{"id":5449,"date":"2026-03-11T00:16:30","date_gmt":"2026-03-10T18:46:30","guid":{"rendered":"https:\/\/blog.spike.sh\/?p=5449"},"modified":"2026-03-27T15:37:53","modified_gmt":"2026-03-27T10:07:53","slug":"how-to-set-up-incident-alert-routing-rules-effectively","status":"publish","type":"post","link":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/","title":{"rendered":"How to set up Incident Alert Routing rules effectively"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">When an incident triggers, the question is not just what broke but also how urgent it is and who on your team needs to respond. Alert Routing rules answer those questions automatically. You define the conditions once and the right response follows every time an incident triggers.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Every Alert Routing rule does one or more of these three things:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/spike.sh\/glossary\/triage\/\">Triage<\/a> the incident so the right context is attached<\/li>\n\n\n\n<li>Route it to the right <a href=\"https:\/\/spike.sh\/blog\/what-is-an-escalation-policy\/\">escalation policy<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/spike.sh\/glossary\/noise-reduction\/\">Reduce noise<\/a> so your team only sees what matters<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Three conditions drive all of it: incident payload, time of occurrence, and frequency.<\/strong> Each one can triage, route, and reduce noise depending on how you configure it. This guide walks through each condition and shows how to put it to work.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Table of contents<\/strong><\/p>\n\n\n\n<nav aria-label=\"Table of Contents\" class=\"wp-block-table-of-contents\"><ol><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#incident-payload\">Incident payload<\/a><ol><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#triaging-using-incident-payload\">Triaging using incident payload<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#using-time-of-occurrence\">Routing using incident payload<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#reducing-noise-using-incident-payload\">Reducing noise using incident payload<\/a><\/li><\/ol><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#time-of-occurrence\">Time of occurrence<\/a><ol><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#triaging-using-time-of-occurrence\">Triaging using time of occurrence<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#routing-using-time-of-occurrence\">Routing using time of occurrence<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#reducing-noise-using-time-of-occurrence\">Reducing noise using time of occurrence<\/a><\/li><\/ol><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#incident-frequency\">Incident frequency<\/a><ol><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#triaging-using-incident-frequency\">Triaging using incident frequency<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#routing-using-incident-frequency\">Routing using incident frequency<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#reducing-noise-using-incident-frequency\">Reducing noise using incident frequency<\/a><\/li><\/ol><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#faqs\">FAQs<\/a><\/li><\/ol><\/nav>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 id=\"incident-payload\" class=\"wp-block-heading\">Incident payload<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The incident payload is the title and details that arrive with every incident. The title usually tells you which service is affected. The details often tell you how serious it is. Together, they give your rules something specific to match on.<\/p>\n\n\n\n<h3 id=\"triaging-using-incident-payload\" class=\"wp-block-heading\">Triaging using incident payload<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Broad rules are a reasonable starting point but they lose precision quickly. A rule matching on &#8220;auth-service&#8221; picks up every incident from that service regardless of what actually failed. Narrowing it to a specific failure class within the service gives you much cleaner triage.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title contains &quot;auth-service&quot;<\/div><div class=\"cm-line\">     AND Incident details [key: &quot;message&quot;] contains &quot;token validation failed&quot;<\/div><div class=\"cm-line\"><\/div><div class=\"cm-line\">THEN mark severity as SEV-1<\/div><div class=\"cm-line\">     AND mark priority as P1<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">The <code>key<\/code> name here is\u00a0<code>message<\/code>\u00a0because that is what most monitoring tools use for the main error or event description. Your payload may use a different key. Inspecting a sample payload from your integration is the quickest way to confirm the right key name before writing the rule.<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">When your payload includes numeric fields, comparators are worth using. They are more precise than keyword matching alone.