LogoLogo
API DocsDeveloper PortalSystem StatusTry for Free
  • Quickstart Guide
    • Introduction
    • Get started as an Account Owner
    • Get started as a User
    • Glossary
    • FAQs
  • Manage Users
    • Types of Users
    • Add and Delete Users
    • Import Users
    • User Permissions - Access Controls
    • Manage Your Profile
    • Notification Rules
    • On-Call Reminder Rules
    • Change Account Owner
  • Manage Teams
    • Understanding Teams
    • Role Based Access Control
    • Owner Based Access Control
    • Create and Delete Teams
    • Add and Remove Team Members
    • Squads
    • Stakeholder Groups
  • Services
    • Adding a Service
    • Service Overview
    • Service Graph
    • Maintenance Mode
    • Alert Deduplication Rules
      • Alert Deduplication Rules
      • Incident Status Based Deduplication
      • Service Dependency Based Deduplication
      • Key Based Deduplication
    • Event Tagging
    • Alert Routing
    • Alert Suppression
    • Custom Content Templates
    • Intelligent Alert Grouping (IAG)
    • Auto Pause Transient Alerts (APTA)
    • Delayed Notifications
  • Schedules
    • Schedules (New)
      • Adding a Schedule
      • Schedules Overview
      • Who is On-Call?
      • My On-Call Shifts
      • Overrides
      • Videos: How to set up common use cases?
  • Escalation Policies
    • Create and Manage Escalation Policy
    • Round Robin & Advanced Escalations
    • Reassign an Incident
  • Notifications
    • Understanding Incident Notifications
  • Dashboards
    • Incident Management Dashboard
    • Dashboard Metrics
    • Take Bulk Actions
    • Squadcast Search
  • Incident List
    • Incident List View
    • Incident Priorities
    • Filter Incidents
    • Save Filter View
    • Merge Incidents
    • Snooze Incidents
  • Incidents Page
    • Incidents Details
    • Incident Activity Timeline
    • Communication Channels
    • Create Incident Manually
    • Incident Notes
    • Incident Watchers
    • Past Incidents
    • Additional Responders
    • Incident Summaries
    • Incident Suggestions
  • Runbooks
    • Runbooks
  • Postmortems
    • Postmortem Templates
    • Create Postmortems
    • Accessing Postmortem
  • Status Page
    • Status Page
    • Status Page Overview
    • Components and Groups
    • Issues
    • Subscribers
    • Maintenance
  • SLO Tracker
    • SLO Basics
    • Configure and Monitor your SLOs
  • Webforms
    • Webforms
  • Global Event Rulesets
    • Global Event Rulesets
  • Workflows
    • Workflows
    • Workflows Overview
    • Actions
  • Live Call Routing
    • Live Call Routing
  • Analytics
    • Analytics (New)
    • Organization Level Analytics
    • On Call Hours Per User
    • Weekly Reports
  • Integrations
    • Incident Webhook (Incident Webhook/API)
    • Outgoing Webhooks
    • ServiceNow Extension
    • Extensions
      • Jira Cloud Integration
      • Jira DC (Data Center)
      • CircleCI
      • Google Chat
      • Freshdesk
      • Freshservice
      • Asana
      • ClickUp
      • Trello
      • Zendesk
      • Hubspot
    • Alert Source Integrations (Native)
      • Admin Labs
      • Airbrake
      • Amazon EventBridge
      • Amazon GuardDuty
      • Amazon Opensearch
      • APImetrics
      • AppDynamics
      • AppSignal
      • Auvik
      • AWS CloudTrail Logs
      • AWS CloudTrail via CloudWatch
      • Amazon Cloudwatch (AWS) Integration
      • AWS CloudWatch Event Rules
      • AWS Elastic Beanstalk via CloudWatch
      • Amazon RDS (AWS)
      • Amazon SNS (AWS)
      • Azure Monitor
      • Better Uptime
      • Bitbucket
      • Bitrix 24
      • Blue Matador
      • Bugsnag
      • Buildkite
      • Checkly
      • Checkmk
      • CircleCI Integration
      • Cisco DNAC
      • Cisco Meraki
      • ClickUp Integration
      • CloudAMQP
      • Cloudflare
      • Conviva
      • CopperEgg
      • Coralogix
