Alert Rules: Fields and Actions
An Alert Rule consists of a set of conditions operating on the available alert fields, and a set of actions to be executed when the conditions are met.
Alert Fields
The following fields can be used to build your alert rules:
Alert Field | Description |
---|---|
Alert Type | The class of the alert received. Includes Critical, Acknowledged, Resolved, Error, Warning and Info |
Incident Urgency | The urgency of the incident. Can be high or low. |
Message | Title of the alert. |
Summary | Summary of the alert as generated by Zenduty. |
Alert Time(UTC) | Time when the alert was received. |
Alert Date(UTC) | Date when the alert was received. |
Day of Week | Day of the week on which the alert was received. |
Entity ID | Unique identifier used to club alerts together, into a single incident. |
Seconds since last similar incident | Seconds since the last incident with similar identifiers, useful in supressing noise when multiple similar incidents start getting triggered. |
Payload(Value Match) | Match a particular key's value from the alert payload to a given pattern. |
Payload(Key Search) | Search the payload for the existence of a particular key. |
Actions
The following actions can be triggered when a rule is matched on an incoming alert -