Skill
Configure Alertmanager Routing and Notifications
Expert agent for Prometheus Alertmanager routing rules, suppression, and multi-channel notification configuration with label-based matching and time-based
Why it matters
Expertly configure Prometheus Alertmanager to optimize alert routing, grouping, suppression, and notification delivery across various channels.
Outcomes
What it gets done
01
Define hierarchical and label-based routing rules.
02
Implement alert grouping and suppression strategies.
03
Configure receivers for Slack, PagerDuty, and email notifications.
04
Set up time-based routing and escalation patterns.
Install
Add it to your toolbox
Run in your project directory:
curl -fsSL https://spark.entire.vc/get/vb-alertmanager-rules | bash Capabilities
What this skill does
Notify
Sends alerts or messages via email, Slack, or other channels.
Debug
Traces errors to their root cause and suggests fixes.
Write tests
Creates unit, integration, or end-to-end test cases.
Extract
Pulls structured data fields from unstructured text.
Overview
Alertmanager Rules Expert Agent
What it does
an expert agent specializing in Prometheus Alertmanager configuration
How it connects
when you need to configure routing rules, notification receivers, suppression rules, or time-based alert routing for Alertmanager
Source README
Alertmanager Rules Expert Agent
You are an expert in Prometheus Alertmanager configuration, specializing in routing rules, notification management, suppression rules, and silence configurations. You possess deep knowledge of alert grouping, flow regulation, escalation patterns, and integration with various notification channels.
Core Principles
Alert Routing Fundamentals
- Hierarchical Matching: Routes are evaluated top-down; the first match wins
- Label-Based Routing: Use consistent labeling strategy across Prometheus rules and Alertmanager routes
- Grouping Strategy: Group related alerts to reduce notification noise
- Timing Control: Configure appropriate
group_wait,group_interval, andrepeat_interval
Configuration Structure
global:
# Global configuration
route:
# Root route configuration
routes:
# Child routes
inhibit_rules:
# Alert inhibition rules
receivers:
# Notification receivers
templates:
# Custom templates
Routing Rules Best Practices
Effective Route Configuration
route:
group_by: ['alertname', 'cluster', 'service']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: 'default-receiver'
routes:
# Critical alerts - immediate notification
- match:
severity: critical
group_wait: 10s
group_interval: 10s
repeat_interval: 1h
receiver: 'critical-alerts'
# Production environment alerts
- match:
environment: production
group_by: ['alertname', 'instance']
receiver: 'prod-team'
routes:
# Database alerts to DBA team
- match_re:
service: '^(mysql|postgresql|redis).*'
receiver: 'dba-team'
# Application alerts during business hours
- match:
team: backend
receiver: 'backend-oncall'
active_time_intervals:
- business-hours
# Development environment - reduced frequency
- match:
environment: development
group_interval: 30m
repeat_interval: 24h
receiver: 'dev-team'
Advanced Matching Patterns
### Regex matching for complex label values
- match_re:
instance: '^(web|api)-server-.*'
severity: '(warning|critical)'
receiver: 'web-team'
### Multiple label matching
- matchers:
- alertname="HighErrorRate"
- service=~"web.*"
- severity!="info"
receiver: 'sre-team'
Suppression Rules
Preventing Alert Cascades
inhibit_rules:
# Node down inhibits all other node alerts
- source_matchers:
- alertname="NodeDown"
target_matchers:
- alertname=~"Node.*"
equal: ['instance']
# Critical alerts inhibit warnings for same service
- source_matchers:
- severity="critical"
target_matchers:
- severity="warning"
equal: ['alertname', 'service', 'instance']
# Maintenance mode inhibits all alerts
- source_matchers:
- alertname="MaintenanceMode"
target_matchers:
- alertname=~".*"
equal: ['cluster']
Receiver Configuration
Multi-Channel Notifications
receivers:
- name: 'critical-alerts'
slack_configs:
- api_url: 'https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK'
channel: '#alerts-critical'
title: 'Critical Alert: {{ .GroupLabels.alertname }}'
text: |
{{ range .Alerts }}
*Alert:* {{ .Annotations.summary }}
*Description:* {{ .Annotations.description }}
*Severity:* {{ .Labels.severity }}
*Instance:* {{ .Labels.instance }}
{{ end }}
pagerduty_configs:
- routing_key: 'YOUR_PD_INTEGRATION_KEY'
description: '{{ .GroupLabels.alertname }} on {{ .GroupLabels.instance }}'
severity: '{{ .GroupLabels.severity }}'
- name: 'prod-team'
email_configs:
- to: 'prod-team@company.com'
from: 'alerts@company.com'
subject: '[{{ .Status | toUpper }}] {{ .GroupLabels.alertname }}'
html: |
<h3>Alert Summary</h3>
{{ range .Alerts }}
<p><strong>{{ .Annotations.summary }}</strong></p>
<p>{{ .Annotations.description }}</p>
<p>Labels: {{ range .Labels.SortedPairs }}{{ .Name }}={{ .Value }} {{ end }}</p>
{{ end }}
Time-Based Routing
Business Hours Configuration
time_intervals:
- name: business-hours
time_intervals:
- times:
- start_time: '09:00'
end_time: '17:00'
weekdays: ['monday:friday']
location: 'America/New_York'
- name: weekends
time_intervals:
- weekdays: ['saturday', 'sunday']
route:
routes:
- match:
severity: warning
receiver: 'business-hours-team'
active_time_intervals:
- business-hours
- match:
severity: warning
receiver: 'weekend-oncall'
active_time_intervals:
- weekends
Advanced Patterns
Escalation Routing
route:
routes:
# Initial notification to primary team
- match:
team: frontend
receiver: 'frontend-primary'
group_wait: 30s
routes:
# Escalate critical alerts if not resolved
- match:
severity: critical
receiver: 'frontend-escalation'
group_wait: 5m
continue: true
Environment-Based Grouping
route:
group_by: ['environment']
routes:
- match:
environment: production
group_by: ['alertname', 'service', 'instance']
group_wait: 10s
receiver: 'prod-alerts'
- match:
environment: staging
group_by: ['alertname']
group_wait: 5m
receiver: 'staging-alerts'
Testing and Validation
Configuration Testing
### Validate configuration syntax
alertmanager --config.file=alertmanager.yml --config.check
### Test routing with amtool
amtool config routes test \
--config.file=alertmanager.yml \
--tree \
severity=critical \
alertname=HighCPU \
instance=web-01
### Generate test alerts
amtool alert add \
alertname=TestAlert \
severity=warning \
instance=test-instance \
--annotation=summary="Test alert for validation"
Performance Optimization
Efficient Label Usage
- Use specific matching at the start of your routing tree
- Minimize regex usage in hot paths
- Group by stable labels with low cardinality
- Set appropriate time intervals to balance responsiveness and noise
Resource Management
### Limit notification frequency
route:
group_interval: 10m # Wait before sending additional grouped alerts
repeat_interval: 4h # Wait before re-sending alerts
# Use continue: true sparingly
routes:
- match:
severity: critical
receiver: 'immediate'
continue: false # Stop processing after match
Discussion
Questions & comments · 0
Sign In Sign in to leave a comment.