Use Alert Rules to automate the creation and resolution of alert based incidents based on the properties of incoming alerts, and to even automatically route them to agent and agent groups. 


Creating an Alert Rule

To create an alert rule, follow the steps mentioned below.

  • Go to Admin > IT Operations Management > Alert Rules and click on New Alert Rule. If your account has more than one workspace, navigate to Admin > {Worskpace Name} > IT Operations Management > Alert Rules


  • Provide a name and description for your Alert Rule. The name should be clear enough for you and your team members to understand what the rule is for (something like ‘RDS Replica lag alerts’)

  • The next step is to set the conditions for the Alert Rule. Click on an alert parameter from the dropdown and set the condition. For example, you can set a condition to create an incident on receiving an alert with a P1 tag or with a particular metric name such as CPU Utilization

  • Please note that you can add multiple conditions to the same alert rule 



Please note that due to a recent change, the resource field in alert rules is case-sensitive i.e the case of the resource value in the alert rule condition needs to be the same as the case of the expected resource value in the alert.




  • After adding the conditions, the next step is to set up actions that will be performed when an alert fulfills the set conditions. 

  • Click on the Action dropdown to choose an action. Using the dropdown, you could either create an incident or resolve the alert. 



  • If you create an incident, you can set its priority, status, add private notes and assign it to the relevant L1 team. 
  • You can also use the timer node to delay the creation of the incident by up to 15 minutes. This will help reduce noise generated by flapping alerts and one-time alert spikes.



After creating the alert rule, you can see it on the Alert Rules section. You can enable/disable an alert rule using the toggle button. 


Related reading: