Alert sources
Connect your third party tools to ilert.
An alert source represents the connection between your tools (usually a monitoring system, a ticketing tool, or an application) and ilert. We often refer to alert sources as inbound integrations.
ilert provides the following inbound integration options:
These are pre-built integrations by ilert and work-out-of the box with your monitoring tools. If you're missing a tool, feel free to suggest an integration that you'd like to see in ilert. | |
Forward emails to an alert source's email address to integrate with ilert. | |
Write your own integration using our easy-to-use Event API. | |
SMS integration | Send alerts to ilert via SMS. |
A heartbeat alert source will automatically create an alert if it does not receive a heartbeat signal from your app at regular intervals. |
Create an alert source
Go to Alert sources -> Alert sources and click Create new alert source.
Select your integration type in the search field and click Next.
Give your alert source a name, optionally assign teams, and click Next.
Select an escalation policy by creating a new one or assigning an existing one.
Select your Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.
The next page shows additional settings, such as custom alert templates or notification priority. Click on Finish setup for now.
Event Explorer
Event Explorer provides a more detailed view of alerts received from the specific alert source. To see alert information in JSON format, choose the alert source you are interested in and navigate to the "Event Explorer" section beneath the source title. Event Explorer facilitates the search for specific events linked to alert sources using keywords or time frames.
Event Explorer is available for a selected list of alert sources, with event history available from March 2022 and alert correlations from December 2023 onwards.
Alert template
With alert templates, you can create your own template for the alert summary and alert details using preset fields from the integration. Moreover, our templating lets you extract links from the alert payload. Extracted links will be added to the links section of an alert.
Custom alert summary and details template
Click on Alert sources -> Alert sources and choose an alert source to edit
Navigate to the section Alert template and check the boxes for Alert summary and/or Alert details
Create your custom template by selecting the fields you want use and entering any static text. The available fields are specific to the integration.
Field colors and accessing raw fields
Blue fields are preset fields provided by ilert.
Orange fields are extracted from past alerts in your account that were sent from the specific integration
Grey fields lets you extract any raw fields from the JSON payload by typing the name of the custom field, e.g.
custom_field
. You malso access nested fields and arrays, e.g.custom_field.array_field[5].nested_field
Switching edit modes: Text <--> Block
You may switch between Text and Block mode when editing alert source templates. ilert will automatically translate your current template.
Testing your templates before saving
Using the preview button you may try out your current template. By default, ilert will try to find one of the latest event payload's that was received by your alert source. If there is none present, we will render a fallback JSON doc, which you might alter as you like.
Manipulate alert fields by applying functions
You can also use functions on dynamic fields to manipulate alert fields.
To apply a function, hover over the field and click on the f(x)
icon.
Using the template text syntax
By default ilert supports 2 different styles of template content:
Text
Block Builder (currently in BETA)
Your alert source template fields will start in text mode by default (see here for more info on how to switch to Block mode). In text mode you may use the Insert data... dropdown to help you add template variables quickly (see here to understand more about variables and how ilert automatically parses event data to offer additional variables to you) - the text syntax works like this:
Type | Sample | Description |
---|---|---|
Text | Some text | You may of course add generic text content to your liking |
Variable |
| Extract content of the event and insert it. Note: there is no further sanitizing of the values |
Accessing nested variables |
| Access sub fields |
Accessing fields of an array |
| Access array contents |
Applying functions to variables | {{ | If you want to work with additional functions, we recommend switching to block mode to quickly generate the template syntax |
Passing arguments to functions |
|
Alert links
ilert can extract alert links from the alert payload. Extracted links will be added to the alert's links section.
Alert link template | Alert with extracted link |
---|---|
Dynamic escalation policy routing
With dynamic escalation policy routing, the escalation policy to be used will be determined based on the incoming alert, instead of always using the same escalation policy that is configured on the alert source.
To extract the escalation policy routing key from the alert payload, add a routing key template in the section Escalation -> Dynamic routing.
In the above example, the field Group key
from the alert payload will be used as the routing key.
Notification priority and support hours
Default notification priority
By using notification priority, you can easily customise your alert notification based on your notification rules.
Click on Alert sources -> Alert sources and choose an alert source to edit
Scroll down to the section Notification priority and set your desired Notification priority
ilert provides different priority settings to customize your alerts.
High (with escalation): You will be notified based on your high-priority notification rules and an alert can be escalated based on escalation policy.
Low (no escalation): You will be notified based on your low-priority notification rules and an alert cannot be escalated.
Support hours based notification priority
ilert also lets you dynamically set the notification priority based on the alert source's support hours. This lets you, for instance, use more obstrusive notification methods like phone calls outside of business hours and use not so obstrusive ones during business hours.
High during support hours, low priority otherwise: During your support hours, you are notified based on your high priority notification rules. At all other times, you are notified based on your low priority notification rules.
Low during support hours, high priority otherwise: During your support hours, you are notified based on your low priority notification rules. At all other times, you are notified based on your high priority notification rules.
If you select High during support hours, low priority otherwise, you can choose to Raise priority of all pending alerts by ticking the checkbox located under the support hour selection. All your pending alerts for the current alert source will be raised to "high" when your support hours begin.
If you select Low during support hours, high priority otherwise, you can choose to Raise priority of all pending alerts by ticking the checkbox located under the support hour selection. All your pending alerts for the current alert source will be raised to "high" when your support hours end.
Dynamic priority mapping
With dynamic priority mapping, you can use alert fields to extract and map notification priority. This will overwrite default priority, if enabled.
To enable dynamic priority mapping
Click on Alert sources -> Alert sources and choose an alert source to edit
Scroll down to the section Notification priority and check Enable dynamic prioriuty mapping
Enter template to to extract the priority field from the alert payload
Add priority mappings. A priority mapping maps an extracted value from the alert payload to the ilert priority
ilert will fallback to the alert source's default priority, if a priority could not be extracted.
Alert grouping
Alert grouping helps you reduce noise by clustering related alerts within a defined time window or by allowing only one open alert at a time per source.
An alert source with alert grouping enabled will group together alerts triggered within the defined time window and create only one alert. Grouped alerts will show up as events in the alert's timeline. You can select relative time windows (e.g. 2 minutes, 5 minutes, etc) or an action-based time-window (e.g. until the alert is accepted or resolved).
Last updated