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title contains &quot;api-gateway&quot;<\/div><div class=\"cm-line\">     AND Incident details [key: &quot;p99_latency_ms&quot;] &gt; 2000<\/div><div class=\"cm-line\"><\/div><div class=\"cm-line\">THEN mark severity as SEV-2<\/div><div class=\"cm-line\">     AND mark priority as P2<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"367\" data-attachment-id=\"5513\" data-permalink=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/screenshot-2026-03-17-at-1-36-28-am\/\" data-orig-file=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.36.28-AM.png\" data-orig-size=\"1040,373\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screenshot 2026-03-17 at 1.36.28\u202fAM\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.36.28-AM-1024x367.png\" src=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.36.28-AM-1024x367.png\" alt=\"Alert routing rule set up on Spike\" class=\"wp-image-5513\" srcset=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.36.28-AM-1024x367.png 1024w, https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.36.28-AM-300x108.png 300w, https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.36.28-AM-768x275.png 768w, https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.36.28-AM.png 1040w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Alert routing rule set up on <a href=\"http:\/\/spike.sh\/\">Spike<\/a><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Unlike keyword matching, a numeric condition does not break when your monitoring tool changes how it phrases the title. It checks the metric value directly.<\/p>\n\n\n\n<div class=\"wp-block-group has-background has-global-padding is-layout-constrained wp-container-core-group-is-layout-589c4201 wp-block-group-is-layout-constrained\" style=\"border-top-left-radius:9px;border-top-right-radius:9px;border-bottom-left-radius:9px;border-bottom-right-radius:9px;background-color:#c3cdd5;padding-top:var(--wp--preset--spacing--40);padding-right:var(--wp--preset--spacing--40);padding-bottom:var(--wp--preset--spacing--40);padding-left:var(--wp--preset--spacing--40)\">\n<p>\ud83d\udca1\u00a0<strong>Spike&#8217;s tip: Use Title Remapper<\/p>\n<p><\/strong>Vague incident titles make triage rules hard to set up. When Sentry sends\u00a0<code>TypeError: Cannot read properties of undefined<\/code>, there&#8217;s nothing specific to act on. You can&#8217;t reliably set priority or add context when every incident looks the same.<\/p>\n<p>With Spike&#8217;s\u00a0<a href=\"https:\/\/docs.spike.sh\/alerts\/title-remapper\"><strong>Title Remapper<\/strong><\/a>, you set up a simple template using fields from the Sentry payload to rewrite that title to:\u00a0<code>checkout-api: TypeError: Cannot read properties of undefined<\/p>\n<p><\/code>Now your routing rules have something precise to work with.<\/p>\n<p><!-- notionvc: 66e1087e-c014-48b9-b33b-819006462c4d --><\/p>\n<\/div>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><strong>Spike&#8217;s\u00a0<a href=\"https:\/\/spike.sh\/templates\/alert-rule-templates\">Alert Routing rule templates<\/a>\u00a0are also worth browsing at this point. They include ready-to-use rules that pair well with Title Remapper.<\/strong><\/p>\n<\/blockquote>\n\n\n\n<h3 id=\"using-time-of-occurrence\" class=\"wp-block-heading\">Routing using incident payload<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Once the triage rule has set severity and priority, routing acts on those signals. A good starting point is a simple two-policy setup: one policy for <a href=\"https:\/\/spike.sh\/templates\/alert-rule-templates\/critical-incident-1\">critical incidents<\/a> with phone call alerts and short wait times, and one default policy for everything else. The triage rules you set up earlier already did the work of classifying the incident. Routing just acts on that classification.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   severity is SEV-1<\/div><div class=\"cm-line\">     OR priority is P1<\/div><div class=\"cm-line\"><\/div><div class=\"cm-line\">THEN load \u2192 critical escalation policy<\/div><div class=\"cm-line\">     (phone call, 5-minute wait time)<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">This alone covers a lot of ground. As your incident patterns become clearer, you can get more specific. For example, routing a particular class of payment failure directly to the team that owns it is cleaner than a broad rule covering all production incidents.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title contains &quot;payment-processor&quot;<\/div><div class=\"cm-line\">     AND Incident details [key: &quot;message&quot;] contains &quot;idempotency key collision&quot;<\/div><div class=\"cm-line\"><\/div><div class=\"cm-line\">THEN load \u2192 payments on-call escalation policy<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">The right people get paged for the right class of failure. Nobody else is disturbed.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><strong>Title Remapper really pays off in routing. Once your titles are structured, routing rules become straightforward:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Incident title contains &#8220;checkout-api&#8221; \u2192 route to the checkout escalation policy<\/strong><\/li>\n\n\n\n<li><strong>Incident title contains &#8220;auth-api&#8221; \u2192 route to the auth team escalation policy<\/strong><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Clear titles give your routing rules something reliable to match on.