ilert Documentation
WebsiteAPI ReferenceLoginStart for Free
  • Getting Started
    • Core concepts
    • FAQ
      • Renaming of Incidents to Alerts
    • Import from PagerDuty
    • Import from StatusPage.io
  • Alerting
    • Dashboard
    • Alert sources
    • Notification settings
      • Mute notifications
    • Support hours
    • Maintenance windows
    • Heartbeat monitoring
      • Prometheus Heartbeat Example
      • CLI Heartbeat Examples
    • Deployment events
    • 🏛️Understanding event flows
    • ilert sender IDs, domains and IPs
      • SMS and voice alerts in China
  • On-call management & Escalations
    • Escalation policies
    • On-call schedules
      • My on-call shifts
      • Recurring schedules
      • Static schedules
    • Coverage requests
  • ChatOps
    • Overview
    • Integration for Slack
      • Receive and respond to alerts in Slack
      • Create a dedicated Slack channel for an existing alert
      • Create alerts in Slack
      • Look up who is on-call
    • Microsoft Teams Integration
      • Microsoft Teams Chat Integration
        • Microsoft Teams Integration via Incoming Webhook
        • Microsoft Teams Integration via Workflows
      • Microsoft Teams Meeting Integration
      • Create a channel for an existing alert in Microsoft Teams
      • Create alerts in Microsoft Teams
      • Look up who is on-call in Microsoft Teams
  • Incident comms & status pages
    • Getting started
    • Services
    • Incidents
    • Status pages
      • Public vs private status pages
      • Audience-specific status page
    • Metrics
      • Import metrics from Datadog
      • Import metrics from Prometheus
  • 🪄ilert AI
    • Introduction
    • Using ilert AI for efficient incident communication
    • Using ilert AI for post-mortem creation
    • Using ilert AI for schedule generation
    • Using ilert AI for alert grouping
    • Global Search enhanced by ilert AI
      • Bulk resolving similar alerts
  • Call Routing
    • Getting started with call routing
    • Routing calls using call flows
    • Call routing (legacy)
      • Routing calls based on support hours
      • Voicemail only mode
      • Managing call routing alerts
      • Adding webhooks and outbound chat messages
      • Uploading custom audio responses
  • User Administration
    • User roles and permissions
    • Team-based organisation
    • Single sign on
      • Setting up SSO with GSuite
      • Setting up SSO with Microsoft Azure Active Directory
      • Setting up SSO with Okta
      • Setting up SSO with Auth0
      • Auto provisioning users & teams
    • 🔐Two-factor authentication / MFA
  • INTEGRATIONS
    • Types of integrations
    • Inbound integrations
      • 4me Integration
      • Ansible Automation Platform AWX Integration
      • Amazon CloudWatch Integration
      • Amazon SNS Integration
        • Amazon SNS Inbound Integration
        • Amazon SNS Outbound via AWS Lambda
      • Azure Alerts Integration
        • Azure Activity Logs
        • Azure Metric
        • Azure Logs
        • Azure Service Health
        • Azure Sentinel
        • Budget Alert
      • Apica Integration
      • AppDynamics Integration
      • AppSignal Integration
      • AWS Budgets Integration
      • AWS Cloudtrail Integration
      • AWS DevOps Guru Integration
      • AWS GuardDuty Integration
      • AWS Personal Health Dashboard Integration
      • AWS Security Hub Integration
      • Autotask Inbound Integration
      • Auvik Integration
      • Catchpoint Integration
      • Checkly Integration
      • Checkmk Integration
        • Checkmk Integration (v 1.x)
        • Checkmk Integration (v 2.0+ )
      • Cisco Meraki Integration
      • Cisco ThousandEyes Integration
      • Cisco Webex
      • Cloudflare Integration
      • ClusterControl Integration
      • Connectwise Manage Integration
      • Cortex Integration
      • Cortex XSOAR (formerly Demisto) Integration
      • CrowdStrike Integration
      • Dash0 Integration
      • Datadog Integration
      • Dynatrace Integration
      • Elastic Watcher Integration
      • Email Inbound Integration
        • Email Key Extraction and Resolve Examples
        • Automatically resolve Alerts with Emails
      • FreshService Integration
      • Gatus Integration
      • GitHub Integration
        • GitHub Advanced Security Integration
        • GitHub Inbound Check Run (Actions) Integration
        • GitHub Inbound Issue Integration
        • GitHub advanced settings
      • GitLab Integration
      • Google Cloud Monitoring (formerly Stackdriver) Integration
      • Google Security Command Center
      • Grafana Integration
