Alert sources

Connect your third party tools to ilert.

An alert source represents the connection between your tools (usually a monitoring system, a ticketing tool, or an application) and ilert. We often refer to alert sources as inbound integrations.

ilert provides the following inbound integration options:

These are pre-built integrations by ilert and work-out-of the box with your monitoring tools. If you're missing a tool, feel free to suggest an integration that you'd like to see in ilert.

Forward emails to an alert source's email address to integrate with ilert.

Write your own integration using our easy-to-use Event API.

SMS integration

Send alerts to ilert via SMS.

A heartbeat alert source will automatically create an alert if it does not receive a heartbeat signal from your app at regular intervals.

Create an alert source

  1. Go to Alert sources -> Alert sources and click Create new alert source.

  2. Select your integration type in the search field and click Next.

  3. Give your alert source a name, optionally assign teams, and click Next.

  4. Select an escalation policy by creating a new one or assigning an existing one.

  5. Select your Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.

  6. The next page shows additional settings, such as custom alert templates or notification priority. Click on Finish setup for now.

Event Explorer

Event Explorer provides a more detailed view of alerts received from the specific alert source. To see alert information in JSON format, choose the alert source you are interested in and navigate to the "Event Explorer" section beneath the source title. Event Explorer facilitates the search for specific events linked to alert sources using keywords or time frames.

Event Explorer is available for a selected list of alert sources, with event history available from March 2022 and alert correlations from December 2023 onwards.

Alert template

With alert templates, you can create your own template for the alert summary and alert details using preset fields from the integration. Moreover, our templating lets you extract links from the alert payload. Extracted links will be added to the links section of an alert.

Custom alert summary and details template

  1. Click on Alert sources -> Alert sources and choose an alert source to edit

  2. Navigate to the section Alert template and check the boxes for Alert summary and/or Alert details

  3. Create your custom template by selecting the fields you want use and entering any static text. The available fields are specific to the integration.

Field colors and accessing raw fields

  • Blue fields are preset fields provided by ilert.

  • Orange fields are extracted from past alerts in your account that were sent from the specific integration

  • Grey fields lets you extract any raw fields from the JSON payload by typing the name of the custom field, e.g. custom_field. You malso access nested fields and arrays, e.g. custom_field.array_field[5].nested_field

Switching edit modes: Text <--> Block

You may switch between Text and Block mode when editing alert source templates. ilert will automatically translate your current template.

Testing your templates before saving

Using the preview button you may try out your current template. By default, ilert will try to find one of the latest event payload's that was received by your alert source. If there is none present, we will render a fallback JSON doc, which you might alter as you like.

Manipulate alert fields by applying functions

You can also use functions on dynamic fields to manipulate alert fields.

To apply a function, hover over the field and click on the f(x) icon.

Using the template text syntax

By default ilert supports 2 different styles of template content:

  • Text

  • Block Builder (currently in BETA)

Your alert source template fields will start in text mode by default (see here for more info on how to switch to Block mode). In text mode you may use the Insert data... dropdown to help you add template variables quickly (see here to understand more about variables and how ilert automatically parses event data to offer additional variables to you) - the text syntax works like this:

TypeSampleDescription

Text

Some text

You may of course add generic text content to your liking

Variable

{{var}}

Extract content of the event and insert it. Note: there is no further sanitizing of the values

Accessing nested variables

{{ var.subfield.evenMore }}

Access sub fields

Accessing fields of an array

{{ var.arrayField[0].more }}

Access array contents

Applying functions to variables

{{var##lowerCase}}

If you want to work with additional functions, we recommend switching to block mode to quickly generate the template syntax

Passing arguments to functions

{{var##substring((0||10))}}

ilert can extract alert links from the alert payload. Extracted links will be added to the alert's links section.

Alert link templateAlert with extracted link

Dynamic escalation policy routing

With dynamic escalation policy routing, the escalation policy to be used will be determined based on the incoming alert, instead of always using the same escalation policy that is configured on the alert source.

To extract the escalation policy routing key from the alert payload, add a routing key template in the section Escalation -> Dynamic routing.

In the above example, the field Group key from the alert payload will be used as the routing key.

Notification priority and support hours

Default notification priority

By using notification priority, you can easily customise your alert notification based on your notification rules.

  1. Click on Alert sources -> Alert sources and choose an alert source to edit

  2. Scroll down to the section Notification priority and set your desired Notification priority

ilert provides different priority settings to customize your alerts.

  • High (with escalation): You will be notified based on your high-priority notification rules and an alert can be escalated based on escalation policy.

  • Low (no escalation): You will be notified based on your low-priority notification rules and an alert cannot be escalated.

Support hours based notification priority

ilert also lets you dynamically set the notification priority based on the alert source's support hours. This lets you, for instance, use more obstrusive notification methods like phone calls outside of business hours and use not so obstrusive ones during business hours.

  • High during support hours, low priority otherwise: During your support hours, you are notified based on your high priority notification rules. At all other times, you are notified based on your low priority notification rules.

  • Low during support hours, high priority otherwise: During your support hours, you are notified based on your low priority notification rules. At all other times, you are notified based on your high priority notification rules.

If you select High during support hours, low priority otherwise, you can choose to Raise priority of all pending alerts by ticking the checkbox located under the support hour selection. All your pending alerts for the current alert source will be raised to "high" when your support hours begin.

If you select Low during support hours, high priority otherwise, you can choose to Raise priority of all pending alerts by ticking the checkbox located under the support hour selection. All your pending alerts for the current alert source will be raised to "high" when your support hours end.

Dynamic priority mapping

With dynamic priority mapping, you can use alert fields to extract and map notification priority. This will overwrite default priority, if enabled.

To enable dynamic priority mapping

  1. Click on Alert sources -> Alert sources and choose an alert source to edit

  2. Scroll down to the section Notification priority and check Enable dynamic prioriuty mapping

  3. Enter template to to extract the priority field from the alert payload

  4. Add priority mappings. A priority mapping maps an extracted value from the alert payload to the ilert priority

ilert will fallback to the alert source's default priority, if a priority could not be extracted.

Alert grouping

Alert grouping helps you reduce noise by clustering related alerts within a defined time window or by allowing only one open alert at a time per source.

An alert source with alert grouping enabled will group together alerts triggered within the defined time window and create only one alert. Grouped alerts will show up as events in the alert's timeline. You can select relative time windows (e.g. 2 minutes, 5 minutes, etc) or an action-based time-window (e.g. until the alert is accepted or resolved).

Last updated