Comment on page
Alert sources
Connect your third party tools to ilert.
An alert source represents the connection between your tools (usually a monitoring system, a ticketing tool, or an application) and ilert. We often refer to alert sources as inbound integrations.
ilert provides the following inbound integration options:
These are pre-built integrations by ilert and work-out-of the box with your monitoring tools. If you're missing a tool, feel free to suggest an integration that you'd like to see in ilert. | |
Forward emails to an alert source's email address to integrate with ilert. | |
Write your own integration using our easy-to-use Event API. | |
SMS integration | Send alerts to ilert via SMS. |
A heartbeat alert source will automatically create an alert if it does not receive a heartbeat signal from your app at regular intervals. |
- 1.Go to Alert sources -> Alert sources and click on Create new alert source
- 2.Select your integration type in the search search field click on Next.
- 3.Give your alert source a name, optionally assign teams and click Next.
- 4.Select an escalation policy by creating a new one or assigning an existing one.
- 5.Select your Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.
- 6.The next page shows additional settings such as custom alert templates or notification prioritiy. Click on Finish setup for now.
With alert templates, you can create your own template for the alert summary and alert details using preset fields from the integration. Moreover, our templating lets you extract links from the alert payload. Extracted links will be added to the links section of an alert.
- 1.Click on Alert sources -> Alert sources and choose an alert source to edit
- 2.Navigate to the section Alert template and check the boxes for Alert summary and/or Alert details
- 3.Create your custom template by selecting the fields you want use and entering any static text. The available fields are specific to the integration.
Field colors and accessing raw fields
- Blue fields are preset fields provided by ilert.
- Orange fields are extracted from past alerts in your account that were sent from the specific integration
- Grey fields lets you extract any raw fields from the JSON payload by typing the name of the custom field, e.g.
custom_field. You malso access nested fields and arrays, e.g.custom_field.array_field[5].nested_field
You may switch between Text and Block mode when editing alert source templates. ilert will automatically translate your current template.
Using the preview button you may try out your current template. By default, ilert will try to find one of the latest event payload's that was received by your alert source. If there is none present, we will render a fallback JSON doc, which you might alter as you like.
You can also use functions on dynamic fields to manipulate alert fields.
To apply a function, hover over the field and click on the
f(x) icon.
By default ilert supports 2 different styles of template content:
- Text
- Block Builder (currently in BETA)
Your alert source template fields will start in text mode by default (see here for more info on how to switch to Block mode). In text mode you may use the Insert data... dropdown to help you add template variables quickly (see here to understand more about variables and how ilert automatically parses event data to offer additional variables to you) - the text syntax works like this:
Type | Sample | Description |
|---|---|---|
Text | Some text | You may of course add generic text content to your liking |
Variable | {{var}} | Extract content of the event and insert it. Note: there is no further sanitizing of the values |
Accessing nested variables | {{ var.subfield.evenMore }} | Access sub fields |
Accessing fields of an array | {{ var.arrayField[0].more }} | Access array contents |
Applying functions to variables | {{ var##lowerCase}} | If you want to work with additional functions, we recommend switching to block mode to quickly generate the template syntax |
Passing arguments to functions | {{var##substring((0||10))}} | |
ilert can extract alert links from the alert payload. Extracted links will be added to the alert's links section.
Alert link template | Alert with extracted link |
|---|---|
 |  |
With dynamic escalation policy routing, the escalation policy to be used will be determined based on the incoming alert, instead of always using the same escalation policy that is configured on the alert source.
To extract the escalation policy routing key from the alert payload, add a routing key template in the section Escalation -> Dynamic routing.
In the above example, the field
Group key from the alert payload will be used as the routing key.By using notification priority, you can easily customise your alert notification based on your notification rules.
- 1.Click on Alert sources -> Alert sources and choose an alert source to edit
- 2.Scroll down to the section Notification priority and set your desired Notification priority
ilert provides different priority settings to customize your alerts.
- High (with escalation): You will be notified based on your high-priority notification rules and an alert can be escalated based on escalation policy.
- Low (no escalation): You will be notified based on your low-priority notification rules and an alert cannot be escalated.
ilert also lets you dynamically set the notification priority based on the alert source's support hours. This lets you, for instance, use more obstrusive notification methods like phone calls outside of business hours and use not so obstrusive ones during business hours.
- High during support hours, low priority otherwise: During your support hours, you are notified based on your high priority notification rules. At all other times, you are notified based on your low priority notification rules.
- Low during support hours, high priority otherwise: During your support hours, you are notified based on your low priority notification rules. At all other times, you are notified based on your high priority notification rules.
If you select High during support hours, low priority otherwise, you can choose to Raise priority of all pending alerts by ticking the checkbox located under the support hour selection. All your pending alerts for the current alert source will be raised to "high" when your support hours begin.
If you select Low during support hours, high priority otherwise, you can choose to Raise priority of all pending alerts by ticking the checkbox located under the support hour selection. All your pending alerts for the current alert source will be raised to "high" when your support hours end.
With dynamic priority mapping, you can use alert fields to extract and map notification priority. This will overwrite default priority, if enabled.
To enable dynamic priority mapping
- 1.Click on Alert sources -> Alert sources and choose an alert source to edit
- 2.Scroll down to the section Notification priority and check Enable dynamic prioriuty mapping
- 3.Enter template to to extract the priority field from the alert payload
- 4.Add priority mappings. A priority mapping maps an extracted value from the alert payload to the ilert priority
ilert will fallback to the alert source's default priority, if a priority could not be extracted.
Alert grouping helps you reduce noise by clustering related alerts within a defined time window or by allowing only one open alert at a time per source.
Enable alert grouping during alert source creation or in the alert source's advanced settings
An alert source with alert grouping enabled will group together alerts triggered within the defined time window and create only one alert. Grouped alerts will show up as events in the alert's timeline. You can select relative time windows (e.g. 2 minutes, 5 minutes, etc) or an action-based time-window (e.g. until the alert is accepted or resolved).
Last modified 23h ago