This closely relates to a previous thread, with the main difference being greater access to managing the global ruleset, 6 months onwards. I’ve attached a diagram below to better visualise this feature request.
Since we have various sources of alerting, the payload from Events API is fairly distinct from each other, e.g.,
result.account will have the same value as
payload.source, and so on for priority, owner, type, etc. Currently, we have to specify a separate rule for each of the possible combinations of properties from each source, which leads to ruleset bloat.
Instead, it would be ideal to process alerts in a “waterfall-like” process, such that the first rule only determines the alert’s priority, the second its owner, next its type, and so on. Until the last rule uses the results of the previous decisions to route the alerts to the relevant service.
Any advice on how to carry this out, or further suggestions for improvement would be really appreciated, thanks.