<\/strong><\/p>\n<\/blockquote>\n\n\n\n<h3 id=\"reducing-noise-using-incident-payload\" class=\"wp-block-heading\">Reducing noise using incident payload<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Not every incident that triggers needs a human to act on it. Payload conditions are usually the most direct way to handle that. There are four actions worth building into your rules:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Auto-acknowledge:<\/strong> Stops the escalation policy from running. Good for known low-priority signals your team tracks but does not need to act on immediately<\/li>\n\n\n\n<li><strong>Auto-resolve:<\/strong> Works well for known false positives that always self-correct<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/docs.spike.sh\/incidents\/resolve-timer\">Resolve by timer<\/a>:<\/strong> Waits for a set period and resolves the incident if nothing has changed. Still catches it if it persists beyond the timer<\/li>\n\n\n\n<li><strong>Do not create incident:<\/strong> Suppresses the incident before it enters your queue. Worth using carefully and only for signals you are completely confident are irrelevant<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">A rule that covers multiple known low-signal patterns in one setup is usually cleaner than a separate rule for each one.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title contains &quot;user&quot;<\/div><div class=\"cm-line\">OR IF title contains &quot;issued&quot;<\/div><div class=\"cm-line\">OR IF title contains &quot;invoked&quot;<\/div><div class=\"cm-line\">OR IF title starts with &quot;ALARM: CPU over 25% on&quot;<\/div><div class=\"cm-line\"><\/div><div class=\"cm-line\">THEN resolve incident and send alert<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1025\" height=\"730\" data-attachment-id=\"5516\" data-permalink=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/screenshot-2026-03-17-at-1-43-55-am\/\" data-orig-file=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.43.55-AM.png\" data-orig-size=\"1025,730\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screenshot 2026-03-17 at 1.43.55\u202fAM\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.43.55-AM.png\" src=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.43.55-AM.png\" alt=\"Alert routing rule set up on Spike\" class=\"wp-image-5516\" srcset=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.43.55-AM.png 1025w, https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.43.55-AM-300x214.png 300w, https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.43.55-AM-768x547.png 768w\" sizes=\"auto, (max-width: 1025px) 100vw, 1025px\" \/><figcaption class=\"wp-element-caption\">Alert routing rule set up on <a href=\"http:\/\/spike.sh\">Spike<\/a><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">This is a good pattern for incidents that are worth a Slack notification but not a phone call. Multiple trigger conditions, one set of actions. Your team keeps visibility without getting paged.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Not all noise needs even a Slack notification though. A CI pipeline that runs integration tests every hour and always throws a teardown warning is a reasonable suppression candidate. You can stop those before they arrive entirely.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title starts with &quot;integration-test: teardown warning&quot;<\/div><div class=\"cm-line\">     AND title contains &quot;ci-runner&quot;<\/div><div class=\"cm-line\"><\/div><div class=\"cm-line\">THEN   do not create incident<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 id=\"time-of-occurrence\" class=\"wp-block-heading\">Time of occurrence<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The same incident can carry different urgency depending on when it triggers. A Kubernetes pod crash loop at 2 AM is a different situation from the same incident at 11 AM. <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>At 11 AM your team is probably already online <\/li>\n\n\n\n<li>At 2 AM someone needs to be woken up<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The incident is the same but the required response is not.<\/p>\n\n\n\n<h3 id=\"triaging-using-time-of-occurrence\" class=\"wp-block-heading\">Triaging using time of occurrence<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The <a href=\"https:\/\/docs.spike.sh\/alerts\/alert-rules#:~:text=more%20about%20severity-,7.%20Time%20of%20day,-Evaluates%20to%20True\">Time of day<\/a> and Day of week conditions in <a href=\"https:\/\/spike.sh\/\">Spike<\/a> are built for exactly this kind of distinction. A rule that adjusts priority based on when the incident triggers means the same service can carry different urgency at different times.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title contains &quot;k8s&quot;<\/div><div class=\"cm-line\">     AND time is between 10 PM and 8 AM<\/div><div class=\"cm-line\">     <\/div><div class=\"cm-line\">THEN mark priority as P1<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title contains &quot;k8s&quot;<\/div><div class=\"cm-line\">     AND time is between 8 AM and 10 PM<\/div><div class=\"cm-line\">     <\/div><div class=\"cm-line\">THEN mark priority as P3<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Based on that priority, the right escalation policy loads and your team gets alerted accordingly.