ilert Documentation
WebsiteAPI ReferenceLoginStart for Free
  • Getting Started
    • Core concepts
    • FAQ
      • Renaming of Incidents to Alerts
    • Import from PagerDuty
    • Import from StatusPage.io
  • Alerting
    • Dashboard
    • Alert sources
    • Notification settings
      • Mute notifications
    • Support hours
    • Maintenance windows
    • Heartbeat monitoring
      • Prometheus Heartbeat Example
      • CLI Heartbeat Examples
    • Deployment events
    • 🏛️Understanding event flows
    • ilert sender IDs, domains and IPs
      • SMS and voice alerts in China
  • On-call management & Escalations
    • Escalation policies
    • On-call schedules
      • My on-call shifts
      • Recurring schedules
      • Static schedules
    • Coverage requests
  • ChatOps
    • Overview
    • Integration for Slack
      • Receive and respond to alerts in Slack
      • Create a dedicated Slack channel for an existing alert
      • Create alerts in Slack
      • Look up who is on-call
    • Microsoft Teams Integration
      • Microsoft Teams Chat Integration
        • Microsoft Teams Integration via Incoming Webhook
        • Microsoft Teams Integration via Workflows
      • Microsoft Teams Meeting Integration
      • Create a channel for an existing alert in Microsoft Teams
      • Create alerts in Microsoft Teams
      • Look up who is on-call in Microsoft Teams
  • Incident comms & status pages
    • Getting started
    • Services
    • Incidents
    • Status pages
      • Public vs private status pages
      • Audience-specific status page
    • Metrics
      • Import metrics from Datadog
      • Import metrics from Prometheus
  • 🪄ilert AI
    • Introduction
    • Using ilert AI for efficient incident communication
    • Using ilert AI for post-mortem creation
    • Using ilert AI for schedule generation
    • Using ilert AI for alert grouping
    • Global Search enhanced by ilert AI
      • Bulk resolving similar alerts
  • Call Routing
    • Getting started with call routing
    • Routing calls using call flows
    • Call routing (legacy)
      • Routing calls based on support hours
      • Voicemail only mode
      • Managing call routing alerts
      • Adding webhooks and outbound chat messages
      • Uploading custom audio responses
  • User Administration
    • User roles and permissions
    • Team-based organisation
    • Single sign on
      • Setting up SSO with GSuite
      • Setting up SSO with Microsoft Azure Active Directory
      • Setting up SSO with Okta
      • Setting up SSO with Auth0
      • Auto provisioning users & teams
    • 🔐Two-factor authentication / MFA
  • Reports
    • Overview
    • Alerts
  • Mobile App
    • Getting started with ilert mobile app
    • Mobile app notification settings
    • Critical push notifications and DND overrides
      • iOS critical alerts configuration
      • Android Push Notification DND Configuration
    • On-call widget
  • INTEGRATIONS
    • Types of integrations
    • Inbound integrations
      • 4me Integration
      • Ansible Automation Platform AWX Integration
      • Amazon CloudWatch Integration
      • Amazon SNS Integration
        • Amazon SNS Inbound Integration
        • Amazon SNS Outbound via AWS Lambda
      • Azure Alerts Integration
        • Azure Activity Logs
        • Azure Metric
        • Azure Logs
        • Azure Service Health
        • Azure Sentinel
        • Budget Alert
      • Apica Integration
      • AppDynamics Integration
      • AppSignal Integration
      • AWS Budgets Integration
      • AWS Cloudtrail Integration
      • AWS DevOps Guru Integration
      • AWS GuardDuty Integration
      • AWS Personal Health Dashboard Integration
      • AWS Security Hub Integration
      • Autotask Inbound Integration
      • Auvik Integration
      • Catchpoint Integration
      • Checkly Integration
      • Checkmk Integration
        • Checkmk Integration (v 1.x)
        • Checkmk Integration (v 2.0+ )
      • Cisco Meraki Integration
      • Cisco ThousandEyes Integration
      • Cisco Webex
      • Cloudflare Integration
      • ClusterControl Integration
      • Connectwise Manage Integration
      • Cortex Integration
      • Cortex XSOAR (formerly Demisto) Integration
      • CrowdStrike Integration
      • Dash0 Integration
      • Datadog Integration
      • Dynatrace Integration
      • Elastic Watcher Integration
      • Email Inbound Integration
        • Email Key Extraction and Resolve Examples
        • Automatically resolve Alerts with Emails
      • FreshService Integration
      • Gatus Integration
      • GitHub Integration
        • GitHub Advanced Security Integration
        • GitHub Inbound Check Run (Actions) Integration
