Auto-Investigation Configuration
Overview
Auto-investigation controls whether matching alerts automatically trigger investigations without human intervention.
Setup
Enabling Auto-Investigation
- Go to Configurations → Alert Rules
- Create a new rule or edit an existing one
- Toggle Auto-investigate to Enabled
- Save
When enabled, any alert matching this rule will immediately start an investigation.
Disabling Auto-Investigation
Toggle Auto-investigate to Disabled. Matching alerts are still recorded as signals (visible in the alert timeline) but don't trigger investigations.
How It Works
flowchart LR
A[Alert arrives] --> B{Matches rule?}
B -->|No| C[Recorded only]
B -->|Yes| D{Auto-investigate?}
D -->|Off| C
D -->|On| E[Investigation starts]
Rate Limiting
OpsWorker prevents duplicate investigations:
- If the same alert (same name + resource + namespace) fires multiple times within a short window, only one investigation is created
- This avoids investigation storms during flapping alerts
Best Practices
- Start with auto-investigate disabled — Create the rule, observe which alerts match, then enable
- Enable for critical first — Auto-investigate critical severity, manually review warnings
- Monitor feedback — Use investigation feedback ratings to gauge quality before expanding
- Use daily digest — Review what's being investigated and what's being missed
Next Steps
- Create/Edit Rules — Rule configuration
- Automatic Investigations — How auto-investigation works