LogoLogo
API DocsDeveloper PortalSystem StatusTry for Free
  • Quickstart Guide
    • Introduction
    • Get started as an Account Owner
    • Get started as a User
    • Glossary
    • FAQs
  • Manage Users
    • Types of Users
    • Add and Delete Users
    • Import Users
    • User Permissions - Access Controls
    • Manage Your Profile
    • Notification Rules
    • On-Call Reminder Rules
    • Change Account Owner
  • Manage Teams
    • Understanding Teams
    • Role Based Access Control
    • Owner Based Access Control
    • Create and Delete Teams
    • Add and Remove Team Members
    • Squads
    • Stakeholder Groups
  • Services
    • Adding a Service
    • Service Overview
    • Service Graph
    • Maintenance Mode
    • Alert Deduplication Rules
      • Alert Deduplication Rules
      • Incident Status Based Deduplication
      • Service Dependency Based Deduplication
      • Key Based Deduplication
    • Event Tagging
    • Alert Routing
    • Alert Suppression
    • Custom Content Templates
    • Intelligent Alert Grouping (IAG)
    • Auto Pause Transient Alerts (APTA)
    • Delayed Notifications
  • Schedules
    • Schedules
      • Adding a Schedule
      • Schedules Overview
      • Who is On-Call?
      • My On-Call Shifts
      • Overrides
      • Videos: How to set up common use cases?
  • Escalation Policies
    • Create and Manage Escalation Policy
    • Round Robin & Advanced Escalations
    • Reassign an Incident
  • Notifications
    • Understanding Incident Notifications
  • Dashboards
    • Incident Management Dashboard
    • Dashboard Metrics
    • Take Bulk Actions
    • Squadcast Search
  • Incident List
    • Incident List View
    • Incident Priorities
    • Filter Incidents
    • Save Filter View
    • Merge Incidents
    • Snooze Incidents
  • Incidents Page
    • Incidents Details
    • Incident Activity Timeline
    • Communication Channels
    • Create Incident Manually
    • Incident Notes
    • Incident Watchers
    • Past Incidents
    • Additional Responders
    • Incident Summaries
    • Incident Suggestions
  • Runbooks
    • Runbooks
  • Postmortems
    • Postmortem Templates
    • Create Postmortems
    • Accessing Postmortem
  • Status Page
    • Status Page
    • Status Page Overview
    • Components and Groups
    • Issues
    • Subscribers
    • Maintenance
  • SLO Tracker
    • SLO Basics
    • Configure and Monitor your SLOs
  • Webforms
    • Webforms
  • Global Event Rulesets
    • Global Event Rulesets
  • Workflows
    • Workflows
    • Workflows Overview
    • Actions
  • Live Call Routing
    • Live Call Routing
  • Analytics
    • Analytics (New)
    • Organization Level Analytics
    • On Call Hours Per User
    • Weekly Reports
  • Integrations
    • Incident Webhook (Incident Webhook/API)
    • Outgoing Webhooks
    • ServiceNow Extension
    • Extensions
      • Jira Cloud Integration
      • Jira DC (Data Center)
      • CircleCI
      • Google Chat
      • Freshdesk
      • Freshservice
      • Asana
      • ClickUp
      • Trello
      • Zendesk
      • Hubspot
    • Alert Source Integrations (Native)
      • Admin Labs
      • Airbrake
      • Amazon EventBridge
      • Amazon GuardDuty
      • Amazon Opensearch
      • APImetrics
      • AppDynamics
      • AppSignal
      • Auvik
      • AWS CloudTrail Logs
      • AWS CloudTrail via CloudWatch
      • Amazon Cloudwatch (AWS) Integration
      • AWS CloudWatch Event Rules
      • AWS Elastic Beanstalk via CloudWatch
      • Amazon RDS (AWS)
      • Amazon SNS (AWS)
      • Azure Monitor
      • Better Uptime
      • Bitbucket
      • Bitrix 24
      • Blue Matador
      • Bugsnag
      • Buildkite
      • Checkly
      • Checkmk
      • CircleCI Integration
      • Cisco DNAC
      • Cisco Meraki
      • ClickUp Integration
      • CloudAMQP
      • Cloudflare
      • Conviva
      • CopperEgg
      • Coralogix
      • Cronitor
