Skip to main content

Overview

This page covers advanced alert rule configuration beyond basic threshold alerts — including compound multi-condition rules, silencing active alerts during maintenance windows, inhibition rules that suppress lower-severity alerts when a critical one is already firing, and escalation policies.
Prerequisites

Compound Alert Rules

Combine multiple conditions in a single rule using AND/OR logic:
Navigate to Monitoring → Alerting → Alert Rules → New Alert Rule and click Advanced Mode.In Advanced Mode, add multiple conditions:
FieldValue
Condition Axloud_compute_cpu_utilization > 85
OperatorAND
Condition Bxloud_compute_memory_free_pct < 15
This rule fires only when both CPU is above 85% AND available memory is below 15% — reducing false positives from transient CPU spikes.

Silencing Alerts

Silences temporarily suppress alert notifications during planned maintenance. The alert rule continues to evaluate — only notifications are suppressed.

Create a silence

Navigate to Monitoring → Alerting → Silences → New Silence.
FieldDescription
MatchersLabel selectors that match the alerts to silence (e.g., host=compute-node-03)
DurationHow long the silence is active (e.g., 2h)
CommentReason for the silence (required — links to change ticket)
CreatorYour username (auto-populated)

Verify silence is active

Navigate to Alerting → Silences. Active silences show their matcher, creator, and expiry time.
Any alerts matching the silence matchers show status Silenced instead of firing notifications.

Inhibition Rules

Inhibition rules suppress lower-severity alerts when a higher-severity alert is already active for the same source. This prevents alert storms during major incidents.
Example: Suppress warnings when critical is firing
inhibit_rules:
  - source_matchers:
      - severity="critical"
    target_matchers:
      - severity="warning"
    equal:
      - host
This rule suppresses all warning alerts for a host when a critical alert is already firing for that same host — reducing notification noise during a major outage. Configure inhibition rules via Monitoring → Administration → Inhibition Rules.

Escalation Policies

Configure multi-tier escalation for critical alerts:

Define escalation tiers

Navigate to Monitoring → Alerting → Escalation Policies → New Policy.
TierChannelDelayCondition
Tier 1PagerDuty on-callImmediateAlert fires
Tier 2Slack ops channel5 minutesNot acknowledged
Tier 3Page on-call manager15 minutesStill unacknowledged

Assign to alert rules

Open an existing alert rule and set the Escalation Policy field to the policy you created. The policy applies to all future alert events for that rule.
Create separate escalation policies for different severity levels — critical infrastructure alerts may warrant a 3-tier escalation while informational alerts can go to a single team Slack channel with no escalation.

GitOps-Based Rule Management

Manage alert rules as code for version-controlled, auditable configurations:
Export all current alert rules
ximp alert rule export --format yaml --output ./alert-rules/
Import rules from directory
ximp alert rule import --dir ./alert-rules/ --apply
Store rule files in your infrastructure repository and apply changes through your CI/CD pipeline. This enables peer review of alert rule changes and automatic rollback if a rule causes issues.

Next Steps

Metrics & Alerts

Basic alert rule creation for metric thresholds

XIMP Admin — Alert Channels

Configure the notification channels referenced by alert rules

Dashboards

Visualize metrics alongside alert thresholds

Troubleshooting

Diagnose alert rules that are not firing or delivering notifications