Skip to main content
All CollectionsOn-call management
Creating escalations and incidents from alerts
Creating escalations and incidents from alerts

How to filter your alert routes to create most efficient escalations and incidents

incident.io Engineering Team avatar
Written by incident.io Engineering Team
Updated over a week ago

After you have connected your alert source, it's time to create alert routes. Alert routes are a great way to separate the alerts from each other ie. owned by different teams and then configure when escalations should happen and creating incidents.

Creating a new Alert route

After you have connected your alert source, it's time to create one or more alert routes from it. Remember, you can bring data from multiple data sources to one route!

1️⃣ Head to Alert routes

2️⃣ Give a name to your route
(Recommendation to have a good naming conventions here if you have tens or hundreds of routes)

3️⃣ Choose the alert sources you want to bring to this route

4️⃣ Continue

Filtering alerts

You can filter things that you have coming from the Payload or from your Catalog attributes.

Example: Have your services or features as a Catalog attribute, so in this alert route we will only bring Payments infra services alerts to this route to alert.

Grouping alerts to an incident

Grouping alerts is where we can decrease the amount of noise coming from similar alerts. You can group it by time window and/or attributes like services or features too.

Catalog is where you can store your organisation structure like users, teams, domains, services, integrations etc. This is what makes Alerts powerful for you to create a configuration that is efficient and alerts in the right way and time. You can read more about Catalog here.

Creating escalations from an alert route

You can choose whether you want to page people based on an alert. You do this via Escalation paths. You can create new escalation paths directly in the Alert route, but you can build them also in Escalation paths.

1️⃣ Go to Create alert route > Create incidents -tab

2️⃣ Turn on 'Create escalations'

3️⃣ Choose the escalation path created or navigate to the the escalation path via the Catalog

4️⃣ Add a grace period for a responder to connect to an existing incidents before starting the escalation path

5️⃣ If you want your alert source resolved also impacting the escalations, toggle on the auto-cancellation

Example 1: Connect an alert route to an escalation via a chosen escalation path

Example 2: Connect an alert route to any escalation path by navigating via Catalog

Creating incidents

You can choose exactly when and how you want to create incidents through alert routes! You can customize when incidents are automatically declared when an alert is received based on your filters.

Note: We recommend declaring Triage incidents alongside your paging, as this allows your team to have a dedicated spot to collaborate, and if your team decides this is not an incident, you can simply decline it!

Otherwise, if this turns into a real incident you already have all your troubleshooting context in the Slack channel.

1️⃣ Go to Create alert route > Create incidents -tab

2️⃣ Turn on 'Create incidents'

3️⃣ Add conditions if needed either coming from the payload or from your catalog attributes

4️⃣ Now you can choose what information you want to get shown about an incident in the Slack channel when it is posted. You can see an example on the right side of the screen

We also allow you to turn off incidents and just escalate based on alerts, you can read more about Paging without incidents here.

5️⃣ Finally you are able to choose default modes, types, severities and much more based on your catalog attributes for this specific alert route.

6️⃣ Similarly to escalations, you can decline the triage incidents if the alerts are resolved in the alert source you have connected

Did this answer your question?