      • Crowdstrike Falcon
      • Datadog
      • Databricks
      • Dead Man's Snitch
      • Domotz
      • Dotcom Monitor
      • Dynatrace
      • ElastAlert
      • Elastic
      • Elecard Boro
      • Email Integration
      • Endtest
      • Errorception
      • Freshdesk Integration
      • Freshping
      • Freshservice
      • Ghost Inspector
      • GitHub Integration
      • GitLab
      • Grafana 8
      • Grafana
      • Graylog v4
      • Graylog
      • HaloPSA
      • Healthchecks
      • Heroku
      • HetrixTools
      • Honeybadger
      • Honeycomb
      • Humio
      • Hund
      • Hydrozen
      • Hyperping
      • Icinga2
      • InsightOps (LogEntries)
      • Instana
      • Intercom
      • Jenkins Integration
      • Jira Cloud Alert Source
      • Jira Server Alert Source
      • Kapacitor
      • Kentik
      • Komodor
      • Kibana
      • LibreNMS
      • Linear
      • Loggly
      • Logstash
      • Logz.io
      • ManageEngine Application Manager
      • ManageEngine Opmanager
      • Mezmo (formerly LogDNA)
      • MongoDB Atlas / Cloud Manager
      • Nagios
      • New Relic
      • Nixstats
      • NodePing
      • Observium
      • Oh Dear
      • Oracle Cloud Infrastructure
      • OSNexus QuantaStor
      • OverOps
      • Papertrail
      • Pingdom
      • Plesk 360
      • Postman
      • Postmark
      • Powercode
      • Progress WhatsUp Gold
      • Prometheus
      • PRTG Network Monitor
      • Rapid7 InsightIDR
      • RapidSpike
      • Redash
      • Redgate SQL Monitor
      • Rollbar
      • Rundeck
      • Runscope
      • Salesforce Cloud
      • Scout APM
      • Sematext
      • Sensu Go
      • Sensu
      • Sentry.io
      • Server Density
      • ServerGuard24
      • ServiceNow Integration
      • Shortcut (Clubhouse)
      • SignalFx
      • SigNoz
      • Site24x7
      • Slack
      • SolarWinds AppOptics
      • SolarWinds Observability SaaS (SWO)
      • SolarWinds Observability Self Hosted
      • Sonar
      • Splunk
      • Sqreen
      • Stackdriver
      • Stackify Retrace
      • StatHat
      • StatusCake
      • ServiceDesk Plus OD
      • Sumo Logic
      • Sysdig Monitor
      • Threat Stack
      • Trello
      • Twilio
      • Uptime
      • Uptime Robot
      • Uptrends
      • Wavefront
      • Zabbix 5.0
      • Zabbix 6.2
      • Zabbix
      • Zendesk Integration
      • Zoho Desk
      • Zoho Desk via Zoho Flow
      • LogicMonitor
  • ChatOps
    • Google Chat
    • Microsoft Teams
    • Slack for Incident Management
      • Using the Integration
  • Single Sign-On (SSO)
    • AWS SSO
    • Azure Active Directory SSO
    • Google SSO
    • Microsoft ADFS SSO
    • Okta SSO Integration
    • SAML 2.0 based SSO
  • Mobile App
    • Using the Mobile App
  • Terraform & API Documentation
    • Terraform Provider
    • Public API - Refresh Token
    • API Documentation
    • Getting Started with Squadcast GraphQL
      • Schedules
        • Create Schedule
        • Update Schedule
        • Delete Schedule
        • Pause Schedule
        • Get Schedules
        • Get Schedule by ID
        • Resume Schedule
        • Clone Schedule
        • Get Gaps
      • Rotations
        • Create Rotation
        • Update Rotation
        • Delete Rotation
        • Get Rotation by ID
        • Get Rotation Events by ID
      • Overrides
        • Create Override
        • Update Override
        • Delete Override
        • Get Override by ID
      • Calendar URLs
      • Who is On-Call
    • Developer Portal
    • Incident Rate Limiting
  • Managing your Squadcast Account
    • Audit Logs
    • Organizations
    • Billing FAQs
    • Deactivate your Squadcast Account
    • Delete your Squadcast Account
Powered by GitBook
On this page
  • Prerequisites
  • Create Routing Rules
  • UI-based Rule Builder (Beginner-friendly)
  • Raw String Method
  • Supported Rules
  • FAQs

