Problem
When viewing alerts in the Alert Log with filters applied to the list, the Duration column for an alert may display an incorrect value that is longer than the actual duration of the alert.
For example, a test may have generated a Critical alert one day at 10:00, followed by an Improved alert at 10:30, in which case the Duration of the Critical alert should be indicated as 30 minutes. Someone viewing the alert log the next day and applying certain filters might see a duration of 24+ hours for the Critical alert.
Cause
This issue is the result of a bug that Catchpoint is aware of and working to address. The Duration value displayed in the Alert Log is currently being calculated using only the alerts displayed in the current view as filtered. So if a filter happens to excludes an "Improved" alert, then the Duration for the original alert is calculated as if the Improved alert never occured, and the original alert state is still ongoing.
In the example above, the user may have applied a filter to view only Critical alerts, in which case the Improved alert would not be displayed, and the calculated duration would assume the Critical alert is still ongoing and therefore has a duration of 24+ hours. Or, the user may have selected a timeframe that includes the Critical alert but does not include the Improved alert, leading to the same result.
Resolution
We are investigating ways to resolve this issue. In the meantime, we advise not relying on data in the alert duration column when applying filters to the Alert Log, and to use an un-filtered view for reliable alert-duration data.