OpsGenie’s Alert features can help you build and optimize your incident response orchestration and management systems and processes. You can integrate OpsGenie Alerts with monitoring systems, service management and ticketing solutions, collaboration tools, and other teaming tools. OpsGenie filters, categorizes, and enriches Alert content — in addition to combining related Alerts (into Incidents) and adding attachments, notes, and links — in order to maximize available information about incidents and minimize the time and trouble needed for you to evaluate Alerts and decide what to do about them. You can easily collaborate on Alerts and take action on them in a variety of channels, knowing that OpsGenie synchronizes your actions or performs custom actions that you can easily map.
OpsGenie gives you even more ways to see what is happening in your system — and to optimize your organization’s ability to quickly respond to events. Customizing OpsGenie Escalations, On-Call Scheduling, Rules, and Policies can enhance your incident response mechanisms and processes. Understanding the Alert Notifications flow can help you see the opportunities to continue refining your incident response processes. The diagram and descriptions below show you an overview of this flow, and the descriptions of each step contain links to more information about the process associated with that step.
The Alert Creation Flow flow precedes the Alert Notifications flow and determines whether — and when — the Alert Notifications flow begins. When the Alert Creation flow initiates the Alert Notifications flow, the Status of the Alert is Open.
a. Alert Creation Flow
During the Alert Creation flow, OpsGenie processes rules, policies, and other operations on incoming data from all sources (incoming Alerts) before the Alert Notifications flow begins.
i. Filtering and Suppressing Alerts
OpsGenie Integrations can filter incoming alerts and create Alerts or perform other actions (including ignoring incoming alerts) based on matches to configurable conditions. Other Integration rules and settings can suppress Alerts before the Notifications flow begins: no Notifications are sent, but users can access the Alert.
ii. Notification Policies
Notification Policies can delay the beginning of the Alert Notifications flow. OpsGenie checks incoming alerts from all sources during the Alert Creation flow and and can be figured to delay the Alert Notifications flow until a source has attempted to create an OpsGenie Alert with the same Alias (unique identifier for Alerts) a configurable number of times.
If incoming alerts from any source attempt to create a new OpsGenie Alert when there is already an open Alert with the same Alias, OpsGenie deduplicates the Alert. Deduplication increases an Alert’s Alert Count value by one, instead of creating another Alert. OpsGenie adds these events to the Alert’s Activity Log (to enhance tracking).
Although OpsGenie continues to deduplicate Alerts (as long as their state is Open), the Alert Count value and Activity Log stop showing deduplication activity after 100 occurrences.
b. Alert State
When an Alert is first created — manually or through an integrated tool — the Alert’s state is Open and Unacknowledged. Over the course of an Alert’s lifecycle, its state changes as a result of the operations of rules, policies, and user actions.
Whether OpsGenie sends an Alert Notification depends on the state of an Alert.
OpsGenie checks an Alert’s state during every step of the Alert Notifications flow. The Notification flow of any Alert ends if OpsGenie determines that an Alert is Closed — through actions of a user, an Auto-Close Policy, or an Integration Close Alert Rule.
When Alert content matches conditions of an Auto-Close Policy, an Auto-Close event is triggered. When the time set for an Auto-Close event arrives, OpsGenie automatically closes the Alert.
If you set an Auto Restart Notification Policy, the current Notification flow is discarded and restarted (regardless of the current Recipient or Escalation states) following a policy-specified time after an Alert’s creation — as long as the alert is not Closed. So, an Open Alert moves on to Step 3, regardless of its current state.
The following policies are also re-triggered and their time states are refreshed:
- Auto Close
- Notification Policies with Delay or Suppress options
What happens to Alerts next depends on whether immediate Alert Recipients or Teams are identified in the Alert.
- If only immediate/individual Recipients or both individual Recipients and Teams are specified in Alert content (4), they are added to the Alert Notification (8).
- If only Teams (no immediate Recipients) are specified in Alert content (5), then what happens next depends on whether that team has a matching Routing Rule (6).
- If there is no matching Routing Rule, then no Notification is sent (Team members can still view and access the Alert).
- If there is a matching Routing Rule, then the first matching Routing Rule routes the Alert Notification according to the Team’s Escalation or On-Call Schedule -- or to no one: Team members can still view and access the Alert (but no Notification is sent). (7)
Routing Rules are not triggered if even one individual Recipient is specified in an Alert. The Alert Notifications flow moves on to (11) (if an organization’s OpsGenie plan includes Policies) or to (15) (if the plan does not include Policies).
If an Escalation is triggered (no matter when the Escalation was added to the Recipients field), OpsGenie starts processing Escalation Rules (9) to see whether to add new Recipients to an Alert Notification. OpsGenie checks these rules against Alert states.
