Alert Workflows
Alert workflows are triggered on changes to the alerts data. The Rootly platform is capable of receiving incoming events, known as alerts. These alerts are streamed in from a number of integrations (e.g. Jira, PagerDuty, Datadog, Grafana, etc.). You can leverage the power of workflows to auto declare incidents, send Slack notifications, etc. from these alerts.
Alert workflows are particularly useful for...
- Auto declaring incidents based on an incoming alert
- Updating an incident or action item based on changes to a corresponding Jira ticket
- Alerting common team channels (e.g. #alerts, #sre, #security) of critical events
In order to use an alert workflow, you must first ensure that you have alerts flowing into Rootly. See the Alerts page to learn more.
Follow the navigation below to begin configuring an alert workflow.
Workflows > Create Workflow > Alert
There is only one trigger event available for alert workflows. Select the Alert Created option as the trigger event. This will cause the workflow to initiate as soon as an alert is received in your Rootly organization.
Alert workflows have three properties that you condition off of.
The source represents where the alert originated from.
In the example above, the source condition will only pass if the alert came from PagerDuty.
You can find the source of an alert on the main Alerts page.
Each alert comes with a series of labels. The labels differ depending on the source (e.g an alert from Jira will have a different set of labels from an alert from Datadog). Alert labels are stored as an array of values.
In the example above, the label condition will only pass if the alert contains both the service_id:PLVWMVW AND action:incident.triggered labels.
You can find the labels for each alert on the alert details page. Alerts > select a specific alert.
Each alert comes with a payload. The payload also differs depending on the source. Alert payload is stored as a JSON structure. JSONPath syntax can be used to filter for a specific value within the payload. Ruby regular expression (regexp) can be used to match the value filtered via JSONPath.
In the example above, the payload condition will only pass if the type field (within the data object in the payload) equals to incident, irregardless of the case (e.g. Incident is okay, INCIDENT is also okay, InCiDeNt is okay as well).
As with the label, you can also find the payload for each alert on the alert details page. Alerts > select a specific alert.
Unlike other types of workflows, the available actions in alert workflows are fixed and not dependent on the integrated applications.
In the example below, the workflow will declare an incident in Rootly.
Once this alert workflow runs and creates an incident, it will result in an Incident Created event. Thus kicking off any incident workflows conditioned to initiate on an Incident Created event.
Be careful when setting up alert workflows as it might cause subsequent incident workflows to trigger unintentionally.
It is highly recommended that you disable your incident workflows before configuring and testing an alert workflow.
If you need help or more information about this integration, please contact [email protected] or start a chat by navigating to Help > Chat with Us.
