# Event Tagging {% embed url="" %} Event Tagging is a rule-based, auto-tagging system with which you can define customised tags based on incident payloads, that get automatically assigned to incidents when they are triggered. You can define tags as `key:value` pairs. For example, the `key` could be `severity` and the *possible values* could be `SEV0`, `SEV1`, `SEV2`, etc., or the `key` could be `Team` and the *possible values* could be `Backend`, `Frontend`, `Database`, etc. Event Tagging can be achieved by defining Tagging Rules for each Service in Squadcast. When these rules evaluate *true* for an incoming incident, the defined tag pairs are added to it. ## Prerequisites * The User Role associated with the user in the Team must have required permissions to manage Services (ability to manage Tagging Rules). * Integrate with an Alert Source and ensure that the Alert Source has started sending alerts to Squadcast before setting up Tagging Rules. {% hint style="warning" %} **Important:**\ Automation rule CRUD operations have a 5-minute caching delay before changes take effect. {% endhint %} ## Create Tagging Rules To create tagging rules: 1. Navigate to **Services** -> **Service Overview** -> select or search for your desired service. 2. In the extreme right, expand the accordion -> In Automation section, **View All** 3. In the Tagging Rules section, **Add Tagging Rules** 4. Select an **Alert Source** from the drop down -> **Add New Rule**

Event Tagging by alert source in Squadcast

6\. Tagging Rules can be added in three ways: ### **A.** UI-based Rule Builder (Beginner-friendly) a. On the right, you can view the *payload of the **latest** alert* for the chosen Alert Source b. The drop-downs in the Rule Builder contain values from the payload on the right. You can use them to easily create your Tagging Rules You can create Tagging Rules using the following conditions: | Operators | Condition | | ---------------- | ---------------------------------------------------------------- | | == | if the payload value is equal to the given value | | != | if the payload value is not equal to the given value | | matches/contains | if the payload value matches (***or** contains*) the given value | | does not contain | if the payload value does not contain the given value | {% hint style="warning" %} **Note**: All these operators are case-sensitive.\ \ If you want to make the rules *case insensitive*, then you have to do it with the regular expression method. {% endhint %}

Add Event Tagging via UI-based Rule Builder

c. You can add more than 1 condition for a rule by selecting **Add Condition** (a logical AND is performed between all the conditions -> the entire Tagging Rule will evaluate to `True` only if all the conditions evaluate to `True`) d. Map any `Key` and `Value` pair as a tag. Multiple tags can be defined for each rule. You can select different colours for each of your tags

Map a tag based on condition rule in Squadcast

{% hint style="warning" %} **Important** The key of the Tag label, "tag key" can only contain letters (both lowercase and uppercase) and numbers. Anything else will be ignored. {% endhint %} {% hint style="info" %} **Note**: The search option under payload is not a free search, we have to search by JSON format, for example, type in payload.annotations to get annotations. \ We also have an option for click-to search, wherein you can click on the keys in the payload to get their required values. {% endhint %} ### B. Raw String Method {% hint style="warning" %} **Important** Once you opt for the Raw String method for a rule, you cannot revert to the UI-based Rule Builder method. {% endhint %} a. On the right, you can view the payload of the latest alert for the chosen Alert Source b. Click on **Edit** to enable the Raw String method

c. Write your custom Tagging Rule expression. Below are some examples to help you get started: {% hint style="info" %} **How to make rules *****case-insensitive*****?**\\ 1. Click **Edit** -> **Proceed** 2. You will see the rule in the regular expression. Now you need to add the command lc (lower\_case) before the individual parameters **Here is an example**: `re(payload["subscription"]["type"], "Subscription")` The rule says if the payload\["subscription"]\["type"]contains the string "Subscription" in it then do some actions. If you want to make the above rule case insensitive, you have to add the command lc before the individual parameters. The case insensitive rule would look like this, `re(lc(payload["subscription"]["type"]), lc("Subscription")) or` `re(lc(payload["subscription"]["type"]), "subscription")` {% endhint %} ### Supported Rules The rule engine supports expressions with parameters, arithmetic, logical, and string operations. #### **Basic Expressions** `10 > 0`, `1+2`, `100/3` #### **Parameterized Expressions** `payload.metric == "disk"` The available parameters are `payload`: This parameter contains the JSON payload of an incident which will be the same as the JSON payload format for the future events for a particular alert source #### **Regular Expressions** `re(payload.metric, "disk.*")` {% hint style="warning" %} **Important** When there are multiple Tagging Rules created, every single Tagging Rule will be evaluated. All the tags of the matching rules will be attached to the incoming incident. If you have more than 1 rule with the same "key" value in "Tag Mapping", the "value" of the tag will be that of the last matching rule’s Tag Mapping.\ \ For example:\ If you have 2 Tagging Rules for a Service:\ \- Rule 1 with Tag Mapping Environment: QA\ \- Rule 2 with Tag Mapping Environment: QA-INTER\ Say, if your "match" condition string is “healthcheckstatus-QA-INTER-TESTING“, tag "Environment:QA-INTER" is created. If you interchange the order of Rule 1 and Rule 2, tag "Environment:QA" is created instead.\ \ Therefore, always ensure that you write your Tagging Rules in the correct order for desired behaviour or try and make them as specific as possible. {% endhint %} ### Available Predefined Commands The below commands can be used to create Tagging Rules. #### **Add tags to incidents directly from your payload** * If you already have tags being carried within your incident payload, you can add them as tags to your incidents as well without having to define *Tag Mappings* again * You can simply specify the values that need to be picked from the payload and added as tags to the incident (picked dynamically) rather than having to statically define these values as *Tag Mappings* A. `addTag` - Add one specific tag from the payload #### **General Format** `addTag( "", , "#")` * tag key: The key of the Tag label. Only letters and numbers are allowed. Anything else will be ignored * payload selector or string: You can choose to set a tag value from the payload or you can set any custom string as the tag value * color: You can set color as a valid HEX code. This is optional. If this parameter is omitted, the default color - #0F61DD will be used **Example** Below is an example payload for demonstration: ``` { "payload": { “message”: “Error rates higher than usual”, “description”: “HTTP Error rates for srv_90 is above 90 counts/hour”, "severity": “critical” } } ``` Add a tag with **key**: `severity` and its **value** picked dynamically from the `severity` parameter in the payload ``` addTag( "severity", payload.severity, "#037916") ``` This will add the tag `severity: critical` with color `#037916` to your incident. {% hint style="info" %} **Note** The "addTag" function always returns a "true" value. So, this can be chained with other logical operators to set multiple tags from the payload. {% endhint %} B. `addTags` - Add multiple tags from the payload #### **General Format** `addTags(