list_alert_rules
List alert rules to audit notification routing, troubleshoot missed alerts, and understand which alerts go to which escalation chains.
Instructions
List all alert rules in LogicMonitor (LM) monitoring.
Returns: Array of alert rules with: id, name, priority, enabled status, matching conditions (device/datasource/severity filters), escalation chain assigned, suppression settings.
What are alert rules: The ROUTING LOGIC that determines "which alerts go to which people." Act as traffic directors: "IF alert matches these conditions, THEN send to this escalation chain." Rules are evaluated in priority order (1st match wins).
When to use:
Audit who gets notified for different alert types
Understand notification routing logic
Find rule IDs for modifications
Troubleshoot "why didn't I get alerted?"
Document alert notification policies
How alert rules work: Alert triggers → Rules evaluated in priority order → First matching rule wins → Routes alert to that rule's escalation chain → Escalation chain notifies recipients
Common alert rule patterns:
Priority 1 (Critical Production): IF resource/device in "Production" group AND severity = critical → Route to "Critical On-Call" escalation chain
Priority 2 (Database Team): IF datasource contains "MySQL" OR "PostgreSQL" → Route to "Database Team" escalation chain
Priority 3 (Business Hours): IF severity = warning → Route to "Business Hours Email" chain (no pages)
Priority 99 (Catch-All): IF any alert not matched above → Route to "Default NOC" escalation chain
Use cases:
"Who gets paged for production CPU alerts?" → Find rule matching prod resources/devices+ CPU datasource
"Update team notifications" → Modify alert rule to route to different escalation chain
"Stop getting low-priority pages" → Check which rule routes those alerts, adjust severity or chain
Critical for notification troubleshooting: If alerts aren't reaching people, check:
Does alert match any rule?
Is matched rule enabled?
Is escalation chain configured correctly?
Important: A negative "total" value in the response indicates incomplete results. Use pagination (size/offset parameters) or set autoPaginate: true to retrieve all items.
Related tools: "get_alert_rule" (detailed conditions), "list_escalation_chains" (destination chains), "update_alert_rule" (modify routing).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| size | No | Number of results per page (default: 50, max: 1000). | |
| offset | No | Starting offset for pagination (default: 0). Use this to skip a specific number of results. | |
| autoPaginate | No | Automatically fetch all pages (default: false). When true, fetches all results across multiple pages. When false, returns only the requested page. Use false for large result sets to avoid long response times. | |
| filter | No | Filter expression using LogicMonitor query syntax. Examples: name:*prod*, displayName~*server*, id>100, hostStatus:normal. Available operators: : (equals), ~ (includes), !: (not equals), !~ (not includes), >: (greater than or equals), <: (less than or equals), > (greater than), < (less than). Multiple conditions: Use comma (,) for AND, use || for OR. Do NOT use &&. | |
| fields | No | Comma-separated list of fields to include in response. Examples: "id,displayName,hostStatus" or use "*" for all fields. Omit this parameter to receive a curated set of commonly used fields. |