        • GitHub Inbound Issue Integration
        • GitHub advanced settings
      • GitLab Integration
      • Google Cloud Monitoring (formerly Stackdriver) Integration
      • Google Security Command Center
      • Grafana Integration Overview
        • Grafana Integration
        • Grafana Integration (v 9.x)
      • Graylog Integration
      • HaloITSM Integration
      • HaloPSA Integration
      • HashiCorp Consul
      • Healthchecks.io Integration
      • HetrixTools Integration
      • Honeybadger Integration
      • Honeycomb Integration
      • Hyperping Integration
      • CrowdStrike Falcon LogScale Integration
      • IBM Cloud Functions Integration
      • Icinga Integration
      • InfluxDB Integration
      • Instana Integration
      • IT-Conductor Integration
      • IXON Cloud Integration
      • Jira Inbound Integration
      • JumpCloud Integration
      • Kafka Integration
      • Kapacitor Integration
      • Kentix AlarmManager
      • Keep Integration
      • Kibana Integration
      • Kubernetes Integration
      • LibreNMS Integration
      • Lightstep Integration
      • Loki integration
      • Mezmo Integration
      • Microsoft SCOM
      • Mimir Integration
      • MongoDB Atlas Integration
      • MXToolBox Integration
      • MQTT Integration
      • Nagios Integration
      • N-central Integration
      • Netdata Integration
      • New Relic Integration
        • New Relic Integration (deprecated)
        • New Relic Workflow Integration
      • Oh Dear Integration
      • PandoraFMS Integration
      • Panther Integration
      • Particle Integration
      • Pingdom Integration
      • PostHog Integration
      • Postman Monitors Integration
      • Prometheus Integration
      • PRTG Network Monitor Integration
      • Prisma Cloud Integration
      • Push Notifications
      • RapidSpike Integration
      • Raygun Integration
      • Rollbar Integration
      • Salesforce Integration
      • Samsara Integration
      • Search Guard Integration
      • Sematext Integration
      • Sensu Integration
      • Sentry Integration
      • Server Density Integration
      • ServerGuard24 Integration
      • ServiceNow Inbound Integration
      • SignalFx Integration
      • Site24x7 Integration
      • SMS Integration
      • SolarWinds Integration
      • Splunk Integration
      • StatusCake Integration
      • StatusHub Integration
      • StatusPage Integration
      • Sumo Logic Integration
      • Sysdig Integration
      • TOPdesk Inbound Integration
      • TeamCity integration
      • Terraform Cloud / Terraform Enterprise
      • Tulip Integration
      • Twilio Alarms Integration
      • Twilio Errors Integration
      • Ubidots Integration
      • Uptime Kuma Integration
      • UptimeRobot Integration
      • VictoriaMetrics Integration
      • Zabbix Integration
        • Zabbix 4.4+ Integration
        • Zabbix 2.2 – 4.3 Integration
      • Zammad Inbound Integration
      • Zapier Inbound Integration
      • Zendesk Inbound Integration
    • Outbound integrations
      • Autotask Outbound Integration
      • DingTalk Integration
      • Discord Integration
      • Email Outbound Integration
      • Jira Outbound Integration
      • GitHub Outbound Issue Integration
      • Mattermost Integration
      • ServiceNow Outbound Integration
      • Telegram Integration
      • TOPdesk Outbound Integration
      • Webhook Integration
      • Zammad Outbound Integration
      • Zapier Outbound Integration
      • Zendesk Outbound Integration
      • Zoom Integration
        • Zoom Chat Integration
        • Zoom Meeting Integration
    • Deployment integrations
      • API deployment pipeline
      • Argo CD deployment pipeline
      • Github deployment pipeline
      • GitLab deployment pipeline
  • API
    • API Reference
    • API Version History
      • API user preference migration 2023
      • Discontinuation of Uptime Monitoring
    • Rate Limiting
    • Client Libraries
      • ilert Agent - ilagent
      • Go Client
      • Rust Client
      • Javascript / Node.js Client
    • Terraform
      • Importing ilert UI resources into Terraform state
    • 👩‍💻ICL - ilert condition language
    • ➿ITL - ilert template language
    • API endpoints / samples
      • Creating alerts through events
      • Importing public status page subscribers
    • 🔥Developing ilert Apps
      • Get started with ilert Apps
      • Understanding OAuth2
      • Developing a Backend App with OAuth2
      • Developing a web or native App with OAuth2 and PKCE
      • Token lifetimes, error codes, app verification, etc.
  • Contact us
  • ilert Release Notes
Powered by GitBook
LogoLogo

