Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is it possible to take one alert from Coralogix and create multiple Opsgenie incidents from it?

Ved Prakash
Ved Prakash
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 17, 2025

 I have a Coralogix alert that’s grouped only by k8s_cluster_name, so a single alert can include several account_ids in the payload. Example payload field (trimmed):

alert_value: [
  {"labels":{"account_id":"1001","k8s_cluster_name":"account-id-testing"}, ...},
  {"labels":{"account_id":"1002","k8s_cluster_name":"account-id-testing"}, ...}
]

Goal: create one Opsgenie incident per (account_id, k8s_cluster_name) combination.

Constraints / what I’ve tried:

  • In Coralogix I can’t always use “separate alert per combination” because we can exceed the 1,000-combination cap (we have ~1,500 pairs).

  • In Opsgenie, Integration rules are IF/ELSE IF, so only the first matching rule runs.

  • Alert Policies and routing can modify or route the alert, but from what I see they don’t clone it into multiple incidents.

Is there a built-in way in Opsgenie to fan-out a single incoming alert into multiple incidents (one per account_id) based on the payload? If not, what’s the recommended approach? For example, do I need a second integration or an outgoing webhook that calls the Create Alert API to generate the extra incidents? Any best practices would be appreciated.

Answer
Watch
Like Be the first to like this
1208 views

1 answer

0 votes
Nayan Pandey
Nayan Pandey
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 19, 2025

Hi Ved,

Thank you for reaching out to Opsgenie community. I am Nayan from the Opsgenie team, happy to help. 

I understand that you want to generate one Opsgenie incident per unique (account_id, k8s_cluster_name) pair from a single Coralogix alert payload, but Coralogix’s alert grouping and Opsgenie’s built-in rules don’t natively support this kind of “fan-out” (splitting one alert into multiple incidents).

Currently, Opsgenie does not provide a built-in feature to automatically split a single incoming alert into multiple incidents based on payload fields. Integration rules, alert policies, and routing rules can only act on the alert as a whole—they cannot clone or fan-out alerts into multiple incidents.

You could use certain workarounds as listed below:

1. Outgoing Webhook + Opsgenie API 

  • Set up an outgoing webhook in Opsgenie or Coralogix that triggers when an alert is received.

  • Webhook payload: The webhook should send the alert payload (including the alert_value array) to an external service (e.g., a lightweight serverless function or automation tool).

  • Custom logic: Your service parses the payload, iterates over each unique (account_id, k8s_cluster_name) pair, and calls the Opsgenie Create Alert API for each combination.

I hope the above information is helpful. 

Best regards,
Nayan
Opsgenie Support

Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security