Name the alert and define the alert rule

In this milestone, you configure the essential components of your alert rule: the name and the query conditions that determine when the alert fires.

A well-named alert rule with clear conditions helps your team quickly understand the purpose and scope of the alert. The alert rule name appears in notifications and alert lists, making descriptive naming crucial for effective incident response.

To name your alert and define the alert rule conditions, complete the following steps:

1. In the Alert rule name field, enter a descriptive name.

   For example, enter High error rate in application logs.

2. Review the query that was imported from your dashboard panel in the Query section.

3. Modify the query if needed to optimize it for alerting purposes:

   For example, you might want to:

   • Adjust the time range to match your monitoring requirements
   • Add rate functions for error counting: rate({job="webapp"}[5m])
   • Use pattern matching for specific errors: {job="webapp"} |= "ERROR"
   • Apply aggregation functions for volume monitoring: sum(rate({job="webapp"}[5m]))

4. In the Alert condition section, set the threshold that triggers the alert.

   For example, to configure an alert to fire when the error rate exceeds 10%, select Count in the When field and set the condition to IS ABOVE 0.1.

5. Click Preview alert rule condition to test your query and condition with recent data.

The following image shows you how often the High error rate in application logs alert would have triggered based on historical data, helping to validate that the thresholds are appropriate.

In the next milestone, you learn how to add the alert rule to a folder and add labels.