Core Features
Generic Data Source Support
- Query any data source (databases, APIs, metrics systems)
- Combine multiple data sources in a single alert rule
- Apply custom transformations to the data
Flexible Alert Evaluation
- Define custom conditions using templated expressions
- Support for complex boolean logic and mathematical operations
- State management for alert transitions (pending->firing->resolved)
- Deduplication and alert instance tracking
Customizable Alert Definition
- Full control over alert metadata (name, description, severity)
- Dynamic labels based on evaluation context
- Template support for all alert fields
- Custom fingerprinting for alert grouping
Core Components
Alert States
- Pending: Initial state when alert condition is met (relevant only if
for
supplied) - Firing: Active alert that has met its duration condition
- Resolved: Alert that is no longer active
Alert Rule Components
- Data Collection: Query steps to gather data from any source
- Condition (
if
): Expression that determines when to create/update an alert - Duration (
for
): Optional time period the condition must be true before firing - Alert Definition: Complete control over how the alert looks and behaves:
- Name and description
- Severity levels
- Labels for routing
- Custom fields and annotations
State Management
- Fingerprinting: Unique identifier for alert deduplication and state tracking
- Keep-Firing: Control how long alerts remain active
- State Transitions: Rules for how alerts move between states
Examples
The following examples demonstrate different ways to use the alert evaluation engine:- Single Metric Alert - Basic example showing metrics-based alerting
- Multiple Metrics Alert - Advanced example with multiple alert instances