<\/p>\n\n\n\n<h3 id=\"routing-using-time-of-occurrence\" class=\"wp-block-heading\">Routing using time of occurrence<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A P1 incident at 2 AM and the same incident at 11 AM need different escalation paths. During business hours a Slack notification through a lower-priority policy is probably enough. Off-hours, you want a phone call. A time-based routing setup handles that automatically.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   severity is SEV-1<\/div><div class=\"cm-line\">     AND time is between 10 PM and 8 AM<\/div><div class=\"cm-line\">     <\/div><div class=\"cm-line\">THEN load \u2192 critical off-hours escalation policy<\/div><div class=\"cm-line\">     (phone call, 5-minute wait time)<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   severity is SEV-1<\/div><div class=\"cm-line\">     AND time is between 8 AM and 10 PM<\/div><div class=\"cm-line\">     <\/div><div class=\"cm-line\">THEN load \u2192 business hours escalation policy<\/div><div class=\"cm-line\">     (Slack + email, 15-minute wait time)<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Time conditions work for any service. A payments team, an infrastructure team, or a database team can each have their own off-hours escalation path.<\/p>\n\n\n\n<h3 id=\"reducing-noise-using-time-of-occurrence\" class=\"wp-block-heading\">Reducing noise using time of occurrence<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Some incidents are worth watching during business hours but not worth acting on off-hours. A staging environment going offline overnight is a practical example. Nobody needs it until the next morning, so a resolve by timer keeps it off your on-call queue while still catching it if it persists.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title contains &quot;staging&quot;<\/div><div class=\"cm-line\">     AND time is between 8 PM and 8 AM<\/div><div class=\"cm-line\">     <\/div><div class=\"cm-line\">THEN resolve by timer (30 minutes)<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Day of week conditions work well here too. Dev cluster noise over the weekend is worth suppressing entirely when nobody is working on it.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title contains &quot;dev-cluster&quot;<\/div><div class=\"cm-line\">     AND day is Saturday OR Sunday<\/div><div class=\"cm-line\">     <\/div><div class=\"cm-line\">THEN do not create incident<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 id=\"incident-frequency\" class=\"wp-block-heading\">Incident frequency<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A single incident from a service is often just a transient blip. A sustained burst of the same incident within a short window is a different situation altogether. Frequency is what separates a minor hiccup from a service actively degrading.<\/p>\n\n\n\n<h3 id=\"triaging-using-incident-frequency\" class=\"wp-block-heading\">Triaging using incident frequency<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A single HTTP 503 from your search service is probably not worth escalating. But fifteen such blips within ten minutes tell a different story. Spike&#8217;s <code>incident has occurred within<\/code> condition is built for exactly this. Pairing it with payload conditions gives you enough precision to cover an entire service layer in one rule.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title contains &quot;search-service&quot;<\/div><div class=\"cm-line\">     AND incident triggers &gt; 5 times within 15 minutes<\/div><div class=\"cm-line\"><\/div><div class=\"cm-line\">OR IF   title contains &quot;elastic-search&quot;<\/div><div class=\"cm-line\">        AND incident triggers &gt; 5 times within 15 minutes<\/div><div class=\"cm-line\"><\/div><div class=\"cm-line\">THEN   mark severity as SEV-1<\/div><div class=\"cm-line\">       AND mark priority as P1<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"593\" data-attachment-id=\"5514\" data-permalink=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/screenshot-2026-03-17-at-1-40-39-am\/\" data-orig-file=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.40.39-AM.png\" data-orig-size=\"1029,596\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screenshot 2026-03-17 at 1.40.39\u202fAM\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.40.39-AM-1024x593.png\" src=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.40.39-AM-1024x593.png\" alt=\"Alert routing rule created on Spike\" class=\"wp-image-5514\" srcset=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.40.39-AM-1024x593.png 1024w, https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.40.39-AM-300x174.png 300w, https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.40.39-AM-768x445.png 768w, https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/Screenshot-2026-03-17-at-1.40.39-AM.png 1029w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Alert routing rule created on <a href=\"https:\/\/spike.sh\" type=\"link\" id=\"spike.sh\">Spike<\/a><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">This keeps noise from inflating your severity scores while still catching the cases that actually need attention.