I have a Coralogix alert that’s grouped only by k8s_cluster_name, so a single alert can include several account_ids in the payload. Example payload field (trimmed):
alert_value: [
{"labels":{"account_id":"1001","k8s_cluster_name":"account-id-testing"}, ...},
{"labels":{"account_id":"1002","k8s_cluster_name":"account-id-testing"}, ...}
]
Goal: create one Opsgenie incident per (account_id, k8s_cluster_name) combination.
Constraints / what I’ve tried:
In Coralogix I can’t always use “separate alert per combination” because we can exceed the 1,000-combination cap (we have ~1,500 pairs).
In Opsgenie, Integration rules are IF/ELSE IF, so only the first matching rule runs.
Alert Policies and routing can modify or route the alert, but from what I see they don’t clone it into multiple incidents.
Is there a built-in way in Opsgenie to fan-out a single incoming alert into multiple incidents (one per account_id) based on the payload? If not, what’s the recommended approach? For example, do I need a second integration or an outgoing webhook that calls the Create Alert API to generate the extra incidents? Any best practices would be appreciated.