      • Cronitor
      • Crowdstrike Falcon
      • Datadog
      • Databricks
      • Dead Man's Snitch
      • Domotz
      • Dotcom Monitor
      • Dynatrace
      • ElastAlert
      • Elastic
      • Elecard Boro
      • Email Integration
      • Endtest
      • Errorception
      • Freshdesk Integration
      • Freshping
      • Freshservice
      • Ghost Inspector
      • GitHub Integration
      • GitLab
      • Grafana 8
      • Grafana
      • Graylog v4
      • Graylog
      • HaloPSA
      • Healthchecks
      • Heroku
      • HetrixTools
      • Honeybadger
      • Honeycomb
      • Humio
      • Hund
      • Hydrozen
      • Hyperping
      • Icinga2
      • InsightOps (LogEntries)
      • Instana
      • Intercom
      • Jenkins Integration
      • Jira Cloud Alert Source
      • Jira Server Alert Source
      • Kapacitor
      • Kentik
      • Komodor
      • Kibana
      • LibreNMS
      • Linear
      • Loggly
      • Logstash
      • Logz.io
      • ManageEngine Application Manager
      • ManageEngine Opmanager
      • Mezmo (formerly LogDNA)
      • MongoDB Atlas / Cloud Manager
      • Nagios
      • New Relic
      • Nixstats
      • NodePing
      • Observium
      • Oh Dear
      • Oracle Cloud Infrastructure
      • OSNexus QuantaStor
      • OverOps
      • Papertrail
      • Pingdom
      • Plesk 360
      • Postman
      • Postmark
      • Powercode
      • Progress WhatsUp Gold
      • Prometheus
      • PRTG Network Monitor
      • Rapid7 InsightIDR
      • RapidSpike
      • Redash
      • Redgate SQL Monitor
      • Rollbar
      • Rundeck
      • Runscope
      • Salesforce Cloud
      • Scout APM
      • Sematext
      • Sensu Go
      • Sensu
      • Sentry.io
      • Server Density
      • ServerGuard24
      • ServiceNow Integration
      • Shortcut (Clubhouse)
      • SignalFx
      • SigNoz
      • Site24x7
      • Slack
      • SolarWinds AppOptics
      • SolarWinds Observability SaaS (SWO)
      • SolarWinds Observability Self Hosted
      • Sonar
      • Splunk
      • Sqreen
      • Stackdriver
      • Stackify Retrace
      • StatHat
      • StatusCake
      • ServiceDesk Plus OD
      • Sumo Logic
      • Sysdig Monitor
      • Threat Stack
      • Trello
      • Twilio
      • Uptime
      • Uptime Robot
      • Uptrends
      • Wavefront
      • Zabbix 5.0
      • Zabbix 6.2
      • Zabbix
      • Zendesk Integration
      • Zoho Desk
      • Zoho Desk via Zoho Flow
      • LogicMonitor
  • ChatOps
    • Google Chat
    • Microsoft Teams
    • Slack for Incident Management
      • Using the Integration
  • Single Sign-On (SSO)
    • AWS SSO
    • Azure Active Directory SSO
    • Google SSO
    • Microsoft ADFS SSO
    • Okta SSO Integration
    • SAML 2.0 based SSO
  • Mobile App
    • Using the Mobile App
  • Terraform & API Documentation
    • Terraform Provider
    • Public API - Refresh Token
    • API Documentation
    • Getting Started with Squadcast GraphQL
      • Schedules
        • Create Schedule
        • Update Schedule
        • Delete Schedule
        • Pause Schedule
        • Get Schedules
        • Get Schedule by ID
        • Resume Schedule
        • Clone Schedule
        • Get Gaps
      • Rotations
        • Create Rotation
        • Update Rotation
        • Delete Rotation
        • Get Rotation by ID
        • Get Rotation Events by ID
      • Overrides
        • Create Override
        • Update Override
        • Delete Override
        • Get Override by ID
      • Calendar URLs
      • Who is On-Call
    • Developer Portal
    • Incident Rate Limiting
  • Managing your Squadcast Account
    • Audit Logs
    • Organizations
    • Billing FAQs
    • Deactivate your Squadcast Account
    • Delete your Squadcast Account
Powered by GitBook
On this page
  • Prerequisite
  • Add Ruleset
  • Add Alert Sources
  • Add Rules
  • Example
  • Catch All Rule