Was this helpful?

  1. Services

Alert Routing

Route alerts to the right responder(s) based on the tags they carry.

PreviousEvent TaggingNextAlert Suppression

Last updated 1 year ago

Was this helpful?

Alert Routing allows you to configure Routing Rules to ensure that alerts are routed to the right responder with the help of event tags attached to them.

Prerequisites

  • The User Role associated with the user in the Team must have required permissions to manage Services (ability to manage Routing Rules).

Important: Automation rule CRUD operations have a 5-minute caching delay before changes take effect.

Create Routing Rules

To configure Routing Rules:

  1. Navigate to Services -> Service Overview -> select or search for your desired service.

  2. On the extreme right, expand the accordion -> In the Automation section, View All.

  3. In the Routing Rules section, Add Routing Rules.

  4. You can add Routing Rules in three ways:

UI-based Rule Builder (Beginner-friendly)

(a) This box displays all the [event tags](https://support.squadcast.com/docs/event-tagging) defined for this Service, which can be used to define Routing Rules

(b) Select Add new rule

(c) Pick the event tag key and value pair that you are checking for in an incident using the drop-downs

(d) Add Conditions to make your rules more granular

You can create Routing Rules using the following conditions:

Operators
Condition

==

if the payload value is equal to the given value

!=

if the payload value is not equal to the given value

matches/contains

if the payload value matches (or contains) the given value

does not contain

if the payload value does not contain the given value

Note: All these operators are case-sensitive. If you want to make the rules case insensitive, then you have to do it with the regular expression method.

(e) You can route the incident containing the specific event tags to either a User, Squad or an Escalation Policy. Pick the same from the drop-down

(f) Click on Save

Default Service Escalation Policy Override

The Alert Routing Rules will take precedence (override) over the default Escalation Policy for the Service if any of the rules match (evaluate to True) an incoming incident.

Note: The search option under payload is not a free search, we have to search by JSON format, for example, type in payload.annotations to get annotations.

We also have an option for click-to-search, wherein you can click on the keys in the payload to get their required values.

Raw String Method

Note

Once you opt for the Raw String method, you cannot revert to the UI-based Rule Builder method for that rule.

(b) Select Add new rule

(c) Click on Edit to enable the Raw String method

How to make rules case-insensitive?

  1. Click Edit -> Proceed

  2. You will see the rule in the regular expression. Now you need to add the command lc (lower_case) before the individual parameters

Here is an example:

re(payload["subscription"]["type"], "Subscription")

The rule says if the payload["subscription"]["type"]contains the string "Subscription" in it then do some actions.

If you want to make the above rule case insensitive, you have to add the command lc before the individual parameters.

The case insensitive rule would look like this,

re(lc(payload["subscription"]["type"]), lc("Subscription")) or

re(lc(payload["subscription"]["type"]), "subscription")

(d) Write your custom Tagging Rule expression and select Route To accordingly

(e) Click on Save

Supported Rules

The rule engine supports expressions with parameters, arithmetic, logical, and string operations.

Basic Expressions

10 > 0, 1+2, 100/3

Parameterized Expressions

tags.severity == "high"

The available parameters are tags

  • tags: This parameter contains all the configured tags for a given Service.

Regular Expressions

re(tags.severity, "high.*")

This can be used to check if a particular tag field matches a regular expression.

Example

Below is the set of event tags defined for a Service (as shown in the right panel of the configuration space)

{
	"tags": [
		{
			"severity": "critical"
		},
		{
			"severity": "high"
		},
		{
			"severity": "low"
		}
	]
}

Use-case for Routing Rules

When:

  • severity is critical : Route to a Squad

  • severity is high : Route to an Escalation Policy

  • severity is low : Route to a User

Routing Rules are as follows:

  • tags.severity == "critical" route to a squad

  • tags.severity == "high" route to an escalation policy

  • tags.severity == "low" route to a user

FAQs

1. How do I know if an incident gets routed due to a Routing Rule?

In the Incident’s Activity Timeline the reason for routing, and to which entity it gets routed to, is displayed.

2. What kind of regex can be used to write custom rules?

3. Can I create OR rules?

Yes, you can. The evaluation between different Routing Rules is OR. Add multiple Routing Rules to enable OR evaluation.

4. While adding a Routing Rule, is the search string in the rule case sensitive?

Yes, that is correct. For example, if your search string is “ALERT” and your payload does not contain “ALERT” but contains “Alert”, this will not be matched. Your search string should be “Alert”.

5. Do Routing Rules have priority?

Yes, you can specify Execution Rule Priority for the rules defined by moving them Up or Down the list of rules.

6. I have configured multiple rules for a particular Service. Can I search through the configured rules to find the rule I am looking for?

Yes, that is doable. You will notice a Search option on the left top of the rules modal. You can type in a word you recall from the rule. Any matching results will yield a narrowed-down set of rules.

Ensure you have Tags for the Service.

(a) This box displays all the event tags for this Service

The rule engine supports expressions with parameters, arithmetic, logical, and string operations. You can also check out to get an idea of all the expression types accepted in Squadcast. Please do your regex against Golang flavor as shown in the screenshot below and then, set them up in Squadcast:

Have any questions? .

defined
defined
this
here
Ask the community
Add Routing Rules via UI-based rule builder
pick the event tag key and value pair for incident routing rules
route the incident containing the specific event tags to user squad or Escalation Policy
incident routing rules by raw string method in Squadcast
how to enable the incident routing rules by Raw String method in Squadcast
select custom Tagging Rule expression in incident routing rules in Squadcast
select custom Tagging Rule expression in incident routing rules in Squadcast
Move execution priority of Routing Rules in Squadcast
Search through configured Routing Rules in Squadcast