Alert Quality

Alert Quality is the categorization of alerts by applying concrete rules to check for defined attributes contributing to actionability.

High Quality - alerts meet criteria for high actionability by support teams, meaning that technical, business context data and resolution steps are included.

  • Ownership and routing to the assignment group who should respond
  • Business impact of the alert to the business, which can be priority level, application tiers, etc.
  • Runbooks and URLs on how the alert should be resolved
  • Dependency to understand which services and applications are impacted
  • Enrichment

For an alert to be high-quality, it must include ownership and routing information, business impact and either runbooks, dependency or enrichment context.

Medium Quality - alerts indicate the minimum level of information and context within alerts to support operator action, while lacking some valuable elements such as business context, dependencies or resolution steps. For an alert to be considered medium quality, it must include both:

  • The configuration item (CI)
  • Symptom of the problem (Check).

Low Quality - alerts are either misconfigured or lack meaningful information required to support any action by the response team. They present overhead without value.

For more information, see the Unified Analytics Key Metrics documentation.