        • Grafana Integration
        • Grafana Integration (v 9.x)
      • Graylog Integration
      • HaloITSM Integration
      • HaloPSA Integration
      • HashiCorp Consul
      • Healthchecks.io Integration
      • HetrixTools Integration
      • Honeybadger Integration
      • Honeycomb Integration
      • Hyperping Integration
      • CrowdStrike Falcon LogScale Integration
      • IBM Cloud Functions Integration
      • Icinga Integration
      • InfluxDB Integration
      • Instana Integration
      • IT-Conductor Integration
      • IXON Cloud Integration
      • Jira Inbound Integration
      • JumpCloud Integration
      • Kafka Integration
      • Kapacitor Integration
      • Kentix AlarmManager
      • Keep Integration
      • Kibana Integration
      • Kubernetes Integration
      • Lightstep Integration
      • Loki integration
      • Mezmo Integration
      • Microsoft SCOM
      • Mimir Integration
      • MongoDB Atlas Integration
      • MXToolBox Integration
      • MQTT Integration
      • Nagios Integration
      • N-central Integration
      • Netdata Integration
      • New Relic Integration
        • New Relic Integration (deprecated)
        • New Relic Workflow Integration
      • Oh Dear Integration
      • PandoraFMS Integration
      • Particle Integration
      • Pingdom Integration
      • PostHog Integration
      • Postman Monitors Integration
      • Prometheus Integration
      • PRTG Network Monitor Integration
      • Prisma Cloud Integration
      • Push Notifications
      • RapidSpike Integration
      • Raygun Integration
      • Rollbar Integration
      • Salesforce Integration
      • Samsara Integration
      • Search Guard Integration
      • Sematext Integration
      • Sensu Integration
      • Sentry Integration
      • Server Density Integration
      • ServerGuard24 Integration
      • ServiceNow Inbound Integration
      • SignalFx Integration
      • Site24x7 Integration
      • SMS Integration
      • SolarWinds Integration
      • Splunk Integration
      • StatusCake Integration
      • StatusHub Integration
      • StatusPage Integration
      • Sumo Logic Integration
      • Sysdig Integration
      • TOPdesk Inbound Integration
      • Terraform Cloud / Terraform Enterprise
      • Tulip Integration
      • Twilio Alarms Integration
      • Twilio Errors Integration
      • Ubidots Integration
      • Uptime Kuma Integration
      • UptimeRobot Integration
      • VictoriaMetrics Integration
      • Zabbix Integration
        • Zabbix 4.4+ Integration
        • Zabbix 2.2 – 4.3 Integration
      • Zammad Inbound Integration
      • Zapier Inbound Integration
      • Zendesk Inbound Integration
    • Outbound integrations
      • Autotask Outbound Integration
      • DingTalk Integration
      • Discord Integration
      • Email Outbound Integration
      • Jira Outbound Integration
      • GitHub Outbound Issue Integration
      • Mattermost Integration
      • ServiceNow Outbound Integration
      • Telegram Integration
      • TOPdesk Outbound Integration
      • Webhook Integration
      • Zammad Outbound Integration
      • Zapier Outbound Integration
      • Zendesk Outbound Integration
      • Zoom Integration
        • Zoom Chat Integration
        • Zoom Meeting Integration
    • Deployment integrations
      • API deployment pipeline
      • Argo CD deployment pipeline
      • Github deployment pipeline
      • GitLab deployment pipeline
  • Reports
    • Overview
    • Alerts
  • API
    • API Reference
    • API Version History
      • API user preference migration 2023
      • Discontinuation of Uptime Monitoring
    • Rate Limiting
    • Client Libraries
      • ilert Agent - ilagent
      • Go Client
      • Rust Client
      • Javascript / Node.js Client
    • Terraform
      • Importing ilert UI resources into Terraform state
    • 👩‍💻ICL - ilert condition language
    • ➿ITL - ilert template language
    • API endpoints / samples
      • Creating alerts through events
      • Importing public status page subscribers
    • 🔥Developing ilert Apps
      • Get started with ilert Apps
      • Understanding OAuth2
      • Developing a Backend App with OAuth2
      • Developing a web or native App with OAuth2 and PKCE
      • Token lifetimes, error codes, app verification, etc.
  • Contact us
  • ilert Release Notes
  • Mobile App
    • Getting started with ilert mobile app
    • Mobile app notification settings
    • Critical push notifications and DND overrides
      • iOS critical alerts configuration
      • Android Push Notification DND Configuration
    • On-call widget
Powered by GitBook
LogoLogo

