Skip to main content

Alert Routing

Alert Rules: Fields and Actions

An Alert Rule consists of a set of conditions operating on the available alert fields, and a set of actions to be executed when the conditions are met.

Alert Fields

The following fields can be used to build your alert rules:

Alert Field Description
Alert Type The class of the alert received. Includes Critical, Acknowledged, Resolved, Error, Warning and Info
Incident Urgency The urgency of the incident. Can be high or low.
Message Title of the alert.
Summary Summary of the alert as generated by Zenduty.
Alert Time(UTC) Time when the alert was received.
Alert Date(UTC) Date when the alert was received.
Day of Week Day of the week on which the alert was received.
Entity ID Unique identifier used to club alerts together, into a single incident.
Seconds since last similar incident Seconds since the last incident with similar identifiers, useful in supressing noise when multiple similar incidents start getting triggered.
Payload(Value Match) Match a particular key's value from the alert payload to a given pattern.
Payload(Key Search) Search the payload for the existence of a particular key.

Actions

The following actions can be triggered when a rule is matched on an incoming alert -

Action
Change Alert Type to (Critical, Error, Warning, Info, Acknowledged, Resolved)
Add Note
Suppress
Route to Escalation Policy
Assign User
Change Incident Urgency
Change Alert Message
Change Alert Summary
Change Alert Entity ID
Assign Role to User
Assign Incident Tag
Assign SLA
Assign Priority
Hash Entity Id