# Overview

ilert’s **Alerting** system is the foundation for incident detection and response. It connects your monitoring, logging, observability, and ticketing tools with your on-call and incident management workflows, ensuring that the right people are notified at the right time.

Alerts in ilert represent actionable signals that require human or automated attention. They form the starting point of ilert’s event-driven workflow:\
**Event → Alert → Incident**

### How alerting works

1. **Event received**\
   An event is sent to ilert from a monitoring or observability system (e.g. Grafana, Prometheus, Datadog, AWS CloudWatch). Each event includes a payload that describes the condition or state change.
2. **Event processed**\
   ilert normalizes and processes incoming events using rules defined in the alert source. It may group, deduplicate, or suppress events automatically to reduce noise.
3. **Alert created or updated**\
   Depending on the configuration, ilert creates a new alert or updates an existing one (for example, when an event includes an *alertKey*). This alert is now visible in the **Alerts** page.
4. **Notifications triggered**\
   Based on escalation policies, on-call schedules, and notification rules, ilert notifies the appropriate users or teams through channels like push, SMS, email, voice, or ChatOps integrations.

### Core Concepts

<table><thead><tr><th width="202.265625">Term</th><th>Description</th></tr></thead><tbody><tr><td><strong>Event</strong></td><td>The raw signal received from a monitoring tool or external source. Events are visible in logs of an alert source.</td></tr><tr><td><strong>Alert</strong></td><td>A structured representation of one or more related events that require action.</td></tr><tr><td><strong>Alert source</strong></td><td>The configuration endpoint where events are received and processed in ilert.</td></tr><tr><td><strong>Alert action (optional)</strong></td><td>Alert actions extend ilert’s alerting and incident response capabilities to your other tools. They define what happens when an alert is created, updated, or resolved, allowing you to automate or trigger external workflows.</td></tr><tr><td><strong>Notification</strong></td><td>The method used to alert responders (push, SMS, voice, WhatsApp, etc.).</td></tr><tr><td><strong>Event flow (optional)</strong></td><td>Event flows provide an optional layer above alert sources, acting as a central hub for event ingestion. They facilitate the configuration of complex routing rules within the event flow.</td></tr></tbody></table>

### In this section

<table><thead><tr><th width="237.1328125">Category</th><th>You’ll Learn How To</th></tr></thead><tbody><tr><td><strong>Understand the Lifecycle</strong></td><td>Explore how events become alerts and how ilert processes them, including grouping, rate limits, and suppression.</td></tr><tr><td><strong>Configure Alerting</strong></td><td>Connect monitoring tools, set up alert sources, define support hours, and customize notification behavior.</td></tr><tr><td><strong>Work with Alerts</strong></td><td>View, acknowledge, and resolve alerts in the ilert Dashboard and Alert View.</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ilert.com/alerting/overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.