An alert policy is a container that ties together what to monitor (rules), how to group violations (incident preference), and who to notify (notification channels). Every alert rule belongs to exactly one policy, and every policy can have one or more notification channels attached.

Policy components

Component Description
Name A descriptive name for the policy (e.g., "Production API Health")
Rules One or more alert rules that define the metrics and thresholds to monitor
Notification channels Where to send notifications when incidents are created (Slack, PagerDuty, email, etc.)
Incident preference How issues are grouped into incidents — By Policy, By Rule, or By Rule and Target
Enabled / Disabled Toggle the entire policy on or off without deleting it

Creating a new alert policy

  1. Go to Alerting > Alert Policies > Create new alert policy.
  2. Enter a policy name that describes what this policy monitors (e.g., "Checkout Service Alerts").
  3. Choose an incident preference to control how issues are grouped into incidents:
    • By Policy — One incident for all issues in the policy (least noisy)
    • By Rule — One incident per rule (balanced)
    • By Rule and Target — One incident per rule and target combination (most granular) See Alert Incidents for detailed examples of each preference.
  4. Add one or more notification channels. Click the add channels link to select from your configured channels (email, Slack, PagerDuty, etc.). If no channels exist yet, an email channel is created automatically.
  5. Click Create policy.

After creating the policy, you can add rules to it. A policy without rules will not generate any incidents.

Incident preference

The incident preference determines how many incidents are created when multiple rules or targets are violated at the same time. This is configured once per policy and affects all rules within it.

Preference Incidents created Best for
By Policy 1 per policy Simple setups, minimal notifications
By Rule 1 per rule Separating different problem types
By Rule and Target 1 per rule + target Multi-service environments needing per-target tracking

For worked examples showing how each preference affects incident creation, see Alert Incidents.

Managing policies

Edit a policy

Click on a policy name to open it. You can change the name, incident preference, or notification channels. Changes take effect on the next evaluation cycle.

Enable or disable

Toggle a policy's enabled state to temporarily stop all rule evaluation and notifications without deleting the policy or its rules.

Clone a policy

Duplicate an existing policy along with its rules. Useful when you want a similar policy for a different set of targets or channels.

Attach and detach channels

Add or remove notification channels from a policy at any time. When a channel is attached, it receives notifications for all future incidents created by the policy. Detaching a channel stops future notifications but does not affect already-open incidents.

Delete a policy

Deleting a policy removes all its rules, closes any open incidents, and detaches all notification channels. This action cannot be undone.

Example policies

Production API health

Setting Value
Name Production API Health
Incident preference By Rule
Channels Slack (#api-alerts), PagerDuty (On-Call)

Rules: - Web Response Time above 2 seconds for 5 minutes (Critical) - HTTP Failure Rate above 5% for 5 minutes (Warning at 3%, Critical at 5%) - Exception Count above 50 for 5 minutes (Critical)

This policy separates latency, error rate, and exception issues into distinct incidents so responders can prioritize.

Infrastructure monitoring

Setting Value
Name Infrastructure Monitoring
Incident preference By Rule and Target
Channels Email (ops-team@company.com), OpsGenie

Rules: - CPU Used Percentage above 90% for 15 minutes (Critical) - Disk Used Percentage above 85% for 30 minutes (Warning at 75%, Critical at 85%) - Host Not Reporting for 5 minutes (Critical)

Using "By Rule and Target" ensures each host gets its own incident, so the team knows exactly which server needs attention.