Skip to main content

Alert Routing

Alert Rules: Defining Conditions

The first step to building your alert rule is defining a condition which you're looking to match in the incoming alerts. You can construct arguments with a set of conditions and Rule Groups with the logical operators AND, OR, NOT, NOR and NAND between them.
To learn what each field refers to, revisit the Alert Fields Guide here.

The following fields and supported operators can be used:

Alert Type, Incident Urgency, Day of Week

Supported Operators:

  • ==
  • !=
  • Any in
  • Not in

Applied with set values like Critical - Alert Type, High - Incident Urgency, Friday - Day of Week.

Example:

The above rule catches all non-critical, low urgency alerts received on Saturday and Sunday.

Alert Time, Alert Date

Supported Operators:

  • <=
  • =>
  • Between

Applied with Date/Time Objects as values.

Example:

The above rule catches all alerts received before 5PM between 24th December 2022 and 2nd January 2023.

Message, Summary

Supported Operators:

  • ==
  • !=
  • Regex Match
  • Regex Not Match
  • Contains
  • Not Contains
  • Is Empty
  • Is Not Empty

Applied with user specified text or regex expressions.

Example:

The above rule catches all alerts with infra mentioned anywhere in the Alert Message.

Entity ID

Supported Operators:

  • ==
  • !=
  • Contains
  • Not Contains
  • Is Empty
  • Is Not Empty

Applied with user specified entity_id string.

Example:

The above rule catches all alerts with the specified entity_id.

Seconds Since Last Similar Incident

Supported Operators:

  • <=

Applied with user specified number in seconds.

Example:

The above rule catches all similar alerts in the specified timeframe.

Using Alert Rules, you can also parse patterns around certain keys and values in the alert payload received and set action workflows when the pattern is matched. Follow the JSON path syntax here while describing these rules.
A gist of the important rules are listed below -

Example:

The above rule catches all alerts whose severity key matches the value 1.

Example:

The above rule catches all alerts which possess a url key.