Alert Rules: Fields and Actions
An Alert Rule consists of a set of conditions operating on the available alert fields, and a set of actions to be executed when the conditions are met.
Alert Fields
The following fields can be used to build your alert rules:
| Alert Field | Description |
|---|---|
| Alert Type | The class of the alert received. Includes Critical, Acknowledged, Resolved, Error, Warning and Info |
| Incident Urgency | The urgency of the incident. Can be high or low. |
| Message | Title of the alert. |
| Summary | Summary of the alert as generated by Zenduty. |
| Alert Time(UTC) | Time when the alert was received. |
| Alert Date(UTC) | Date when the alert was received. |
| Day of Week | Day of the week on which the alert was received. |
| Entity ID | Unique identifier used to club alerts together, into a single incident. |
| Seconds since last similar incident | Seconds since the last incident with similar identifiers, useful in supressing noise when multiple similar incidents start getting triggered. |
| Payload(Value Match) | Match a particular key's value from the alert payload to a given pattern. |
| Payload(Key Search) | Search the payload for the existence of a particular key. |
Actions
The following actions can be triggered when a rule is matched on an incoming alert -