Alert Strategies¶
When a Monitor detects an anomaly, it automatically creates an Incident record. By associating a monitor with an alert strategy, you can ensure that relevant alert notifications are promptly sent to designated recipients.
Alert Strategies not only support the configuration of basic information such as name, description, and time zone, but also offer flexible alert rule settings:
-
Define notification methods based on two dimensions: alert severity level and notification target
-
Support configuration of alert escalation rules to meet urgent scenario requirements
-
Allow customization of notification sending times to adapt to different business scenarios
-
Can set repeat alert rules to flexibly control notification frequency
-
Support aggregation of notification content for more efficient delivery of alert information
Concepts¶
Term |
Description |
|---|---|
| Notification Time Zone | Defines the time zone in which the current alert notification is sent. This defaults to the current Workspace time zone. If the owner or administrator has not configured it, it defaults to the UTC+8 time zone. |
| Event Severity Level | Refers to the urgency level of an Incident. The available levels include Critical, Error, Warning, Info, No Data, All |
| Alert Escalation | Sometimes, simple notification configurations based on level or members cannot meet business needs. If a monitor detects anomalies of the same level multiple times within a short period, it may indicate an ongoing issue. To avoid repeated notifications, you can set rules to automatically escalate persistent anomalies to urgent notifications and send them to designated recipients, ensuring timely attention and resolution of the issue. |
| Custom Notification Time | Refers to self-defining the specific moment for sending notifications through the dimensions of cycle and time. |
| Repeat Alert | You can specify a time interval during which notifications for the same Incident alert are suppressed. Even if Incident data continues to be generated, the system only records it without repeatedly sending alerts; Incident records can be viewed in the Incident Explorer. For example, if an Incident in your workspace is not very urgent but generates high-frequency alert notifications, you can reduce the notification frequency by setting a time interval for repeat alert notifications. |
| Alert Aggregation | Refers to defining that event data is sent externally in notifications using one of four modes: no aggregation, rule-based aggregation, intelligent aggregation, or AI aggregation. In the latter two modes, Incidents are merged according to the respective aggregation rules before being sent. |
| Aggregation Cycle | Based on the rule-based aggregation and intelligent aggregation modes, new Incidents within a certain number of minutes are merged into a single alert notification. Once this aggregation cycle is exceeded, newly occurring Incidents will be grouped into the next new alert notification. |