Alerting on SLOs - Overview
When an incident is triggered, Nobl9 enables you to send an alert to a notification engine or tool (for example, PagerDuty). Nobl9 also supports integration with a web endpoint by using webhooks where you define the endpoint and parameters to pass.
Alerting on SLOs allows you to react immediately to incidents that matter from the perspective of the user experience of your Service (e.g., in terms of latency, errors, correctness, and other SLO-related concepts). Alerts improve the control of whatβs going on in your system and enable you to do better-contributing factor analysis when something goes wrong.
Here are important things to keep in mind while setting up your Alerts:
Both, our attention and energy are limited resources. SLO Alerts must correspond to real and urgent issues of your system.
Keep in mind that to improve your monitoring, these Alerts have to be intentional (i.e., well-defined) and need to evolve together with your system.
With Nobl9 system annotations feature, you can see an annotation added to the SLO Objective charts by default each time an alert is triggered or resolved (they are displayed regardless of whether an Alert Policy is silenced). For more detailed information, refer to the SLO Annotations documentation.
Since January 31, 2023, Nobl9 no longer supports Lightstep Incident Response as an alert method.
Alert Policy & Alert Method Lifecycleβ
Cooldown periodβ
You can configure Cooldown period for your Alert Policies. Follow YAML Guide to see how to set up the cooldown period through YAML.
What is a Cooldown Period?β
Cooldown period was designed to prevent from sending too many alerts. It is an interval measured from the last time stamp when all Alert Policy conditions were satisfied. Each SLO's objective triggers its own alerts and keeps its own cooldown period.
Assumptions:
When cooldown conditions are satisfied (i.e., no Alert events are triggered during its defined duration), an Alert event is resolved.
New Alert is triggered unless the cooldown period is satisfied.
The cooldown period may not be satisfied at a given time and wonβt trigger any alerts. However, if, over time, all the alert conditions are satisfied again, the cooldown period is then reset and will be calculated from the time when any of the conditions stopped to be satisfied.
The diagram below shows a simplified lifecycle of an Alert Policy with a defined cooldown period:
Check out the Alerting - Use Case in SLOcademy for more complex Alerting example.
Configuring Cooldown Period in the UIβ
Refer to Getting Started guide for details.
Alert Policy Statusesβ
When an alert policy is in Triggered state, no other new alert can be triggered unless the alert is resolved or canceled.
Alert Policy statuses adhere to the following criteria:
An alert is resolved when any of the conditions stopped to be true AND the cooldown period expired from that time.
An alert is canceled when Alert policy configuration has changed OR a new calendar window has started for the calendar aligned time window SLOs.
When an Alert event assumes the resolved status within the duration of AlertSilence, Nobl9 will send you an all-clear notification. For more details, see Silencing Alerts | Nobl9 Documentation.
Displaying Triggered Alerts in the UIβ
If any of your SLOs fires Alerts, Nobl9 will display this information on the main pane of the Service Health Dashboard, next to the SLO name in the SLO Grid view, and in the SLO Grid view tree:
Retrieving Triggered Alerts in sloctlβ
Using sloctl, you can retrieve information when an alert stopped to be valid. To do so, run the following command in sloctl:
sloctl get alerts
For more details on the sloctl get alerts command, check sloctl User guide.
- unresolved Alert
- resolved Alert
Here's an example of a triggered Alert that hasn't been resolved yet:
apiVersion: n9/v1alpha
kind: Alert
metadata:
name: 6fbc76bc-ff8a-40a2-8ac6-65d7d7a2686e
project: alerting-test
spec:
alertPolicy:
name: burn-rate-is-4x-immediately
project: alerting-test
service:
name: triggering-alerts-service
project: alerting-test
severity: Medium
slo:
name: prometheus-rolling-timeslices-threshold
project: alerting-test
status: Triggered
thresholdValue: 950
triggeredClockTime: "2022-01-16T00:28:05Z"
Here's an example of a resolved Alert:
apiVersion: n9/v1alpha
kind: Alert
metadata:
name: 6fbc76bc-ff8a-40a2-8ac6-65d7d7a2686e
project: alerting-test
spec:
alertPolicy:
name: burn-rate-is-4x-immediately
project: alerting-test
resolvedClockTime: "2022-01-18T12:59:07Z"
service:
name: triggering-alerts-service
project: alerting-test
severity: Medium
slo:
name: prometheus-rolling-timeslices-ratio
project: alerting-test
status: Resolved
thresholdValue: 1
triggeredClockTime: "2022-01-18T12:53:09Z"
Alerts Listβ
Alerts List on the SLO Grid view allows you to view Alert events related to your SLO. You can access the Alerts by accessing the SLO Details view and clicking the Alerts tab at the top:
Nobl9 limits displaying Alerts to 1000 most recent Alert events. You can use filters to narrow down the results. You can filter by:
- Alert statuses:
triggered,resolved - SLO objective names
- Alert Policy name
Keep in mind that the filters are linked by the AND logical operator.
In rare situations, Nobl9 won't return some Alerts. This might happen because:
- Nobl9 returns Alerts for existing objects only (Alert Policies, SLOs, Services, and Objectives).
- If you delete any objects, Nobl9 won't return Alerts for them in the Alerts list.
- If you delete an SLO/AlertPolicy/Service and recreate it with the same name, Nobl9 won't return results for it.
- If you unlink an Alert Policy from an SLO, Nobl9 won't return Alerts for it.
Alerts List and RBACβ
Nobl9 returns alerts triggered in given project only (alert project is the same as the SLO project). If you don't have permission to view SLO in a given project, you won't see these Alerts.
You can also use the sloctl get alerts command to get up to 1000 most recent Alert events and filter the results using flags.
Labels and Alert Methodsβ
Adding Labels to Alert Methodsβ
Users can add one or more labels to an alert policy, which will be sent along with the alert notification when the policyβs conditions are met.
Other Relevant Resourcesβ
For useful tips on how to get started with your first Alert check Your First Alert Policy! Also see our Tips and Tricks.
If you describe infrastructure as code, you might also consider defining the Alert Methods with the same convention. You can find more details in our Terraform documentation.