Alert Pipeline

The Alert Pipeline is used to manage and optimize triggered alert events, including updating alert titles, modifying alert descriptions, adjusting alert severity, and performing alert filtering or inhibition operations. Through proper configuration of alert rules, you can improve alert readability, reduce alert noise, and enhance problem identification efficiency.

Alert Flow

Alert Configuration

Configuration path: Integration Center => Integration Details => **Alert **

When configuring alert , you can add multiple actions. FlashDuty will execute these actions sequentially according to the configured order.

When configuring actions, you can set alert conditions. The actions will only be executed when alerts meet these conditions.

The result of each action can serve as input conditions for the next action.

Alert Conditions

When condition restrictions are enabled, you can choose to pre-process alerts that meet specific conditions, enabling more precise and flexible alert actions.

Alert conditions support various options, including alert attributes such as title, description, severity, and alert labels. Value matching patterns support fuzzy matching, exact matching, regular expression matching, numerical matching, and CIDR matching. For details, refer to the Configure Filter Conditions documentation.

Action Types

Update Alert Title

Modify the original alert title to new content. The new content can be fixed text, referenced alert labels and attributes, or a combination of both. For reference syntax, see the Referencing Variables documentation. Title length must not exceed 512 characters; excess content will be truncated.

Update Alert Description

Modify the original alert description to new content. The new content can be fixed text, referenced alert labels and attributes, or a combination of both. For reference syntax, see Referencing Variables documentation. Description length must not exceed 2048 characters; excess content will be truncated.

Update Severity

Alert severity is typically determined by system preset mapping rules. You can now customize severity levels through the update severity action to more accurately define alert importance.

Alert Drop

Alert drop functionality is identical to the drop rule in channels, with the only difference being that the former operates at the integration level while the latter at the channel level. Alert drop action can directly discard unnecessary alerts at the integration level, reducing alert load.

Alert Inhibition

Alert inhibition offers two methods:

Integration-level alert inhibition discards alerts meeting inhibition conditions immediately upon entering the system.

Channel-level alert inhibition processes alerts after they've been routed to channels, where you can flexibly choose to either discard these alerts or retain them for future reference.

This layered design meets alert management needs in different scenarios, both reducing unnecessary alert noise and ensuring critical alerts are effectively processed.

Use Cases and Examples

For the following examples, we'll reference a test alert triggered by Nightingale, as shown below:

{
	"incident_status": "Info",
	"incident_severity": "Info",
	"title": "hm-test-alert-rule-name / Cluster-01 - demo-01",
	"description": "hm-test-alert-rule-name trigger value: 29.14912",
	"labels": {
		"__name__": "cpu_usage_idle",
		"cate": "prometheus",
		"check": "hm-test-alert-rule-name",
		"cluster": "Cluster-01",
		"cpu": "cpu-total",
		"datasource_id": "4",
		"detail_url": "https://demo.flashcat.cloud/alert-his-events/4974655",
		"group_id": "1",
		"group_name": "FlashcatOps",
		"ident": "demo-01",
		"metric": "cpu_usage_idle",
		"prom_eval_interval": "10",
		"prom_ql": "cpu_usage_idle{ident=\"demo-01\"} \u003c 100",
		"region": "bj",
		"resource": "demo-01",
		"role": "master",
		"rule_id": "1041",
		"rule_prod": "metric",
		"trigger_value": "29.27852"
	}
}

Case 1: Modify Alert Title

When the original alert title cannot be modified, it defaults to: $check::$cluster::$ident. You can now redefine the alert title using the update alert title action, for example, using: Labels.ident, Labels.cpu, Labels.trigger_value, or other alert attributes. Reference syntax examples:

Fixed Title Format

Custom Delimiter + Content Combination

Reference Labels + Reference Alert Attributes

Case 2: Update Alert Description

Alert description typically combines the alert rule name and trigger value. You can now modify the alert description content using the update alert description action. Reference syntax examples:

Custom Content

Case 3: Update Alert Severity

By default, Nightingale's three-level alerts correspond to FlashDuty's Info level. You can now adjust alert severity levels using the update severity action for more flexible definition of alert importance.

Change Alert Severity to Critical for Host demo-01

Alert Pipeline

Alert Flow#

Alert Configuration#

Alert Conditions#

Action Types#

Update Alert Title#

Update Alert Description#

Update Severity#

Alert Drop#

Alert Inhibition#

Use Cases and Examples#

Case 1: Modify Alert Title#

Case 2: Update Alert Description#

Case 3: Update Alert Severity#