<\/p>\n\n\n\n<h3 id=\"routing-using-incident-frequency\" class=\"wp-block-heading\">Routing using incident frequency<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A single connection timeout from your message broker is probably not worth waking anyone up. A sustained burst of them within a short window almost certainly is. Frequency-based routing gives you a way to act on that difference without any manual action.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title contains &quot;rabbitmq&quot;<\/div><div class=\"cm-line\">     AND incident triggers &gt; 8 times within 10 minutes<\/div><div class=\"cm-line\">     <\/div><div class=\"cm-line\">THEN load \u2192 infrastructure on-call escalation policy<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">The frequency threshold is what separates a quiet acknowledgement from a phone call at 2 AM.<\/p>\n\n\n\n<h3 id=\"reducing-noise-using-incident-frequency\" class=\"wp-block-heading\">Reducing noise using incident frequency<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Frequency conditions help separate a noisy signal from a genuine problem. A CloudWatch alarm set at 25% CPU can fire repeatedly if the metric keeps bouncing just above and below that threshold. Each incident is real but none of them individually need someone to act on them. What matters is whether the pattern persists.<\/p>\n\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title starts with &quot;ALARM: CPU over 25% on&quot;<\/div><div class=\"cm-line\">     AND incident triggers \u2264 3 times within 30 minutes<\/div><div class=\"cm-line\">     <\/div><div class=\"cm-line\">THEN auto-resolve<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n<div class=\"wp-block-code\">\n\t<div class=\"cm-editor\">\n\t\t<div class=\"cm-scroller\">\n\t\t\t\n<pre>\n<code><div class=\"cm-line\">IF   title starts with &quot;ALARM: CPU over 25% on&quot;<\/div><div class=\"cm-line\">     AND incident triggers &gt; 3 times within 30 minutes<\/div><div class=\"cm-line\">     <\/div><div class=\"cm-line\">THEN mark severity as SEV-2<\/div><div class=\"cm-line\">     load \u2192 infrastructure escalation policy<\/div><\/code><\/pre>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Below the threshold it self-resolves quietly. Above it your infrastructure team gets paged. That balance is usually what keeps a noise reduction setup from being either too aggressive or too permissive.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"wp-block-paragraph\">The real value of a well-built routing setup shows up over time. In the early days, a handful of rules covering your most critical services is probably enough to get started. As you learn more about your incident patterns you add rules that reflect what you actually see in production. The conditions get sharper and the noise gets quieter.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Incidents that do not matter stop reaching your team. The ones that do arrive with the right severity, priority, and escalation policy already attached. Your on-call responder picks up the incident and already knows what it is and how urgent it is. What starts as a handful of rules gradually becomes a setup that actively works for your team.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you are ready to set up Alert Routing rules for your team,\u00a0<a href=\"https:\/\/spike.sh\/\">Spike<\/a>\u00a0is a good place to start. It has everything covered in this guide, from payload-based triage to time-based routing and noise reduction, all in one place.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-ee856660 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-midnight-gradient-background has-background wp-element-button\" href=\"https:\/\/app.spike.sh\/signup\" style=\"border-top-left-radius:9px;border-top-right-radius:9px;border-bottom-left-radius:9px;border-bottom-right-radius:9px\">Try Spike for free<\/a><\/div>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 id=\"faqs\" class=\"wp-block-heading\">FAQs<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What should I do when a monitoring tool changes its payload format and breaks existing rules?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is more common than it seems, especially after a tool upgrade. It is a good idea to keep a reference payload sample for each integration alongside your rules so you can spot format changes quickly. When a rule stops firing as expected, comparing the current payload against your reference is usually the fastest way to find the problem.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Can routing rules handle nested JSON fields in the payload or only top-level fields?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Most routing rule engines match on the incident title and details that get parsed from the payload rather than on raw JSON keys. If you need to route on a deeply nested field, the more reliable approach is to use a webhook transformer or Title Remapper to surface that value into the incident title or details first. That way your routing rules stay simple and predictable.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>How should I think about routing rules when my services follow a microservices architecture with hundreds of services?