Was this helpful?

  1. Global Event Rulesets

Global Event Rulesets

Streamline routing alerts across services and take action based on predefined global event rulesets

PreviousWebformsNextWorkflows

Last updated 1 year ago

Was this helpful?

Global Event Rulesets let you create rulesets for alert routing, eliminating the need for individual alert source webhooks setup for each Service. This centralized routing simplifies configuration management, saving time and enhancing efficiency, particularly for users dealing with numerous micro-services.

The scope for a ruleset is a Team, and the execution updates for Global Event Rulesets are recorded in the Incident Activity Timeline.

Image. Global Event Rulesets

Note: This feature will be available for accounts in the .

Prerequisite

  • To effectively create and manage Global Event Rulesets, the user assigned to the Team must possess the appropriate permissions corresponding to their User Role.

Add Ruleset

To add new rulesets,

  1. Navigate to Global Event Rulesets -> Add New Ruleset

  2. Next, add the Ruleset Name, optional Description, and select the Ruleset Owner.

  3. Click Save, and you're done.

Note:

  1. You can create and manage up to 30 rulesets for each Team.

  2. A Ruleset Owner is a user or a Squad that someone can reach out to, for anything pertaining to that ruleset. There are no permissions associated with the ownership here.

This creates a new ruleset, and the next step is to add alert sources and start creating rules for your ruleset. If you would like to create multiple such rulesets, each with individual endpoints, repeat the above steps as needed.

Note: You can edit or delete a ruleset from its detail page.

Please note, that deleting a ruleset will remove all the mapped alert sources and their rules.

Add Alert Sources

To add alert sources to a ruleset,

  1. Navigate to Global Event Rulesets -> select the relevant ruleset from the list.

  2. Click Add Alert Source -> In the side panel, search and select the alert source you wish to create a rule for -> Click Add.

Note:

  1. You can only add one alert source at a time.

  2. Deleting an added alert source from the ruleset will result in all its rules getting deleted.

Add Rules

Event rules allow you to set actions that should be taken on events that meet your designated rule criteria. In the current version, the only action that the system takes is routing of incoming alerts.

To add rules for an alert source,

  1. Navigate to Global Event Rulesets -> select the relevant ruleset from the list.

  2. For your added alert source, click Add Rule.

  3. In the side panel, provide a Rule Description and create the Rule Expression, referring to the payload data available on the right.

  4. Lastly, designate the Service for routing when the rule expression is met -> Click Save.

Note: You can create and manage up to 1000 rules for each alert source.

To manage the order of rule execution, simply use the arrows to rearrange the priority of these rules.

Note:

  1. The payload you see on the right may be a sample payload provided by Squadcast for the selected alert source, if you have not set up alert source webhooks and started receiving alerts yet. If the webhooks have been set up and you are receiving alerts, then you will see the payload of the latest alert for that alert source.

  2. Also note that, if alert sources support multiple types of payloads for different events, please ensure you refer to the documentation of your alert source for the different payload structures.

  3. You will see only the Services for the selected Team.

Important: If you intend to delete a Service in Squadcast that is associated with a Global Event Ruleset, please ensure that you delete the rule first. Otherwise, you will receive a warning message similar to the one described below.

Example

Alert Source: Admin Labs

{
    "webhookId": "5e3378c2-275d-11e8-89db",
    "monitorId": "1afb2342-2754-11e8-89db",
    "monitorName": "Example",
    "monitorAddress": "http://example.adminlabs.com/example.html",
    "stateChange": "down",
    "outageId": "4fd5c5df-275d-11e8",
    "outageStartedAt": "2018-03-14 08:57:09",
    "outageEndedAt": null,
    "maintenanceId": null
  }

Example Rule Expression:

payload.stateChange="down"

Catch All Rule

Any alerts that are sent through event rules but do not match any are routed to the Service configured in the Catch All Rule. If the Catch All Rule is empty, the outlier alert is simply dropped from the system. Configuring this helps in making sure no alerts are missed, that is, every incoming alert ends up reaching a Service.

🔹 Best Practice Tip 🔹 This is not mandatory, but we highly recommend having this configured.

To add a catch-all rule,

  1. Navigate to Global Event Rulesets -> Select the relevant ruleset from the list.

  2. For your added alert source, click Add Catch All Rule -> Select a Service.

  3. Click Save.

Have any questions? .

Ask the community
Enterprise plan
Global Event Rulesets flow in Squadcast for Incident Management
Image. Add Ruleset
Image. Details for added Ruleset
Image. Add Alert Source
Image. Added Alert Sources
Image. Add Rules for an Alert Source
Image. View and arrange the priority of added Rule
Image. Add Catch All Rule for an Alert Source
Image. View Added Catch All Rule
Add Ruleset in Squadcast for Incident Management
Details for added Ruleset in Squadcast for Incident Management
Add Alert Source in GER in Squadcast for Incident Management
Added Alert Source in GER in Squadcast for Incident Management
Add Rules for an Alert Source in Squadcast for Incident Management
View and arrange priority of added Rule in Squadcast for Incident Management
Add Catch All Rule for an Alert Source in Squadcast for Incident Management
View Added Catch All Rule in Squadcast for Incident Management