Create and Edit Alert Rules
Overview
Alert rules control which incoming alerts trigger automatic investigations. Create rules to focus OpsWorker on the alerts that matter to your team.
Creating a Rule
- Go to Configurations → Alert Rules
- Click Create Rule
- Configure the rule:
| Field | Description | Example |
|---|---|---|
| Name | Descriptive rule name | "Critical production alerts" |
| Cluster | Which cluster this rule applies to | production-us-east |
| Namespace | Regex pattern matching namespaces | prod-.* (all prod namespaces) |
| Severity | Alert severity to match | critical, warning |
| Labels | Key-value label matching | team=payments |
| Auto-investigate | Auto-start investigations for matches | Enabled / Disabled |
- Click Save
Editing a Rule
- Go to Configurations → Alert Rules
- Click on the rule to edit
- Modify the configuration
- Click Save
Filter Logic
- Filters within a single rule use AND logic — all conditions must match
- Create separate rules for OR logic (either rule triggers an investigation)
Example: AND Logic
Rule: Namespace prod-.* AND Severity critical
- Matches: critical alert in
prod-paymentsnamespace - Does not match: warning alert in
prod-payments, or critical alert instaging
Example: OR Logic
Rule 1: Severity critical (any namespace)
Rule 2: Namespace prod-payments (any severity)
- Matches: any critical alert OR any alert in
prod-payments
Enabling / Disabling Rules
Toggle rules on/off without deleting them. Disabled rules don't match any alerts but retain their configuration.
Deleting Rules
Delete rules you no longer need from the rules list. This action cannot be undone.
Next Steps
- Auto-Investigation — Auto-investigation settings
- Alert Rules Concept — Understanding alert rules