Get started with Grafana Alerting - Part 1 of 2

Get started with Grafana Alerting - Part 1 of 2

In this guide, we walk you through the process of setting up your first alert in just a few minutes. You’ll witness your alert in action with real-time data, as well as sending alert notifications.

In this tutorial you will:

  • Create a contact point.
  • Set up an alert rule.
  • Receive firing and resolved alert notifications in a public webhook.

Tip

Once you have completed Part 1, don’t forget to explore the advanced but essential alerting topics in Part 2 Alert instances and notification routing.

Before you begin

There are different ways you can follow along with this tutorial.

Set up the Grafana stack (OSS users)

To demonstrate the observation of data using the Grafana stack, download and run the following files.

  1. Clone the tutorial environment repository.

    git clone https://github.com/grafana/tutorial-environment.git
  2. Change to the directory where you cloned the repository:

    cd tutorial-environment
  3. Run the Grafana stack:

    docker compose up -d

    The first time you run docker compose up -d, Docker downloads all the necessary resources for the tutorial. This might take a few minutes, depending on your internet connection.

    Note

    If you already have Grafana, Loki, or Prometheus running on your system, you might see errors, because the Docker image is trying to use ports that your local installations are already using. If this is the case, stop the services, then run the command again.

Create a contact point

Besides being an open-source observability tool, Grafana has its own built-in alerting service. This means that you can receive notifications whenever there is an event of interest in your data, and even see these events graphed in your visualizations.

In this step, we set up a new contact point. This contact point uses the webhook integration. In order to make this work, we also need an endpoint for our webhook integration to receive the alert. We can use Webhook.site to quickly set up that test endpoint. This way we can make sure that our alert is actually sending a notification somewhere.

  1. In your browser, sign in to your Grafana Cloud account.

    OSS users: To log in, navigate to http://localhost:3000, where Grafana is running.

  2. In another tab, go to Webhook.site.

  3. Copy Your unique URL.

Your webhook endpoint is now waiting for the first request.

Next, let’s configure a contact point in Grafana’s Alerting UI to send notifications to our webhook endpoint.

  1. Return to Grafana. In Grafana’s sidebar, hover over the Alerting (bell) icon and then click Contact points.

  2. Click + Create contact point.

  3. In Name, write Webhook.

  4. In Integration, choose Webhook.

  5. In URL, paste the endpoint to your webhook endpoint.

  6. Click Test, and then click Send test notification to send a test alert to your webhook endpoint.

  7. Navigate back to Webhook.site. On the left side, there’s now a POST / entry. Click it to see what information Grafana sent.

    A POST entry in Webhook.site
    A POST entry in Webhook.site
  8. Return to Grafana and click Save contact point.

We have created a dummy Webhook endpoint and created a new Alerting contact point in Grafana. Now, we can create an alert rule and link it to this new integration.

Create an alert

Next, we establish an alert rule within Grafana Alerting to notify us whenever alert rules are triggered and resolved.

  1. In Grafana, navigate to Alerting > Alert rules. Click on New alert rule.

  2. Enter alert rule name for your alert rule. Make it short and descriptive as this appears in your alert notification. For instance, database-metrics

Define query and alert condition

In this section, we use the default options for Grafana-managed alert rule creation. The default options let us define the query, a expression (used to manipulate the data – the WHEN field in the UI), and the condition that must be met for the alert to be triggered (in default mode is the threshold).

  1. Select the Prometheus data source from the drop-down menu.

  2. In the Query editor, switch to Code mode by clicking the button on the right.

  3. Enter the following query:

    promql
    vector(1)

    In Prometheus, vector(1) is a special type of PromQL query that generates a constant vector. This is useful in testing and query manipulation, where you might need a constant value for calculations or comparisons. This query allows you to create an alert rule that is always firing.

  4. In the Alert condition section:

    • Keep Last as the value for the reducer function (WHEN), and 0 as the threshold value. This is the value above which the alert rule should trigger.
  5. Click Preview alert rule condition to run the query.

    It should return a single sample with the value 1 at the current timestamp. And, since 1 is above 0, the alert condition has been met, and the alert rule state is Firing.

    A preview of a firing alert
    A preview of a firing alert

Set evaluation behavior

The alert rule evaluation defines the conditions under which an alert rule triggers, based on the following settings:

  • Evaluation group: every alert rule is assigned to an evaluation group. You can assign the alert rule to an existing evaluation group or create a new one.
  • Evaluation interval: determines how frequently the alert rule is checked. For instance, the evaluation may occur every 10s, 30s, 1m, 10m, etc.
  • Pending period: how long the condition must be met to trigger the alert rule.

To set up the evaluation:

  1. In Folder, click + New folder and enter a name. For example: metric-alerts. This folder contains our alerts.
  2. In the Evaluation group, repeat the above step to create a new evaluation group. Name it 1m-evaluation.
  3. Choose an Evaluation interval (how often the alert are evaluated). For example, every 1m (1 minute).
  4. Set the pending period to, 0s (zero seconds), so the alert rule fires the moment the condition is met.

Configure labels and notifications

Choose the contact point where you want to receive your alert notifications.

  1. Under Contact point, select Webhook from the drop-down menu.
  2. Click Save rule and exit at the top right corner.

Trigger and resolve an alert

Now that the alert rule has been configured, you should receive alert notifications in the contact point whenever alerts trigger and get resolved.

Trigger an alert

Since the alert rule that you have created has been configured to always fire, once the evaluation interval has concluded, you should receive an alert notification in the Webhook endpoint.

Firing alert notification details
Firing alert notification details

The alert notification details show that the alert rule state is Firing , and it includes the value that made the rule trigger by exceeding the threshold of the alert rule condition. The notification also includes links to see the alert rule details, and another link to add a Silence to it.

Resolve an alert

To see how a resolved alert notification looks like, you can modify the current alert rule threshold.

To edit the Alert rule:

  1. Navigate to Alerting > Alert rules.
  2. Click on the metric-alerts folder to display the alert that you created earlier
  3. Click the edit button on the right hand side of the screen
  4. Increment the Threshold expression to 1.
  5. Click Save rule and exit.

By incrementing the threshold, the condition is no longer met, and after the evaluation interval has concluded (1 minute approx.), you should receive an alert notification with status “Resolved”.

Learn more in Grafana Alerting Part 2

Tip

In Get started with Grafana Alerting - Part 2 you can advance your skills by exploring alert instances and notification routing.