Merging alerts
The Alert Merge feature lets you combine multiple existing alerts into a single main alert. It’s designed to help teams reduce noise and consolidate duplicate alerts.
Overview
While Event Grouping automatically groups similar incoming events into one alert, Alert Merge is a manual action that merges existing alerts already created in ilert.
Use cases:
Multiple monitoring tools trigger alerts for the same issue.
Alerts were not automatically grouped.
You want a single alert for reporting and resolution.
How it works
You can merge two or more alerts into one main alert.
Merged alerts (called child alerts) retain their original state but become read-only for manual updates.
Escalations and notifications for merged alerts stop immediately.
Updates, accept, and resolve actions are managed through the main alert.
Monitoring tool updates for merged alerts are not redirected to the main alert and will be processed on the child alerts.
Merge states
Each alert has a mergeState in addition to its lifecycle status (pending, accepted, resolved).
NONE
Regular alert (not merged).
MAIN
The primary alert other alerts were merged into.
MERGED
A secondary alert merged into another. Escalations stop; updates are no longer accepted.
Merging alerts
From the alert list
Navigate to Alerts.
Select two or more alerts.
Click Merge in the bulk action toolbar.
In the dialog, choose which alert is the main alert.
Confirm with Merge n alerts.
From the alert detail
Open the alert detail view.
Click More actions → Merge into another alert.
Select the target main alert and confirm.
What Happens After a Merge
Escalations & notifications
Stop immediately on merged alerts.
Timeline
Timeline entries will be added to both the main and the child alert regarding the merge operation.
War room channels
Connected channels of child alerts will receive a message regarding the merge operation.
Links, details, summaries
Not merged.
Responders
Not merged; cannot add new responders on child.
Manual alert actions
Executable on child; not merged into parent.
Priority
Becomes read-only on child.
Logs & comments
Stay attached to the merged (child) alert.
Chat
Becomes read-only; discussions continue in main alert chat.
Deployment events
Not merged.
Linked incidents & services
Not merged.
Grouping stats
Parent alert shows dedicated Merged alerts metric.
Accept/Resolve
Disabled on child. Main alert’s resolve dialog includes “Also resolve (n) merged alerts” (enabled by default).
Access & permissions
Merge operation requires Responder role or higher.
User must have access to all alerts involved in the merge.
Reports and Dashboards
By default, merged alerts are excluded from dashboards and reports for accurate MTTR and SLA calculations.
You can customize this via report filters:
Exclude merged alerts (default)
Only main and unmerged alerts are counted.
Include merged alerts
Includes all alerts, including merged ones.
Only merged alerts
Shows merged alerts only (useful for noise analysis).
Dashboards always default to Exclude merged, with an optional toggle to include them.
Alert merge vs event grouping
Event grouping
Groups multiple incoming events into one alert
During event ingestion
Alert merge
Merges multiple existing alerts into one main alert
After alerts are created
Best Practices
Use Event Grouping to prevent noise.
Use Alert Merge for cleanup and consolidation once alerts exist.
Merge only related alerts to maintain data integrity.
Always merge into the alert with the most context (responders, timeline, and chat).
Last updated
Was this helpful?