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Writing individual rules for hundreds of services is not practical. A better approach is to establish a consistent naming convention for your service names and incident titles and write rules that match on patterns rather than exact names. A rule matching on a team prefix like &#8220;payments-&#8221; covers every payments service without needing a separate rule per service.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>How do regex-based conditions in routing rules differ from simple keyword matching in terms of reliability?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Regex conditions give you more precision but they are also more fragile. A regex that matches on a specific error code format can break if the monitoring tool changes how it formats that code. Keyword conditions are broader but more resilient to minor formatting changes. It is usually worth using regex only when keyword matching genuinely cannot express the condition you need.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A well set-up alert routing system means your team only sees what actually needs attention. This guide covers the three conditions that drive an effective routing setup and how to use each one.<\/p>\n","protected":false},"author":263547072,"featured_media":5537,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","_lmt_disableupdate":"","_lmt_disable":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":true,"token":"eyJpbWciOiJodHRwczpcL1wvYmxvZy5zcGlrZS5zaFwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNlwvMDNcL09wc0dlbmllLVNodXRkb3duXy1FdmVyeXRoaW5nLVlvdS1OZWVkLVRvLUtub3ctMi0xMDI0eDU1NS5wbmciLCJ0eHQiOiJIb3cgdG8gc2V0IHVwIEluY2lkZW50IEFsZXJ0IFJvdXRpbmcgcnVsZXMgZWZmZWN0aXZlbHkiLCJ0ZW1wbGF0ZSI6ImhpZ2h3YXkiLCJmb250IjoiIiwiYmxvZ19pZCI6MjMzMTM4OTAwfQ.4s9gmCTs-juwmWCnACwDfp0FtRwqronXA8DGbG7gTagMQ"},"version":2},"_wpas_customize_per_network":false,"jetpack_post_was_ever_published":false},"categories":[1467],"tags":[],"class_list":["post-5449","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guides"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to set up Incident Alert Routing rules effectively<\/title>\n<meta name=\"description\" content=\"Learn how to set up incident alert routing rules that triage incidents, load the right escalation policy and keep noise out of your queue.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to set up Incident Alert Routing rules effectively\" \/>\n<meta property=\"og:description\" content=\"Learn how to set up incident alert routing rules that triage incidents, load the right escalation policy and keep noise out of your queue.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/\" \/>\n<meta property=\"og:site_name\" content=\"Spike&#039;s blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-10T18:46:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-27T10:07:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2080\" \/>\n\t<meta property=\"og:image:height\" content=\"1128\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Sreekar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sreekar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/\"},\"author\":{\"name\":\"Sreekar\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/#\\\/schema\\\/person\\\/eb31f40342cbe6a94ef67a1c0bf20923\"},\"headline\":\"How to set up Incident Alert Routing rules effectively\",\"datePublished\":\"2026-03-10T18:46:30+00:00\",\"dateModified\":\"2026-03-27T10:07:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/\"},\"wordCount\":1872,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.spike.sh\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-2.png\",\"articleSection\":[\"Guides\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/\",\"url\":\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/\",\"name\":\"How to set up Incident Alert Routing rules effectively\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.spike.sh\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-2.png\",\"datePublished\":\"2026-03-10T18:46:30+00:00\",\"dateModified\":\"2026-03-27T10:07:53+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/#\\\/schema\\\/person\\\/eb31f40342cbe6a94ef67a1c0bf20923\"},\"description\":\"Learn how to set up incident alert routing rules that triage incidents, load the right escalation policy and keep noise out of your queue.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blog.spike.sh\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-2.png\",\"contentUrl\":\"https:\\\/\\\/blog.spike.sh\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-2.png\",\"width\":2080,\"height\":1128},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/how-to-set-up-incident-alert-routing-rules-effectively\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.spike.sh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to set up Incident Alert Routing rules effectively\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/#website\",\"url\":\"https:\\\/\\\/blog.spike.sh\\\/\",\"name\":\"Spike&#039;s blog\",\"description\":\"Learnings and opinions in a changing world\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.spike.sh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blog.spike.sh\\\/#\\\/schema\\\/person\\\/eb31f40342cbe6a94ef67a1c0bf20923\",\"name\":\"Sreekar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cb2a2f53f3fd9e9619b7d3aaca20588e6101b5d239f52e0137823bd5d6cd0941?