Monitor Rules and Severities

Note

The Monitors v2 engine is currently in private preview. Contact your Observe Data Engineer to enable this feature flag. See documentation for Monitors v1.

A monitor often includes multiple severities and desired outcomes. Observe monitors can use the full power of Observe to conditionally filter data. The actions that are taken from a monitor’s detections are filtered by severity. This allows powerful multi-level routing to be configured.

Rules

A rule determines the severity of a match. Common ways to configure rules are:

  • Bands of severity based on the measured data

  • Override severity for specific customers or objects

There are four severities: Informational, Warning, Error, and Critical.

A rule must set a severity. Multiple rules may use the same severity.

Actions

When a rule matches, an alert is created which can be reviewed in Alert Explorer.

If there are no muting rules in effect, then the alert may trigger action.

Each action is filtered by severity. Common ways to configure actions are:

  • Send all alerts of any severity to S3 for compliance storage

  • Send Informational or Warning alerts to Slack only

  • Send Error or Critical alerts to Slack and PagerDuty

Multiple actions can match a single severity.