Product

  • Alerting & Notification
  • On-call Management & Escalations
  • Call Routing
  • Status Pages

Resources

  • Blog
  • Case Studies
  • Security
  • API Reference

Legal

  • Privacy policy
  • Imprint

Increase Your Uptime

  • Start for Free
  • Get a Demo

(c) 2011 - 2025 ilert GmbH

On this page
  • Grouping window
  • Similarity threshold
  • Fine-tuning the threshold value
  • Alert grouping metrics
  • Video Tutorial: How to enable Intelligent alert grouping

Was this helpful?

Edit on GitHub
  1. ilert AI

Using ilert AI for alert grouping

PreviousUsing ilert AI for schedule generationNextGlobal Search enhanced by ilert AI

Last updated 14 days ago

Was this helpful?

Besides window based grouping and action-window based grouping we have introduced event content similarity grouping using ilert AI for alert sources in 2024. With a few clicks users can set up and fine tune their similarity grouping for each alert source.

ilert AI for alert grouping does not share data with any third-parties in its AI processing, all models (and vector databases) that are used as part of the pipeline are (trained), maintained and hosted on ilert's infrastructure.

To get started head to your alert source's edit view and look in the Advanced settings section for the grouping options. Choose Group by content similarity.

Content similarity grouping comes with two options that can be adjusted to fine tune the grouping behaviour. You can come back and adjust these at any time.

Grouping window

You may choose a larger value here if you are confident in your Similarity threshold setting or your monitoring tool events might occur over a larger timespan. In case you are still getting comfortable with your threshold it makes sense to leave the window small to prevent you from missing on alerts. If your main goal is to prevent flooding 5-10 minutes should suffice. If you want precisive stitching a 12-24 hour window might suit best.

Similarity threshold

A value between 0.1 <-->0.995 where a value close to 1 describes almost identical alerts (less grouping) and a value closer to 0 describes less identical (0 = completely different) alerts (more grouping). You can fine tune to as low as 0.005 steps.

Clicking on the set threshold option will open a modal that runs an on demand clustering algorithm on up to 1000 alerts in the last 60 days that this alert source has received, every time you adjust the slider for threshold value.

A grouping preview will show you the sharpness of the selected threshold based on your live alerts that the alert source has processed in the described window.

Remember you need to have sent a few alerts to the alert source to see any grouping preview results (the set threshold option is not available during the creation wizard)

Fine-tuning the threshold value

As described, a higher threshold will result in more precise grouping based on the content of the alerts, shown in our sample above as no alert is grouped at all above. If we lower the threshold to 0.695 we see alerts being grouped.

Lowering the threshold further our group continues to form over all desired alert contents:

Seeing this it seems that for our sample use case might have a perfect threshold at around 0.53 <--> 0.63. If we continue to reduce our threshold we can see that our grouping becomes too generic:

As all alerts are suddenly grouped in a single group.

Note that this is a sample case with demo content, in the wild monitoring tool specific payloads have large contents filled with technical language that will behave differently for each use case, so fine-tuning as shown above will be required to reach your desired behaviour.

Alert grouping metrics

As soon as you enable alert grouping, new metrics will appear in the Alert source settings. You can adjust a timeframe to see how effective the feature is for the alert source for a specified period. The following metrics are available:

  • Reduced alert volume. The percentage by which the total number of alerts decreases after grouping similar alerts.

  • Grouping precision. The percentage of correctly grouped related alerts based on feedback from responders in the alert detail view.

  • Improved response time. The reduction in time to resolve alerts after using alert grouping, assuming each grouped alert saves 30 seconds.

You can leave feedback for every group of alerts. To do so, click the alert and find 👍 and 👎 icons in the Alert details section.

Video Tutorial: How to enable Intelligent alert grouping

🪄