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cb2a2f53f3fd9e9619b7d3aaca20588e6101b5d239f52e0137823bd5d6cd0941?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cb2a2f53f3fd9e9619b7d3aaca20588e6101b5d239f52e0137823bd5d6cd0941?s=96&d=robohash&r=g\",\"caption\":\"Sreekar\"},\"url\":\"https:\\\/\\\/blog.spike.sh\\\/author\\\/sreekar98\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to set up Incident Alert Routing rules effectively","description":"Learn how to set up incident alert routing rules that triage incidents, load the right escalation policy and keep noise out of your queue.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/","og_locale":"en_GB","og_type":"article","og_title":"How to set up Incident Alert Routing rules effectively","og_description":"Learn how to set up incident alert routing rules that triage incidents, load the right escalation policy and keep noise out of your queue.","og_url":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/","og_site_name":"Spike&#039;s blog","article_published_time":"2026-03-10T18:46:30+00:00","article_modified_time":"2026-03-27T10:07:53+00:00","og_image":[{"width":2080,"height":1128,"url":"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-2.png","type":"image\/png"}],"author":"Sreekar","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sreekar","Estimated reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#article","isPartOf":{"@id":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/"},"author":{"name":"Sreekar","@id":"https:\/\/blog.spike.sh\/#\/schema\/person\/eb31f40342cbe6a94ef67a1c0bf20923"},"headline":"How to set up Incident Alert Routing rules effectively","datePublished":"2026-03-10T18:46:30+00:00","dateModified":"2026-03-27T10:07:53+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/"},"wordCount":1872,"commentCount":0,"image":{"@id":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-2.png","articleSection":["Guides"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/","url":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/","name":"How to set up Incident Alert Routing rules effectively","isPartOf":{"@id":"https:\/\/blog.spike.sh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#primaryimage"},"image":{"@id":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-2.png","datePublished":"2026-03-10T18:46:30+00:00","dateModified":"2026-03-27T10:07:53+00:00","author":{"@id":"https:\/\/blog.spike.sh\/#\/schema\/person\/eb31f40342cbe6a94ef67a1c0bf20923"},"description":"Learn how to set up incident alert routing rules that triage incidents, load the right escalation policy and keep noise out of your queue.","breadcrumb":{"@id":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#primaryimage","url":"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-2.png","contentUrl":"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-2.png","width":2080,"height":1128},{"@type":"BreadcrumbList","@id":"https:\/\/blog.spike.sh\/how-to-set-up-incident-alert-routing-rules-effectively\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.spike.sh\/"},{"@type":"ListItem","position":2,"name":"How to set up Incident Alert Routing rules effectively"}]},{"@type":"WebSite","@id":"https:\/\/blog.spike.sh\/#website","url":"https:\/\/blog.spike.sh\/","name":"Spike&#039;s blog","description":"Learnings and opinions in a changing world","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.spike.sh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/blog.spike.sh\/#\/schema\/person\/eb31f40342cbe6a94ef67a1c0bf20923","name":"Sreekar","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/cb2a2f53f3fd9e9619b7d3aaca20588e6101b5d239f52e0137823bd5d6cd0941?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/cb2a2f53f3fd9e9619b7d3aaca20588e6101b5d239f52e0137823bd5d6cd0941?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cb2a2f53f3fd9e9619b7d3aaca20588e6101b5d239f52e0137823bd5d6cd0941?s=96&d=robohash&r=g","caption":"Sreekar"},"url":"https:\/\/blog.spike.sh\/author\/sreekar98\/"}]}},"modified_by":"Sreekar","jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-2.png","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pfMe4Q-1pT","jetpack-related-posts":[{"id":5468,"url":"https:\/\/blog.spike.sh\/turning-team-knowledge-into-alert-routing-rules\/","url_meta":{"origin":5449,"position":0},"title":"Turning team knowledge into Alert Routing rules","author":"Sreekar","date":"12th March, 2026","format":false,"excerpt":"Your team knows incidents inside out. This guide walks you through four ways to build Alert Routing rules from that knowledge.","rel":"","context":"In &quot;Guides&quot;","block_context":{"text":"Guides","link":"https:\/\/blog.spike.sh\/category\/guides\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-1.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-1.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-1.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":5605,"url":"https:\/\/blog.spike.sh\/alert-routing-based-on-incident-payload\/","url_meta":{"origin":5449,"position":1},"title":"How to route incidents based on what their payload says","author":"Sreekar","date":"26th March, 2026","format":false,"excerpt":"Every incident payload carries signals worth acting on. This guide covers how to read those signals and use them to set severity, load the right escalation policy, and reduce noise automatically.","rel":"","context":"In &quot;Guides&quot;","block_context":{"text":"Guides","link":"https:\/\/blog.spike.sh\/category\/guides\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-4.