I have a Coralogix alert that’s grouped only by k8s_cluster_name
, so a single alert can include several account_id
s in the payload. Example payload field (trimmed):
alert_value: [
{"labels":{"account_id":"1001","k8s_cluster_name":"account-id-testing"}, ...},
{"labels":{"account_id":"1002","k8s_cluster_name":"account-id-testing"}, ...}
]
Goal: create one Opsgenie incident per (account_id, k8s_cluster_name) combination.
Constraints / what I’ve tried:
In Coralogix I can’t always use “separate alert per combination” because we can exceed the 1,000-combination cap (we have ~1,500 pairs).
In Opsgenie, Integration rules are IF/ELSE IF, so only the first matching rule runs.
Alert Policies and routing can modify or route the alert, but from what I see they don’t clone it into multiple incidents.
Is there a built-in way in Opsgenie to fan-out a single incoming alert into multiple incidents (one per account_id
) based on the payload? If not, what’s the recommended approach? For example, do I need a second integration or an outgoing webhook that calls the Create Alert API to generate the extra incidents? Any best practices would be appreciated.
Hi Ved,
Thank you for reaching out to Opsgenie community. I am Nayan from the Opsgenie team, happy to help.
I understand that you want to generate one Opsgenie incident per unique (account_id
, k8s_cluster_name
) pair from a single Coralogix alert payload, but Coralogix’s alert grouping and Opsgenie’s built-in rules don’t natively support this kind of “fan-out” (splitting one alert into multiple incidents).
Currently, Opsgenie does not provide a built-in feature to automatically split a single incoming alert into multiple incidents based on payload fields. Integration rules, alert policies, and routing rules can only act on the alert as a whole—they cannot clone or fan-out alerts into multiple incidents.
You could use certain workarounds as listed below:
Set up an outgoing webhook in Opsgenie or Coralogix that triggers when an alert is received.
Webhook payload: The webhook should send the alert payload (including the alert_value
array) to an external service (e.g., a lightweight serverless function or automation tool).
Custom logic: Your service parses the payload, iterates over each unique (account_id
, k8s_cluster_name
) pair, and calls the Opsgenie Create Alert API for each combination.
I hope the above information is helpful.
Best regards,
Nayan
Opsgenie Support
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.