service/prometheus.md

@@ -1361,12 +1361,18 @@ the `jq` command, for example:
 
 Or to follow updates in real time:
 
-    tail -f /var/log/prometheus/tpa_http_post_dump.json | jq .
+    tail -F /var/log/prometheus/tpa_http_post_dump.json | jq .
 
 The top-level objects are logging objects, you can also restrict the
-output the actual, individual alerts with:
+output to only the alerts being sent with:
 
-    journalctl -u tpa_http_post_dump.service -o cat -f | jq .args.alerts
+    tail -F /var/log/prometheus/tpa_http_post_dump.json | jq .args
+
+... which is actually alert *groups*, which is how Alertmanager
+dispatches alerts. To see individual alerts *inside* that group, you
+want:
+
+    tail -F /var/log/prometheus/tpa_http_post_dump.json | jq .args.alerts[]
 
 Logs are automatically rotated every day by the script itself, and
 kept for 30 days. That configuration is hardcoded in the script's