Monitor Rules and Severities¶
A monitor often includes multiple severities and desired outcomes. Observe monitors can use the full power of Observe to conditionally filter data. The actions that are taken from a monitor’s detections are filtered by severity. This allows powerful multi-level routing to be configured.
Rules¶
A rule determines the severity of a match. Common ways to configure rules are:
Bands of severity based on the measured data
Override severity for specific customers or objects
There are four severities: Informational, Warning, Error, and Critical.
A rule must set a severity. Multiple rules may use the same severity.
Actions¶
When a rule matches, an alert is created which can be reviewed in Alert Explorer.
If there are no muting rules in effect, then the alert may trigger action.
Each action is filtered by severity. Common ways to configure actions are:
Send all alerts of any severity to S3 for compliance storage
Send Informational or Warning alerts to Slack only
Send Error or Critical alerts to Slack and PagerDuty
Multiple actions can match a single severity.