Alert Strategies¶
When a monitor detects an anomaly, it automatically creates an incident record. By associating a monitor with an alert strategy, you can ensure that relevant alert notifications are promptly sent to designated recipients.
The configuration of alert strategies not only provides basic functionalities such as name, description, time zone, and operation permissions, but also supports flexible definition of notification methods from two dimensions: alert level and notification targets. Additionally, you can configure escalation notifications for alert strategies to handle urgent situations. Meanwhile, alert strategies allow you to customize the time of notification delivery to meet the needs of different scenarios.
For ongoing incidents or specific alert conditions, you can set up repeat alert rules to flexibly control the notification frequency. When sending notifications, you can also choose whether to aggregate notification content to deliver information to recipients in a more efficient and concise manner.
Concepts¶
Term |
Description |
|---|---|
| Notification Time Zone | Defines the time zone in which the current alert notification is sent. This defaults to the current workspace time zone. If the owner or administrator has not configured it, it defaults to the UTC+8 time zone. |
| Event Level | Indicates the urgency of the incident. Available levels include Critical, High, Warning, Data Gap, Info, All. |
| Alert Escalation | Sometimes simple notification configurations based on level or members cannot meet business needs. If a monitor detects anomalies of the same level multiple times in a short period, it may indicate an ongoing issue. To avoid duplicate notifications, you can set rules to automatically escalate persistent anomalies to critical notifications and send them to designated recipients to ensure timely attention and resolution. |
| Custom Notification Time | Allows you to specify the exact moment of notification delivery through the dimensions of period and time. |
| Repeat Alerts | You can specify a time interval during which the same incident alert notification is suppressed. Even if incident data continues to be generated, the system only records without sending duplicate alerts, and incident records can be viewed in the incident explorer. For example, if an incident in your workspace is not very urgent but generates frequent alert notifications, you can reduce the notification frequency by setting the repeat alert notification interval. |
| Alert Aggregation | Defines the event data to be sent as notifications in four modes: non-aggregation, rule-based aggregation, intelligent aggregation, and AI aggregation. In the latter two modes, events will be merged according to the corresponding aggregation rules before being sent. |
| Aggregation Cycle | Based on rule-based and intelligent aggregation modes, new events within a certain number of minutes are merged into a single alert notification. Once this aggregation cycle is exceeded, newly occurring events will be included in the next new alert notification. |
Getting Started¶