Links

Global Event Rulesets

Streamline routing alerts across services and take action based on predefined global event rulesets
Global Event Rulesets let you create rulesets for alert routing, eliminating the need for individual alert source webhooks setup for each Service. This centralized routing simplifies configuration management, saving time and enhancing efficiency, particularly for users dealing with numerous micro-services.
The scope for a ruleset is a Team, and the execution updates for Global Event Rulesets are recorded in the Incident Activity Timeline.
Global Event Rulesets flow in Squadcast for Incident Management
Image. Global Event Rulesets
Note: This feature will be available for accounts in the Enterprise plan.

Prerequisite

  • To effectively create and manage Global Event Rulesets, the user assigned to the Team must possess the appropriate permissions corresponding to their User Role.

Add Ruleset

To add new rulesets,
  1. 1.
    Navigate to Global Event Rulesets -> Add New Ruleset
  2. 2.
    Next, add the Ruleset Name, optional Description, and select the Ruleset Owner.
  3. 3.
    Click Save, and you're done.
Note:
  1. 1.
    You can create and manage up to 30 rulesets for each Team.
  2. 2.
    A Ruleset Owner is a user or a Squad that someone can reach out to, for anything pertaining to that ruleset. There are no permissions associated with the ownership here.
Add Ruleset in Squadcast for Incident Management
Image. Add Ruleset
Details for added Ruleset in Squadcast for Incident Management
Image. Details for added Ruleset
This creates a new ruleset, and the next step is to add alert sources and start creating rules for your ruleset. If you would like to create multiple such rulesets, each with individual endpoints, repeat the above steps as needed.
Note: You can edit or delete a ruleset from its detail page.
Please note, that deleting a ruleset will remove all the mapped alert sources and their rules.

Add Alert Sources

To add alert sources to a ruleset,
  1. 1.
    Navigate to Global Event Rulesets -> select the relevant ruleset from the list.
  2. 2.
    Click Add Alert Source -> In the side panel, search and select the alert source you wish to create a rule for -> Click Add.
Note:
  1. 1.
    You can only add one alert source at a time.
  2. 2.
    Deleting an added alert source from the ruleset will result in all its rules getting deleted.
Add Alert Source in GER in Squadcast for Incident Management
Image. Add Alert Source
Added Alert Source in GER in Squadcast for Incident Management
Image. Added Alert Sources

Add Rules

Event rules allow you to set actions that should be taken on events that meet your designated rule criteria. In the current version, the only action that the system takes is routing of incoming alerts.
To add rules for an alert source,
  1. 1.
    Navigate to Global Event Rulesets -> select the relevant ruleset from the list.
  2. 2.
    For your added alert source, click Add Rule.
  3. 3.
    In the side panel, provide a Rule Description and create the Rule Expression, referring to the payload data available on the right.
  4. 4.
    Lastly, designate the Service for routing when the rule expression is met -> Click Save.
Note: You can create and manage up to 1000 rules for each alert source.
Add Rules for an Alert Source in Squadcast for Incident Management
Image. Add Rules for an Alert Source
View and arrange priority of added Rule in Squadcast for Incident Management
Image. View and arrange the priority of added Rule
To manage the order of rule execution, simply use the arrows to rearrange the priority of these rules.
Note:
  1. 1.
    The payload you see on the right may be a sample payload provided by Squadcast for the selected alert source, if you have not set up alert source webhooks and started receiving alerts yet. If the webhooks have been set up and you are receiving alerts, then you will see the payload of the latest alert for that alert source.
  2. 2.
    Also note that, if alert sources support multiple types of payloads for different events, please ensure you refer to the documentation of your alert source for the different payload structures.
  3. 3.
    You will see only the Services for the selected Team.
Important: If you intend to delete a Service in Squadcast that is associated with a Global Event Ruleset, please ensure that you delete the rule first. Otherwise, you will receive a warning message similar to the one described below.

Example

Alert Source: Admin Labs
{
"webhookId": "5e3378c2-275d-11e8-89db",
"monitorId": "1afb2342-2754-11e8-89db",
"monitorName": "Example",
"monitorAddress": "http://example.adminlabs.com/example.html",
"stateChange": "down",
"outageId": "4fd5c5df-275d-11e8",
"outageStartedAt": "2018-03-14 08:57:09",
"outageEndedAt": null,
"maintenanceId": null
}
Example Rule Expression:
payload.stateChange="down"

Catch All Rule

Any alerts that are sent through event rules but do not match any are routed to the Service configured in the Catch All Rule. If the Catch All Rule is empty, the outlier alert is simply dropped from the system. Configuring this helps in making sure no alerts are missed, that is, every incoming alert ends up reaching a Service.
🔹 Best Practice Tip 🔹 This is not mandatory, but we highly recommend having this configured.
To add a catch-all rule,
  1. 1.
    Navigate to Global Event Rulesets -> Select the relevant ruleset from the list.
  2. 2.
    For your added alert source, click Add Catch All Rule -> Select a Service.
  3. 3.
    Click Save.
Add Catch All Rule for an Alert Source in Squadcast for Incident Management
Image. Add Catch All Rule for an Alert Source
View Added Catch All Rule in Squadcast for Incident Management
Image. View Added Catch All Rule