- If an Escalation Rule notifies Recipients only about Alerts that have not been Acknowledged (or that have been Unacknowledged), OpsGenie only adds new Recipients to an Alert Notification if the Alert is both Open and Unacknowledged (“if not acked”).
- If the Escalation Rule notifies Recipients only when the Alert is not Closed, target Recipients are added to the Alert if the alert is Open -- even if the Alert has been Acknowledged.
If an Escalation Rule adds any Teams as new Recipients, the Notifications flow starts for the added Team Recipients at Step 6. If it adds any Individual Recipients, the Notifications flow begins for these new Recipients at Step 8 — whether these Recipients are single users, other members of a team, or members of an on-call schedule.
Some OpsGenie plans let an organization’s Administrative users apply different operations to Alert Notifications by means of Notification Policies. If an organization’s plan does not include Notification Policies, then the Notifications flow continues at (15). If an Alert’s content matches a Notification Policy’s conditions, however, OpsGenie processes Notification Policies (11).
Users set Notification Rules (related to how Alert Notifications are delivered to them) on the Notifications tabs of their own Profiles. OpsGenie processes Recipient Notifications settings in (17).
Were Notifications Suppressed (12)?
If a Notification Policy suppresses an Alert Notification, OpsGenie does not notify any of the Alert’s Recipients, although users can still access and take action on suppressed Alerts.
Integrations can suppress Alerts during the Alert Creation flow. The Alerts Notifications flow does not begin when an Integration suppresses an Alert during the Alert Creation flow.
Were Notifications Delayed (13)?
If a matching Notification Policy delays Notifications, a delay event is triggered. When the time set for the delay ends (14), the flow continues.
Notification Policies can also delay Alerts during the Alert Creation flow. When Alerts are delayed during the Alert Creation flow, then an Alert is not created — and the Alert Notifications flow does not begin — until a source has repeatedly attempted to create an OpsGenie Alert with the same Alias (a configurable number of times).
Before OpsGenie sends Notifications, it checks to make sure that Recipients are ready.
A Recipient is ready:
- Whenever the Recipient was added -- as long as no matching Policy adds a delay.
- Whenever the Recipient was added plus any delay time -- if a matching Policy adds a delay.
OpsGenie then checks the state of Alerts, one more time:
Recipient(s) are not notified.
Open and Acknowledged
Recipients are no longer notified, except if an Escalation has a Rule that requires notifications as long as an Alert is not Closed.
If user action Unacknowledges an Alert, the Alert Notifications flow restarts at Step 1.
Open and Unacknowledged
Recipients who have not seen Alert Details are notified: if a Recipient displayed Alert Details (in OpsGenie or any communication channels), then that Recipient is not notified.
- Recipients who have viewed Alert Details may still receive Notifications for Delayed, Snoozed, or Suppressed Alerts.
- OpsGenie still sends Notifications to Recipients who received an Alert because of an Escalation — but who viewed the Alert Details before the Escalation Notification.
- If user action Unacknowledges an Alert, the Alert Notifications flow restarts at Step 1.
On the Notifications tabs of their Profiles, users can set Notification Rules that determine how OpsGenie delivers Alert Notifications to them. OpsGenie processes these user Notification Settings according to the following priorities:
Between Steps 3 and 7
New Alert Notification Rules
In Alert content (when Alert was created)
New Alert Notification Rules
As a result of a Snooze or Unacknowledge action
New Alert Notification Rules
When a User or Team added to an existing Alert:
New Alert Notification Rules
As a result of other Alert actions:
Acknowledge action > Acknowledged Alert Rules
Close action > Closed Alert Rules
Assign action > Assigned Alert Rules
Add Note action > Add Note Rules
As a result of other User action:
New Alert Notification Rules
If a Recipient has set Forwarding Rules, OpsGenie forwards the Alert Notification to the new Recipient for a set time frame: the Notifications flow ends for the original, replacing the previous Recipient and adding the substituted Recipient in the flow before Step 15. Even after the period for the forwarding rule expires, the previous Recipient will no longer receive updates for that Alert Notification.
OpsGenie can only send an Alert Notification if a user has enabled a Contact Method for a matching Notification Rule on the Notification Settings tab in their Profile. If there is no matching Notification Rule or if no Contact Method is enabled for the matching Notification Rule, then OpsGenie will not send an Alert.
OpsGenie sends the Alert Notification to one or more Recipients according to the Contact Method selected by each user.
Some user actions interrupt or change the Alert Notifications flow. For example:
If a team member assigns an Unacknowledged Alert to a user, then the Alert Notifications flow continues for all users being notified: there is no effect on the flow, except that the newly-assigned user receives an Assigned Notification -- if s/he has enabled a matching Notification Rule.
If a team member Acknowledges an Alert (before assigning it), however, the existing Alert Notification flow stops for the rest of the team and starts for the newly-assigned user.