Skip to main content

Core Uses

Labels are used throughout Flashduty On-call’s alert processing workflow:
ScenarioUse
Incident FilteringQuickly filter by labels in incident list
Route DistributionRoute alerts to different channels based on labels
Assignment NotificationMatch different escalation rules by labels
Alert GroupingGroup similar alerts by label dimensions
Silence/InhibitionMatch alerts to silence or inhibit by labels

Configure Label Enhancement

Go to Integration Details → Label EnhancementAdd Rule.

Enhancement Types

TypeDescriptionExample
ExtractExtract content from title/description/labels using regexExtract IP address from description
CombineConcatenate new labels using template syntaxCombine domain + event ID to generate log link
MapConvert values to readable names via mapping tableMap resource ID to resource type
DeleteRemove specified labelsDelete sensitive info labels
Label enhancement types

Configuration Options

OptionDescription
ConditionOnly applies to alerts matching conditions, see Configure Filter Conditions
OverwriteWhen enabled, overwrites labels with same name; disabled by default
PreviewPreview rule effects using real alerts
Multiple rules execute sequentially from top to bottom. When a rule doesn’t match, it’s skipped and no corresponding label is generated.

Configuration Examples

Scenario: Alert events come from email integration; need to extract key information from description as labels for other scenarios, like extracting IP and trigger value from description as independent labels.
1

View Original Alert

Original alert
2

Configure Extraction Rule

Extraction rule configuration
3

Verify Extraction Result

Extraction result

Mapping Data Management

Mapping Table Data Management

In the mapping table details page, you can manage mapping table data:
FeatureDescription
Data SearchSearch by source label value
Data AddManually add mapping data
Data UploadUpload new data mapping table, will overwrite existing data
Data DownloadDownload current mapping table data locally
Data DisplayDisplay current mapping table data, can edit or delete
Mapping table data management
For frequently changing mapping relationships (like Mapping api data sync), we recommend using API mapping, or use Flashduty API for automated mapping table updates.

Mapping Service API Specification

When using API mapping, your external API service must follow these specifications:

Request Specification

Flashduty will call your API via POST method with the following request body: 
{
  "result_label_keys": ["owner_team", "service_tier", "host_ip"],
  "event": {
    "account_id": 1,
    "channel_id": 20,
    "data_source_id": 15,
    "data_source_type": "prometheus",
    "description": "CPU usage for instance '10.0.1.1:9100' is over 95%",
    "title": "High CPU Usage on instance 10.0.1.1:9100",
    "alert_key": "d41d8cd98f00b204e9800998ecf8427e",
    "alert_id": "62d6c0f6b8f1b2b3c4d5e6f7",
    "event_severity": "Critical",
    "event_status": "Critical",
    "event_time": 1678886400,
    "labels": {
      "region": "us-east-1",
      "service": "service-A",
      "env": "production",
      "instance": "10.0.1.1:9100"
    }
  }
}
FieldTypeDescription
result_label_keysarray[string]List of expected label names to return, configured by user in the rule
eventobjectComplete information of the current alert event

Response Specification

The API must return a JSON response in the following format: Success Response (HTTP 200): 
{
  "result_labels": {
    "owner_team": "team-database",
    "service_tier": "tier-1",
    "host_ip": "10.0.1.1"
  }
}
Response CodeDescription
200 OKSuccess, returns result_labels object
404 Not FoundNo matching data found
400 Bad RequestInvalid request format
5xxInternal server error
If a requested label cannot find a corresponding value, the API should not include that key in result_labels.

Security Constraints

For security purposes, the following HTTP Headers are prohibited in mapping services:
CategoryProhibited Headers
Authenticationauthorization, proxy-authorization, cookie, x-api-key, x-access-token
IP Spoofingx-forwarded-for, x-real-ip, true-client-ip, x-client-ip
Host & Routinghost, x-forwarded-host, x-forwarded-proto, x-internal-id, x-user-id
Protocol Relatedtransfer-encoding, upgrade, connection
We recommend using custom Headers with X-Custom- or X-Enrich- prefix for authentication.

Best Practices

  1. Performance First: The API is on the critical path of alert processing, must ensure low latency (recommended < 500ms)
  2. Implement Caching: For identical query conditions, implement caching to improve performance
  3. Idempotent Design: Multiple calls for the same event should return identical results
  4. Secure Authentication: API must be protected by authentication mechanisms to prevent unauthorized access

Further Reading

Configure Escalation Rules

Use labels to match escalation conditions

Configure Noise Reduction

Use labels as grouping dimensions

Configure Filter Conditions

Learn label matching syntax

Configure Routing Rules

Distribute alerts to different channels