An Alert Rule consists of a set of conditions operating on the available alert fields, and a set of actions to be executed when the conditions are met.
The following fields can be used to build your alert rules:
|The class of the alert received. Includes Critical, Acknowledged, Resolved, Error, Warning and Info
|The urgency of the incident. Can be high or low.
|Title of the alert.
|Summary of the alert as generated by Zenduty.
|Time when the alert was received.
|Date when the alert was received.
|Day of Week
|Day of the week on which the alert was received.
|Unique identifier used to club alerts together, into a single incident.
|Seconds since last similar incident
|Seconds since the last incident with similar identifiers, useful in supressing noise when multiple similar incidents start getting triggered.
|Match a particular key's value from the alert payload to a given pattern.
|Search the payload for the existence of a particular key.
The following actions can be triggered when a rule is matched on an incoming alert -