Severity Rules
Map alert conditions to incident severity levels. These rules run automatically when an incident is declared from an alert.
Tier-1 service down
Criticalservice.tier == 1 AND service.health == 'major_outage'Examples
auth-service unavailable in us-east-1
payments-api 5xx > 50%
Single region degraded
Highservice.health == 'degraded' AND affected_regions == 1Examples
checkout latency p99 > 2s in eu-west-1
API gateway errors in ap-south-1
Multi-region outage
Criticalservice.health IN ['partial_outage', 'major_outage'] AND affected_regions >= 2Examples
Auth down in us-east-1 and us-west-2
Payments unavailable globally
Performance regression
Mediump95_latency > baseline * 1.5 AND customer_impact == 'none'Examples
Web LCP regressed from 1.8s to 2.7s
API p99 +30% over baseline
Background job backlog
Mediumqueue_depth > 10000 AND customer_impact == 'delayed'Examples
Invoice queue > 14k pending
Webhook delivery backlog
Non-customer-impacting alert
Lowcustomer_impact == 'none' AND service.tier IN [3, 4]Examples
Internal tool degraded
Staging environment slow
Severity Reference
Quick guide to severity levels
Critical
Tier-1 down, multi-region, broad impact
High
Significant degradation, regional impact
Medium
Limited impact, performance regression
Low
Minor issue, no customer impact
Condition Syntax
Supported operators
==!=><>=<=INANDORNOT* (wildcard)baseline * NAvailable fields:
service.tier, service.health, affected_regions, customer_impact, p95_latency, queue_depth