keep
keep copied to clipboard
keephq
[➕ Feature]: Configurable Alert Deduplication
After examining some "alerts", it seems like alert de duplication mechanism can be a lot better and when we consider new alert to be when some value changes, it actually speaks about same alert that could've been deduplicated.
- User should be able to configure attributes to exclude per installed/linked provider.
- Keep should consider most non-alert related attributes to be deduplicated and only log the change. If this is some incoming alert:
{
"name": "Some very important alert",
"status": "firing",
"severity": "low",
"value": "5",
"environment": "prod",
"service": "api",
"source": [
"grafana"
]
}
and then there's another incoming alert (value changed to 6)
{
"name": "Some very important alert",
"status": "firing",
"severity": "low",
"value": "6",
"environment": "prod",
"service": "api",
"source": [
"grafana"
]
}
we consider them as 2 alerts, while only value changed.
thought: maybe we should define the important attributes of an alert and only consider those for deduplication (instead of looking at all attributes today)
This needs to be better defined but could ease a lot of stuff in Keep!
The backend side of this is already implemented, we just need some UX and/or opinionated default configuration