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-4.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-4.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-4.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-4.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-4.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":5690,"url":"https:\/\/blog.spike.sh\/severity-and-priority-based-routing\/","url_meta":{"origin":5449,"position":2},"title":"Routing incidents the way their severity and priority demand","author":"Sreekar","date":"29th March, 2026","format":false,"excerpt":"Should this incident get a phone call or a Slack message? Severity and priority answer that question. This guide shows how to build routing rules around both.","rel":"","context":"In &quot;Guides&quot;","block_context":{"text":"Guides","link":"https:\/\/blog.spike.sh\/category\/guides\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-7.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-7.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-7.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-7.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-7.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-7.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":5652,"url":"https:\/\/blog.spike.sh\/alert-routing-setup-that-never-misses-critical-incidents\/","url_meta":{"origin":5449,"position":3},"title":"Building an Alert Routing setup that never misses a critical incident","author":"Sreekar","date":"29th March, 2026","format":false,"excerpt":"Critical incidents need to reach the right person the moment they trigger. This guide covers how to set up an alert routing system that make sure they always do.","rel":"","context":"In &quot;Guides&quot;","block_context":{"text":"Guides","link":"https:\/\/blog.spike.sh\/category\/guides\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-5.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-5.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-5.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-5.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-5.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-5.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":5677,"url":"https:\/\/blog.spike.sh\/how-to-handle-midnight-incidents\/","url_meta":{"origin":5449,"position":4},"title":"How to handle midnight incidents without waking everyone up","author":"Sreekar","date":"29th March, 2026","format":false,"excerpt":"A midnight incident should wake one person, not the whole team. This guide covers how to set that up with routing rules and escalation policies.","rel":"","context":"In &quot;Guides&quot;","block_context":{"text":"Guides","link":"https:\/\/blog.spike.sh\/category\/guides\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-6.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-6.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-6.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-6.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-6.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/03\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-6.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":5797,"url":"https:\/\/blog.spike.sh\/how-to-reduce-alert-noise\/","url_meta":{"origin":5449,"position":5},"title":"How to reduce alert noise without missing what matters","author":"Sreekar","date":"6th May, 2026","format":false,"excerpt":"This guide covers what counts as alert noise and how to reduce it automatically. It also walks through keeping critical incidents loud enough that your team never misses them.","rel":"","context":"In &quot;Guides&quot;","block_context":{"text":"Guides","link":"https:\/\/blog.spike.sh\/category\/guides\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/05\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/05\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/05\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/05\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-1.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/05\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-1.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blog.spike.sh\/wp-content\/uploads\/2026\/05\/OpsGenie-Shutdown_-Everything-You-Need-To-Know-1.png?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/posts\/5449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/users\/263547072"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/comments?post=5449"}],"version-history":[{"count":75,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/posts\/5449\/revisions"}],"predecessor-version":[{"id":5651,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/posts\/5449\/revisions\/5651"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/media\/5537"}],"wp:attachment":[{"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/media?parent=5449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/categories?post=5449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.spike.sh\/wp-json\/wp\/v2\/tags?post=5449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}