page number.

Minimum value is 1. Default value is 1.
page_size integer

Page size. Default 50, max 100.

Minimum value is 1, maximum value is 100. Default value is 50.
sort_by string

Sort column (allowlist matches /alerts).

Values are starts_at, severity, alertname, or status. Default value is starts_at.
sort_direction string

Values are asc or desc. Default value is desc.
status array[string]

Filter by Alertmanager state. Supports multiple values.

Values are active, suppressed, or unprocessed.
severity array[string]

Filter by severity. Supports multiple values.

Values are critical, warning, or info.
alertname array[string]

Filter by alertname. Supports multiple values.

Responses

200 application/json

Active alerts retrieved successfully
Hide response attributes Show response attributes object
- code integer
- message string
- data object
  
  Hide data attributes Show data attributes object
  
  alerts array[object]
  
  Hide alerts attributes Show alerts attributes object
  
  Active alert returned by Mimir Alertmanager. The fan-out includes silenced and inhibited alerts (not just active ones), so callers can render the muted/suppressed state. System identity (id, key, name, type) is carried as labels (system_id, system_key, system_name, system_type), stamped server-side at ingest time.
  
  fingerprint string
  
  Alertmanager fingerprint (hex hash of labels)
  
  labels object
  
  Alert labels. Always includes server-stamped identity labels (system_id, system_key, system_name, system_type, system_fqdn, system_ipv4, organization_id, organization_name, organization_vat, organization_type) plus the alert's own labels (alertname, severity, ...). Use system_id to link to the system detail page (/systems/:id) and organization_id to link to the organization.
  
  Hide labels attribute Show labels attribute object
  
  * string Additional properties
  
  annotations object
  
  Hide annotations attribute Show annotations attribute object
  
  * string Additional properties
  
  status object
  
  Hide status attributes Show status attributes object
  
  state string
  
  Values are active, suppressed, or unprocessed.
  
  silencedBy array[string]
  
  Active silence IDs muting this alert (non-empty → state is "suppressed")
  
  inhibitedBy array[string]
  
  startsAt string(date-time)
  
  endsAt string(date-time)
  
  generatorURL string
  
  Source URL of the alert (set by the pushing agent), if any
  
  pagination object
  
  Hide pagination attributes Show pagination attributes object
  
  page integer
  
  Current page number
  
  Minimum value is 1.
  
  page_size integer
  
  Number of items per page
  
  Minimum value is 1, maximum value is 200.
  
  total_count integer
  
  Total number of items
  
  Minimum value is 0.
  
  total_pages integer
  
  Total number of pages
  
  Minimum value is 0.
  
  has_next boolean
  
  Whether there is a next page
  
  has_prev boolean
  
  Whether there is a previous page
  
  next_page integer | null
  
  Next page number if available
  
  prev_page integer | null
  
  Previous page number if available
  
  sort_by string | null
  
  Field used for sorting
  
  sort_direction string | null
  
  Sort direction
  
  Values are asc or desc.
401 application/json

Unauthorized - invalid or missing token
Hide response attributes Show response attributes object
- code integer
- message string
- data object | null
403 application/json

Forbidden - insufficient permissions
Hide response attributes Show response attributes object
- code integer
- message string
- data object | null
404 application/json

Resource not found
Hide response attributes Show response attributes object
- code integer
  
  HTTP error code
- message string
  
  Error message
- data object
  
  Hide data attributes Show data attributes object
  
  type string
  
  Type of error
  
  Values are validation_error or external_api_error.
  
  errors array[object]
  
  Hide errors attributes Show errors attributes object
  
  key string
  
  Field name that failed validation
  
  message string
  
  Error code or message
  
  value string
  
  Value that failed validation
  
  details
  
  Additional error details

GET /systems/{id}/alerts

curl \
 --request GET 'https://api.your-domain.com/api/systems/sys_123456789/alerts' \
 --header "Authorization: Bearer $ACCESS_TOKEN"

Response examples (200)

The endpoint always includes silenced alerts so the UI can show the muted state in the system detail view. `state` is `"suppressed"` when at least one active silence matches the alert; the matching silence IDs are listed in `silencedBy`.

{
  "code": 200,
  "message": "alerts retrieved successfully",
  "data": {
    "alerts": [
      {
        "fingerprint": "0a9d04bb6eed523f",
        "labels": {
          "alertname": "DiskFilling",
          "severity": "warning",
          "system_id": "e4eb4844-46f6-448c-8279-7cfedf5e1037",
          "system_key": "NETH-D417-A2C2-7810-43D2-984B-2164-34C1-B22E",
          "system_name": "test-sys",
          "system_type": "ns8"
        },
        "annotations": {
          "summary": "/var is 92% full",
          "description": "Disk usage exceeded warning threshold."
        },
        "status": {
          "state": "suppressed",
          "silencedBy": [
            "d9f91c6e-1b33-484e-befa-bfb41020e178"
          ],
          "inhibitedBy": []
        },
        "startsAt": "2026-05-12T08:14:00Z",
        "endsAt": "2026-05-12T08:44:00Z"
      },
      {
        "fingerprint": "11a9302b0fa6526e",
        "labels": {
          "alertname": "HighCPU",
          "severity": "critical",
          "system_id": "e4eb4844-46f6-448c-8279-7cfedf5e1037",
          "system_key": "NETH-D417-A2C2-7810-43D2-984B-2164-34C1-B22E",
          "system_name": "test-sys",
          "system_type": "ns8"
        },
        "annotations": {
          "summary": "CPU usage 98%",
          "description": "Sustained high CPU."
        },
        "status": {
          "state": "active",
          "silencedBy": [],
          "inhibitedBy": []
        },
        "startsAt": "2026-05-12T08:20:00Z",
        "endsAt": "2026-05-12T08:50:00Z"
      }
    ],
    "pagination": {
      "page": 1,
      "page_size": 50,
      "total_count": 2,
      "total_pages": 1,
      "has_next": false,
      "has_prev": false,
      "sort_by": "starts_at",
      "sort_direction": "desc"
    }
  }
}

{
  "code": 200,
  "message": "alerts retrieved successfully",
  "data": {
    "alerts": [],
    "pagination": {
      "page": 1,
      "page_size": 50,
      "total_count": 0,
      "total_pages": 0,
      "has_next": false,
      "has_prev": false,
      "sort_by": "starts_at",
      "sort_direction": "desc"
    }
  }
}

Response examples (401)

{
  "code": 401,
  "message": "invalid token",
  "data": {}
}

Response examples (403)

{
  "code": 403,
  "message": "insufficient permissions",
  "data": {}
}

Response examples (404)

{
  "code": 400,
  "message": "validation failed",
  "data": {
    "type": "validation_error",
    "errors": [
      {
        "key": "username",
        "message": "required",
        "value": "string"
      }
    ]
  }
}