Alert Rules#
Alert Rules are your automated watchdog for cloud infrastructure. Each rule monitors a metric or log query on a repeating schedule and fires a notification when the result crosses a configurable condition. Once the condition is no longer met, the rule automatically resolves and sends a resolution notification.
Navigate: left navigation → Monitoring → Alert Rules.
How alert rules work#
On each evaluation interval, Welkin runs the rule’s query against the selected connections
The result is reduced to a single numeric value according to the evaluation target (Last Value, Average, or Row Count)
The value is compared against the threshold condition (e.g.
CPU Average > 90)If the condition is met → rule transitions to Firing and notifications are sent
When the condition is no longer met → rule transitions to OK and a resolution notification is sent
State transitions are recorded in the alert history, queryable per rule.
Alert states#
State |
Meaning |
|---|---|
Unknown |
Rule has never been evaluated |
OK |
Last evaluation did not meet the condition |
Firing |
Condition is met — alert is active |
No Data |
Query returned no data (e.g. resource doesn’t exist yet) |
Error |
Query or evaluation failed (check rule configuration and connection status) |
Creating an alert rule#
Navigate to Monitoring → Alert Rules
Click “+ New rule”
Fill in the rule form:
Basic settings#
Field |
Description |
|---|---|
Name |
Required, max 64 characters |
Description |
Optional, max 200 characters |
Connections |
One or more cloud connections to query (required) |
Evaluation interval |
How often to run the query (minimum: 1 minute) |
Query#
Select the query type and configure the query definition — same options as a Monitoring Dashboard widget:
Query type |
Provider |
|---|---|
Azure Metrics |
Azure |
Azure Log Analytics |
Azure |
Azure Alerts |
Azure |
AWS CloudWatch Metrics |
AWS |
AWS Logs Insights |
AWS |
GCP Cloud Monitoring Metrics |
GCP |
GCP Alert Policies |
GCP |
Tip
You can create an alert rule directly from a dashboard widget using the “Create Alert” button in the widget context menu. The query configuration is pre-filled from the widget.
Condition#
Field |
Description |
|---|---|
Evaluation target |
What to compare: |
Operator |
|
Threshold |
Numeric value to compare against (not required for |
Evaluation window |
Time window in minutes used to fetch data for the evaluation |
Any Result fires whenever the query returns at least one active result (e.g. any active cloud alert, any log entry matching a filter). It resolves automatically when no active results are found.
Notifications#
Setting |
Description |
|---|---|
In-app notification |
Show a notification inside Reply CMP when the rule fires or resolves (on by default) |
Email notification |
Send an email to the configured recipients |
Email recipients |
Comma-separated list of email addresses (only shown when email is enabled) |
Notification channels |
One or more registered Webhook or Teams channels to notify on fire and resolve |
Tip
Manage your Webhook and Teams endpoints in Administration → Notification Channels before attaching them to rules. See Notification Channels for the setup guide.
A 30-minute per-rule cooldown prevents repeated deliveries when the condition stays firing. Spurious Unknown → OK transitions at rule creation do not generate a resolved notification.
Managing alert rules#
Enable / disable#
Toggle the Enabled switch on the rule list or detail page to pause and resume evaluation without deleting the rule.
Evaluate now#
Use the “Evaluate now” button on the rule detail page to trigger an immediate evaluation outside the normal schedule. Useful for testing a new rule or verifying a fix.
Edit / delete#
Rules can be edited at any time. Deleting a rule removes it permanently, including its history.
Attention
Deleting a rule cannot be undone. Export the rule configuration before deleting if you want to recreate it later.
Alert history#
Every state transition (Firing, Resolved, Error) is recorded in the rule’s history log (last 50 events). The history shows:
Timestamp of the transition
Old state → new state
Evaluated value at the time of the transition
Evaluation message
Navigate to a rule → “History” tab.
Quota#
Each tenant can have up to 50 alert rules. Contact your administrator if you need to increase the limit.
Notifications#
Email#
When an alert fires or resolves, Welkin sends an email to all configured recipients that includes:
Alert name and current state (FIRED / RESOLVED)
Evaluated metric value
Human-readable condition summary
Timestamp (UTC)
Suggested next steps based on the condition type
Emails are sent from the Reply CMP notification service. The sender address is configured at platform level — check with your administrator if emails are not arriving.
Webhook and Teams#
Attach one or more registered Webhooks (Administration → Webhooks) to a rule to receive HTTP POST notifications on fire and resolve events. Microsoft Teams endpoints are supported as a channel type — the notification is delivered as a MessageCard.
For setup and management of webhook endpoints, see Webhooks.
Troubleshooting#
For troubleshooting guidance — error states, missing data, and notification issues — see Troubleshooting → Monitoring Errors.