Activity feed
The audit trail of every Watchdog rule check, firing, and alert across a project
The activity feed is where you go to see what Watchdog has been doing. Every rule evaluation — fired or not, alert sent or suppressed — shows up here.
Where to find it
Project → Watchdog → Activity (tab next to Rules).
What's in the feed
Each row represents one rule evaluation:
| Field | Notes |
|---|---|
| Time | When the check ran |
| Rule | The rule that was evaluated |
| Result | fired, did not fire, error, or suppressed |
| Reason | One-line explanation — "38 errors > threshold 30", "in cooldown until 14:32", "daily cap reached", "log source unreachable" |
| Action taken | alert sent, analysis triggered, nothing |
| Severity | If an analysis ran, the analysis severity |
Filtering
Filter by:
- Rule — narrow to a single rule's history
- Result — show only firings, only suppressions, or only errors
- Time range — last hour, day, week, or custom
What "suppressed" means
A suppressed firing is one where the rule's conditions were met but no alert went out. Reasons:
| Reason | What to do |
|---|---|
| In cooldown | Expected — the previous alert hasn't aged out yet |
| Daily cap reached | The rule has hit its daily ceiling — revisit if you want it to alert more |
| Channel unreachable | Alert delivery failed — check the channel's status |
What "error" means
The check itself failed — typically because the log source is unreachable or credentials are invalid. After repeated failures, Watchdog auto-disables the rule (see Alert behavior).
Drilling into a firing
Click any fired row to see:
- The full log lines that matched (for count, rate, or pattern rules)
- The baseline vs current comparison (for spike detection)
- A link to the analysis the firing produced (if
auto_analyze)
Useful for validating that the rule is catching what you think it's catching, or for handing off to someone investigating.
Retention
The feed retains rule activity for:
| Plan | Retention |
|---|---|
| Pro | 7 days |
| Business | 30 days |
| Enterprise | 90 days |
For long-term auditing, the audit log captures rule create/update/delete events with no retention limit.