Skip to main content
Question

Dashboard to show Closed Alerts

  • November 13, 2025
  • 3 replies
  • 35 views
NotMarcus
Forum|alt.badge.img+1

I am attempting to build a dashboard that will show me the closed events over time. We are using this for tracking to see how many alerts are coming in vs. how many we are closing within a given time.

 

I have attempted to use the legacy dashboard for the Rule Detections but there does not appear to be a field that show the status. Based on what I can see in “Alerts and IOCs” the value should be something along the lines of “feedback_summary.status”. 

 

Has anyone run into this issue before or know of a way to get this dashboard working? For context, we only have SecOps SIEM.

 

Thank you,

3 replies

AymanC
Forum|alt.badge.img+13
  • AymanCBronze 5
  • Bronze 5
  • November 13, 2025

Hi ​@NotMarcus,

 

In the legacy (Looker) dashboarding functionality, I don’t think that field is retrievable, but in the newer dashboarding capability, I think the below search may work:
 

detection.feedback_summary.status = $status

match:
    detection.feedback_summary.status

outcome:
    $Count = count_distinct(detection.id)


Kind Regards,

Ayman

NotMarcus
NotMarcus
Forum|alt.badge.img+1
  • NotMarcus
  • Author
  • New Member
  • November 17, 2025

Hi ​@AymanC ,

 

Thank you that does help a bit. Unfortunately, we wanted to create it with the legacy dashboard since we needed the capability to send the dashboards via email.

AymanC
Forum|alt.badge.img+13
  • AymanCBronze 5
  • Bronze 5
  • November 17, 2025

Hi ​@NotMarcus,

 

That’s a shame, I believe scheduled dashboarding for the newer dashboarding is a feature that will be released (hopefully soon!). Might be worth reaching out to your account manager / support for an accurate timeline.

 

Kind Regards,

Ayman

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.