Product

  • Alerting & Notification
  • On-call Management & Escalations
  • Call Routing
  • Status Pages

Resources

  • Blog
  • Case Studies
  • Security
  • API Reference

Legal

  • Privacy policy
  • Imprint

Increase Your Uptime

  • Start for Free
  • Get a Demo

(c) 2011 - 2025 ilert GmbH

On this page
  • Platform overview
  • Core flow: Event -> Alert -> Incident
  • Event, Alert and Notification aggregation
  • Specific descriptions for the illustrated notification suppression*

Was this helpful?

Edit on GitHub
  1. Alerting

Understanding event flows

This page describes the platform's event flows and gives an overview of its architecture as well as information on grouping, deduplication, aggregation and suppression of alerts and notifications.

PreviousDeployment eventsNextilert sender IDs, domains and IPs

Last updated 1 month ago

Was this helpful?

Platform overview

This global platform overview is a sketch that tries to showcase all flows and moving parts across alerting (formed around events and alerts) and incident communications (formed around services and incidents). Different parts are drilled down upon and shown in more focus below.

Core flow: Event -> Alert -> Incident

This illustration is an extraction of the core incoming event to outgoing notification flow from the top level overview above.

Event, Alert and Notification aggregation

This illustration maps the core flow between receiving events and sending notifications and shows where rate limits, aggregations and suppressions may apply.

If you want to know more about event (alert source) API rate limits take a look at: REST API -> Rate Limiting

A note on "alertKey" grouping: as stated in the graphic, alert grouping based on alertKeys is usually automatically handled by the integration for the specific monitoring tool inside of ilert, however not all tools support event payloads that contain specific information required to group and identify alerts. To know if an integration supports automatic grouping keep an eye out for the "Alert resolution" or "Alert acknowledgement" feature either in the information modal of the Alert source creation wizard or in the Alert source detail view itself.

A note on "Grouping in time window" or "Allowing a single open/pending alert" this setting can be configured for every alert source and works in addition to grouping by "alertKey".

Specific descriptions for the illustrated notification suppression*

Voice calls:

  • Only a single ongoing dial is supported per phone number across the platform at a single point in time, including a small buffer before and after the call - simply put: an outbound voice call to the same phone number is supported approximately every 10 seconds

  • Each first call made starts a 180-second window, in which up to 2 additional calls can be made until every following call is aggregated until the end of the window, finally an aggregated information call is made informing about multiple alerts, if at least one of these alerts is not yet accepted - simply put: one call per minute per alert source per phone number.

SMS or email:

  • Each first SMS or email sent starts a 180-second window, in which up to 2 additional notifications can be sent until every following notification is aggregated until the end of the window, finally an aggregated information notification is sent informing about multiple alerts, if at least one of these alerts is not yet accepted - simply put: one SMS or email per minute per alert source per phone number or email address.

Push notifications or messengers:

  • Each first notification sent starts a 240-second window, in which every following notification is dropped if its content is identical to one of the others already sent in the window.

  • Each first notification sent starts a 60-second window, in which up to 19 following notifications are allowed until the rest is dropped - simply put: 20 unique notifications per minute (Note: that this is a global limit on the target and not on a per alert source basis)

ilert never simply "drops" a notification due to rate limiting or suppression, you will always see an entry for the notification (no matter its state) in the related alert's timeline.

Suppression availability

Until 2020 notifications were not aggregated.

From 2020 - Dec 2023 all notifications were automatically aggregated in a 3-minute window, per target per alert source, that started with each first notification.

Specific suppressions and deduplications as listed in this doc are in use since: 11.12.2023

🏛️