Overview
When alerts arrive from different sources, each has its own payload structure containing information. Alert Fields allows you to normalize all of this data, regardless of how it’s passed to Rootly from the Alert Source, into an Alert Field that you can then reference consistently across Rootly.Examples
Route alerts by impacted product area: Create a “Product Area” alert field, then build alert routes that direct notifications to the right teams based on the service value—no matter which monitoring tool sent the alert. Enrich alert data: Extract severity, environment, region, or custom metadata from alerts. Rootly will automatically surface this to responders to drive faster triage. Build better metrics: Track alert volume, response times, or escalation patterns using normalized field values instead of parsing different payload structures. Simplify multi-tool environments: When you use multiple monitoring platforms, alert fields eliminate the need to maintain separate routing logic for each one.Configure Alert Fields
Rootly will automatically write the field data based on how your Alert Sources are configured. On each Alert Source, you have full control over which field values will be set, and the values themselves.
- Navigate to your Alert Source and select the Fields tab.
- Click “Add Field” to choose which alert field you want to populate from this alert source. From this view, you are also able to add a new alert field. This new alert field will be accessible across all other alert sources if you want to also use them there.
-
Define the alert payload data you want to extract the value from. Use Liquid templating to parse the payload.
Use past alerts as a reference by reviewing the alerts shown on the right-hand side: these are recent alerts that have come in from this source. Click into any alert to review its payload structure, and select any purple pill in the payload to copy its Liquid expression to your clipboard.
- Save your configuration. From now on, every incoming alert from this source will automatically map the value from the specified Liquid expression into your alert field.
If the title and description field are left blank, Rootly will automatically set this value depending on the type of alert source. For example, if you are configuring an email alert source, we will automatically set the alert to the email’s subject line.
Using Alert Fields in Alert Routes
Alert fields can be used as conditions when configuring alert routes, allowing you to build routing logic based on normalized data rather than raw payload structures. This approach means you can write routing rules once and have them work consistently across all your alert sources, as long as each source maps data to the same alert fields. Learn about building Alert Routes on the Alert Routes page.Using Alert Fields for Auto-Resolution Rules
For email alert sources, you can use alert fields to define conditions under which alerts should be automatically resolved. To configure auto-resolution rules:- Navigate to your email alert source in your Rootly admin.
- Define conditions that determine when an incoming email alert should be auto-resolved.
- Reference alert field values in your conditions to build your auto-resolution logic.
Accessing Alert Fields as a Responder
When an alert comes in and you’re paged, you can view the alert field values in the details section of the alert. This information is available across all platforms:- Web: View alert fields in the alert details page
- Slack: See alert fields in the alert details within Slack
- Mobile: Access alert fields directly in the Rootly mobile app