Group Incidents to Reduce Noise | All Quiet Payload Mapping Guide

[0:00:00] Hi there and thanks for joining. I'm Peer from All Quiet. Alert fatigue is a real problem for on-call teams.

[0:00:07] Sometimes one root cause such as a slow database can create multiple alerts that create a lot of noise. In this video, we're going to show you how to use our "Grouping" feature to merge multiple alerts into one incident and reduce noise.

[0:00:20] Let's look at our incident dashboard. We have two separate incidents - "High API Latency" and "Database Connection Timeout".

[0:00:34] If we look at the payloads or, respectively, the incident details, we can see that for both the "Cluster" is "Production-East". However, right now I'm still receiving two different notifications to my phone.

[0:00:49] And even though I know both incidents come from the same regional issue, they create unnecessary clutter. We now want to group them into one incident to reduce noise and stay focused.

[0:01:03] Now let's look at our payload mapping settings. On top of the page, you will find the payloads that created both incidents, both with "cluster_id" as "Production-East".

[0:01:19] We already mapped the "cluster_id" against the "Cluster" attribute. To activate grouping, we now have to find the "Grouped" column and activate "Grouped" for this specific attribute.

[0:01:33] Save your integration settings. You are now telling All Quiet to check the "cluster_id" or the "Cluster" attribute's value for every new payload.

[0:01:41] If an "Open" incident already has that same ID, All Quiet adds the payload to that incident instead of creating a new one.

[0:01:54] Now let's check what happens if we re-trigger these two incidents. First we're going to re-trigger the "High API Latency" incident and second the "Database Connection Timeout" issue.

[0:02:11] As you can see, there's only one incident that shows that there are two incidents grouped below.

[0:02:19] They are grouped via the "cluster_id" which we just selected in the grouping and you can still see all technical data from every payload inside the incident details for one incident and for the other one.

[0:02:34] Also, you can see that the severity is based on the highest sub-incident severity. Your team will only get alerted once, but you will still see all the information you will need.

[0:02:50] As you can see, the "Grouping" function can be very helpful to reduce noise if there are a lot of alerts for the same issue at the same time.

[0:03:01] But what if the "Production-East" cluster has another issue in about 2 hours and the old one hasn't been resolved yet? You do not want this new issue to be hidden inside this grouped incident because you will not receive any information and notification about the new issue.

[0:03:20] This is where our grouping interval function comes into play. You can activate it by going to the payload mapping settings of your integration and selecting the "Grouping Window" field on top of the payload mapping section.

[0:03:31] If you for example want to say you only want to group within 1 hour after the first alert, you can set the grouping window to 3,600 seconds.

[0:03:45] If a new payload with the same "cluster_id" arrives within this 1 hour, All Quiet will group it. If it arrives after that window, All Quiet creates a new incident.

[0:03:57] This ensures you see new issues by stopping the storm of redundant alerts.

[0:04:02] Grouping All Quiet incidents helps you stop managing notifications and start resolving issues. Thank you so much for watching.

[0:04:08] As always, make sure to check out our other videos or see our other guidelines and documentation at docs.allquiet.app. Thank you.