Alert Rules
What are Alert Rules
Alert rules control which incoming signals trigger automatic investigations. They act as filters between your monitoring systems and OpsWorker's investigation engine, ensuring that only the alerts you care about are investigated.
Without alert rules, every incoming alert would trigger an investigation. Rules let you focus OpsWorker's analysis on the alerts that matter to your team.
How Rules Work
When a signal arrives, OpsWorker evaluates it against your configured alert rules:
flowchart LR
A[Signal arrives] --> B{Matches any rule?}
B -->|Yes| C{Auto-investigate enabled?}
B -->|No| D[Signal recorded only]
C -->|Yes| E[Investigation starts]
C -->|No| D
Rule Configuration
Each alert rule can filter on:
| Filter | Description | Example |
|---|---|---|
| Namespace | Regex pattern matching Kubernetes namespace | prod-.* (all production namespaces) |
| Severity | Alert severity level | critical, warning |
| Labels | Key-value matching on alert labels | team=payments, service=api |
| Cluster | Which cluster this rule applies to | production-us-east |
Filters can be combined with AND/OR logic for complex matching scenarios.
Auto-Investigation
Each rule has an auto-investigation toggle:
- Enabled — Matching alerts automatically trigger an investigation with no manual intervention
- Disabled — Matching alerts are recorded but not investigated automatically
This lets you define rules for visibility (see which alerts match) before enabling automatic investigation.
Examples
| Rule Name | Filters | Purpose |
|---|---|---|
| Critical production alerts | Severity: critical, Namespace: prod-.* | Investigate all critical alerts in production |
| Payment service | Labels: service=payment, Severity: any | Investigate all alerts for the payment service |
| Staging warnings | Namespace: staging, Severity: warning + critical | Investigate warnings and above in staging |
Best Practices
- Start narrow — Begin with critical alerts in production, then expand as you gain confidence
- Use namespace patterns — Filter by namespace regex to cover groups of related services
- Review regularly — Use the daily digest and insights dashboard to identify rules that should be added or adjusted
- Enable auto-investigation gradually — Create rules with auto-investigation disabled first, monitor which signals match, then enable
Next Steps
- Configure Alert Rules — Step-by-step setup guide
- Auto-Investigation Configuration — Detailed auto-investigation settings
- Noise Reduction — Reduce alert fatigue