Alert rules
Alert rules allows you to define a set of actions to perform based on simple conditions.
Last updated
Alert rules allows you to define a set of actions to perform based on simple conditions.
Last updated
Alert rules help you route alerts efficiently and correctly for every incident. Setup specific conditions to either ignore an incident or assign it to a different member / escalation policy. One that's right for the incident.
Visit the Alerts section from the sidebar and create a new alert rule.
You can create a group of conditions with an AND/OR clause. If any single block of condition(s) evaluates to True then we will execute the actions. But first, let's take a look at all the conditions -
Evaluates to True if an incident title contain/does not contain/equals/does not equal a specific text or phrase
Evaluates to True if a specific key in incident details contain/does not contain/equals/does not equal a specific text or phrase. You will need to enter a specific key or nested key to compare with the text/phrase.
Evaluates to True if the total incident occurrences crossed a specific threshold.
Evaluates to True if incident occurrences cross a specific threshold in a given timeframe
Evaluates to True if incident has a given priority. Learn more about priority
Evaluates to True if incident has a given severity. Learn more about severity
You can set one or more actions to execute
to anyone from your team on Spike.sh. An email is sent to the assignee.
Instead of having to load the default escalation policy, you can change it dynamically with this action. For High severity incidents, load an escalation policy with everyone in it and for low priority incidents redirect them to Slack or MS Teams.
Not all incidents are major. Some are just not worth ending up on the dashboard or any alert channel.
Assign the incident a Priority. Learn more about priority
Assign the incident a Severity. Learn more about severity
Create the incident but in the acknowledged state rather than the triggered state. Be mindful because this won't send any alerts but responders will see this as open incident on their dashboard.
Create the incident but in resolved state rather than the triggered state. Be mindful because this won't send any alerts and responders will not see them as open incidents on their dashboard.
For an incident, multiple alert rulesets can also be applied. Consider the below example -
According the above two alert rulesets, If an incident title contains syslog in it then the incident will be marked as P5 priority and subsequently, the escalation policy will also change to Slack dev (ref: Alert ruleset 2)
No more than 5 alert configs will be applied to a single incident to avoid infinite looping