Severity Rules

Severity Rules

Map alert conditions to incident severity levels. These rules run automatically when an incident is declared from an alert.

Tier-1 service down

Critical
service.tier == 1 AND service.health == 'major_outage'
Examples
auth-service unavailable in us-east-1
payments-api 5xx > 50%

Single region degraded

High
service.health == 'degraded' AND affected_regions == 1
Examples
checkout latency p99 > 2s in eu-west-1
API gateway errors in ap-south-1

Multi-region outage

Critical
service.health IN ['partial_outage', 'major_outage'] AND affected_regions >= 2
Examples
Auth down in us-east-1 and us-west-2
Payments unavailable globally

Performance regression

Medium
p95_latency > baseline * 1.5 AND customer_impact == 'none'
Examples
Web LCP regressed from 1.8s to 2.7s
API p99 +30% over baseline

Background job backlog

Medium
queue_depth > 10000 AND customer_impact == 'delayed'
Examples
Invoice queue > 14k pending
Webhook delivery backlog

Non-customer-impacting alert

Low
customer_impact == 'none' AND service.tier IN [3, 4]
Examples
Internal tool degraded
Staging environment slow

Severity Reference

Quick guide to severity levels

Critical
Tier-1 down, multi-region, broad impact
High
Significant degradation, regional impact
Medium
Limited impact, performance regression
Low
Minor issue, no customer impact

Condition Syntax

Supported operators

==
!=
>
<
>=
<=
IN
AND
OR
NOT
* (wildcard)
baseline * N
Available fields: service.tier, service.health, affected_regions, customer_impact, p95_latency, queue_depth

Command Palette

Search for a command to run...