How are alerts delivered?
LogicMonitor enables you to route alert notifications to different teams within your organization, so that the right people are notified when an issue occurs. Alert notifications can be delivered via email, text message, or even a voice call. If a recipient is unable to deal with or respond to the alert, the alert is automatically sent to the next person in the escalation chain – this process repeats until the alert is acknowledged or cleared.
There are two main components of Alert Routing:
Alert rules are used to tell LogicMonitor which escalation chain to route alert notifications to when an alert triggers. When an alert is triggered, the system checks through your alert rules one by one, starting with the the rule with the lowest number priority, until a rule matches the triggered alert. When a rule matches a triggered alert, processing stops and notifications are routed to the stages of the specified escalation chain according to the escalation interval. Specifically, a notification will be first sent to all recipients in the first stage of an escalation chain, and if the alert is not acknowledged within 15 minutes, notifications will be sent to the recipients in the second stage of the escalation chain. Alert notifications will be routed according to this process until the alert is acknowledged or clears. If an alert doesn't match any alert rules, it will not be routed.
For more detailed information about alert rules and best practices for configuring alert rules in your account, we recommend you read this help doc.
Escalation chains are made up of one or more stages, where each stage includes a list of contacts the alert will be sent to. Later stages are only contacted if the alert is still in effect, and the prior stages have not acknowledged or suppressed the alert.
For more detailed information about escalation chains and best practices for setting up escalation chains in your account, we recommend that you read this help doc.
Strategy: Alert Routing
As best practice, we recommend that you route reactive alerts to people within your infrastructure who are capable of resolving the problem, and that you periodically review proactive alerts in LogicMonitor reports. Reactive alerts are alerts that indicate that something is already broken, and that action is required immediately. Proactive alerts, on the other hand, indicate that something may go wrong in the future, but you have some time to resolve the problem. By default, LogicMonitor critical alerts are intended to be reactive alerts and LogicMonitor warning alerts are intended to be proactive alerts, but how you classify alerts really depends on how you've configured your alert thresholds.
Viewing proactive alerts, such as warning alerts, in reports, can greatly reduce the number of alerts you are being notified for. Reports can show you where your noise is coming from, and help you figure out if there are alerts that you actually do want to route to email or SMS messages. Additionally, some types of alerts tend to be more useful when viewed in a report format (rather than received in individual emails) because they can be reviewed next to other alerts from the same time-frame, which allows you to detect network trends or even relationships between events.