NOTE: Alert Rules have now been replaced by workflows. Refer to this solution article to understand how to set up workflows to take action on your alerts. 

Alert Rules are a powerful tool that allows you to streamline incident management and automate responses based on incoming alerts. You can also route incidents to specific agents and agent groups effortlessly. Here's a step-by-step guide to creating an Alert Rule:

Creating an Alert Rule

To create an alert rule, follow the steps mentioned below.

  • Go to Admin > IT Operations Management > Alert Rules. If you have multiple workspaces in your account, navigate to Admin > {Workspace Name} > IT Operations Management > Alert Rules.

  • Give your Alert Rule a clear name and description that helps you and your team understand its purpose. For instance, you could name it something like 'DB issues'.

  • Define the conditions for the Alert Rule. Choose an alert parameter from the dropdown and specify the condition. For example, you can create a condition to trigger an incident when an alert has a P1 tag or matches a specific metric name like 'CPU Utilization.' Remember, you can add multiple conditions to a single alert rule.

Please note that due to a recent change, the resource field in alert rules is case-sensitive i.e the case of the resource value in the alert rule condition needs to be the same as the case of the expected resource value in the alert.

  • After setting the conditions, it's time to configure actions that will execute when an alert meets the defined criteria. Use the Action dropdown to select whether you want to create an incident, create a major incident, or resolve the alert.

  • f you choose to create an incident or major incident you can set its priority, status, add private notes, and assign it to the relevant L1 team. Additionally, you can employ the timer node to delay incident creation by up to 15 minutes, which helps reduce noise from flapping alerts and one-time spikes.

Once you've created the alert rule, you can view and enable/disable it in the Alert Rules section. 

Related reading: