Alert escalation and routing
Documentationbreadcrumb arrow Grafana Cloudbreadcrumb arrow Alerts and IRMbreadcrumb arrow IRMbreadcrumb arrow Configurebreadcrumb arrow Alert escalation and routing
Grafana Cloud RSS

Alert escalation and routing

Grafana IRM’s alert escalation and routing capabilities help you direct alerts to the right teams and individuals at the right time. By configuring alert routes and escalation chains, you can automate your incident response workflow, minimize alert fatigue, and ensure critical issues receive immediate attention.

Before you begin

To configure alert escalation and routing in Grafana IRM, you need:

  • Access to Grafana IRM with Editor or Admin permissions
  • Understanding of your alert sources and their data structure
  • Familiarity with your team structure and escalation requirements
  • At least one configured integration to receive alerts

Integration-based routing configuration

In Grafana IRM, alert routing configuration is directly tied to integrations. Each integration has its own set of:

  • Alert templates that define how alerts from this integration are formatted
  • Routes that determine which escalation chain handles alerts from this integration
  • Alert grouping settings specific to this integration

This integration-centric approach allows you to tailor the routing configuration to each alert source’s specific needs and data structure.

Accessing routing configuration

To access and configure alert routing settings:

  1. Navigate to IRM > Integrations
  2. Select an existing integration or create a new one
  3. Within the integration settings, you’ll find tabs for:
    • Alert Templates: Configure how alerts are displayed and processed
    • Routes: Define which escalation chains handle different alerts
    • Settings: Manage alert grouping and other integration-specific options

How alert routing works in Grafana IRM

The alert escalation and routing process involves three key components that work together to process incoming alerts:

  1. Integration receives the alert and applies its configured templates
  2. Routes within that integration determine which escalation chain should handle the alert
  3. Escalation chains define the sequence of notification steps and actions to take

When an alert arrives in Grafana IRM:

  1. It comes in through a specific integration
  2. The configured alert templates are applied to format the alert data
  3. The alert is evaluated against the integration’s configured routes in order (first match wins)
  4. The matching route assigns the alert to a specific escalation chain
  5. The escalation chain executes its steps sequentially until the alert is acknowledged or resolved

Components of alert escalation and routing

Integrations

Integrations are the entry points for alerts into Grafana IRM. Each integration:

  • Has a unique configuration tailored to its alert source (Grafana, Prometheus, webhook, etc.)
  • Contains its own alert templates and routes
  • Can connect to different escalation chains based on alert content

Learn more about configuring integrations

Routes

Routes act as filters that evaluate incoming alerts and direct them to the appropriate escalation chain. Using Alert templates, you can create sophisticated routing rules based on any alert property. For example:

  • Send database-related alerts to the Database team’s escalation chain
  • Route high-severity alerts to an urgent notification chain
  • Direct specific service alerts to their dedicated response teams

The first route that matches an incoming alert will be used, so order your routes with the most specific rules first, followed by more general rules.

Routes are configured within each integration’s settings, allowing you to create specific routing rules for each alert source.

Learn more about configuring alert routes

Escalation chains

Escalation chains define what happens when an alert is triggered. Each chain contains a sequence of steps that execute in order, such as:

  • Notifying specific on-call schedules or individuals
  • Waiting for a defined period before proceeding to the next step
  • Escalating to additional responders if no response is received
  • Triggering webhooks to external systems
  • Automatically declaring incidents for critical situations

Escalation chains continue executing until someone acknowledges or resolves the alert, or until the chain completes all its steps.

Unlike templates and routes, escalation chains are configured globally and can be reused across different integrations.

Learn more about configuring escalation chains

Alert templates

Alert templates control how alert information is formatted and displayed across different notification channels. Using Jinja2 templating, you can customize:

  • How alerts appear in the web UI, Slack, email, and other channels
  • Which alert data is displayed in notifications
  • Alert grouping behavior
  • Auto-resolution and auto-acknowledgment conditions

Well-designed alert templates can significantly improve readability and provide responders with the context they need to address issues quickly.

Alert templates are specific to each integration, allowing you to optimize for different alert data structures from various sources.

Learn more about configuring alert templates

Configuration workflow example

A typical workflow for setting up alert routing:

  1. Create an integration for your alert source (Grafana, Prometheus, etc.)
  2. Configure alert templates within that integration to properly format alerts
  3. Create escalation chains that define notification steps
  4. Set up routes within the integration to direct alerts to the appropriate escalation chains
  5. Test the integration to ensure alerts are routed correctly