Introduction
Keep is an open-source alert management and AIOps platform that is a swiss-knife for alerting, automation, and noise reduction.
You can start exploring Keep by simply logging in to the platform. Make sure to also join our Slack community to get help and share your feedback.
What’s an alert?
An alert is an event that is triggered when something undesirable occurs or is about to occur. It is usually triggered by monitoring tools. Example could include: Prometheus, Grafana, Datadog or CloudWatch, and your own proprietary tools.
Alerts are usually categorized into three different groups:
- Infrastructure-related alerts - e.g., a virtual machine consumes more than 99% CPU.
- Application-related alerts - e.g., an endpoint starts returning 5XX status codes.
- Business-related alerts - e.g., a drop in the number of sign-ins or purchases.
What problem does Keep solve?
Keep helps with every step of the alert lifecycle:
- Maintenance - Keep integrates with all of your monitoring tools, allowing you to manage all of your alerts within a single pane of glass.
- Noise reduction - By integrating with monitoring tools, Keep can deduplicate and correlate alerts to reduce noise in your organization. There are 2 types of deduplication: Rule-based (semi-manual) and AI-based (fully automated).
- Automation - Keep Workflows is a GitHub Actions-like experience for automating anything that is triggered by things in Keep: alerts, events, incidents, manually and based on time intervals. It can help with: alert enrichment, ticket creation, self-healing, root cause analysis, and more.
- Incident Correlation - Correlate alerts to incidents, performs triage, and conducts root cause analysis.
How does Keep get my alerts?
There are primarily two ways to get alerts into Keep:
Push
When you connect a Provider, Keep automatically instruments the tools to send alerts to Keep via webhook. As an example, when you connect Grafana, Keep will automatically create a new Webhook contact point in Grafana, and a new Notification Policy to send all alerts to Keep.
You can configure which providers you want to push from by checking the Install Webhook checkbox in the provider settings.
Pull
When you connect a Provider, Keep will start pulling alerts from the tool automatically.
Pulling interval is defined by the KEEP_PULL_INTERVAL environment variable and defaults to 7 days and can be completely turned off by using the KEEP_PULL_DATA_ENABLED environment variable.
You can also configure which providers you want to pull from by checking the Pulling Enabled checkbox in the provider settings.
We strongly recommend using the push method for alerting, as pulling does not include a lot of the features, like workflow automation. It is mainly used for a quick way to get alerts into Keep and start exploring the value.