Explore documentation
  1. Welcome to Uptime đź‘‹
  2. Frequently Asked Questions
  3. Monitoring
    1. Get started with monitoring
    2. Working with monitors
    3. Customizing monitors
    4. Monitor types
  4. On-call scheduling and alerting
    1. Get started with on-call
    2. Sending alerts to Slack ↗
    3. Connecting external calendars
    4. Advanced on-call setup
  5. Incidents
    1. Working with incidents
    2. Create incidents manually
    3. Post mortems
    4. Incident silencing
    5. Incident metadata
  6. Status pages
    1. Get started with status pages
    2. Working with status pages
  7. Integrations
    1. Integrating with Better Stack
  8. Team and account management
    1. Team management
    2. Account settings
    3. Audit logs
    4. Migrating to pay as you go
  9. API
    1. Get started with API
  10. Monitors API
    1. Monitors
    2. Monitor groups
    3. Heartbeats
    4. Heartbeat groups
  11. On-call & Incidents API
    1. On-call calendar
    2. On-call calendar events
    3. Escalation policies
    4. Escalation policy groups
    5. Severities
    6. Severity groups
    7. Incidents
    8. Comments
  12. Integrations API
    1. New Relic Integrations
    2. Datadog Integrations
    3. AWS CloudWatch Integrations
    4. Azure Integrations
    5. Google Monitoring Integrations
    6. Grafana Integrations
    7. Prometheus Integrations
    8. Email integrations
    9. Incoming webhooks
    10. Slack Integrations
    11. Outgoing Webhook integrations
    12. Splunk On-Call integrations
    13. PagerDuty Integrations
  13. Status pages API
    1. Status pages
    2. Status page sections
    3. Status page resources
    4. Status page reports
    5. Status page report updates
  14. Other API
    1. Metadata

Working with incident metadata

Attach custom key-value pairs to incidents. Escalate incidents based on severity or ownership using the saved metadata. Filter using metadata in reporting.

View incident metadata

Find all incident metadata for a specific incident in Metadata section directly on the incident page:

Screenshot of incident metadata with severity and app

Add metadata

Monitors, heartbeats & integrations

Add metadata to all future incidents created for your monitor, heartbeat, or integration:

  • Go to configuration for your monitor, heartbeat, or integration.
  • Scroll to the bottom of the page.
  • Click the Metadata section.
  • Add any number of key-value pairs.

Automatically collected metadata

We automatically save relevant metadata for every incident created using integrations. Each integration has different metadata available. We save alert name, alert priority, tags, labels, and other information depending on the type of integration.

For example, for Prometheus integrations, we save the alert name, all labels, and all annotations as metadata.

Prometheus alert rule
groups:
  - name: payments-app
    rules:
      - alert: PaymentsAppDown
        expr: up{app=“payments”} == 0
        for: 1m
        labels:
          severity: high
        annotations:
          summary: 'Payments app is down'

Incidents created for the Prometheus alert above will have the following metadata:

  • alert: PaymentsAppDown.
  • severity: high.
  • app: payments.
  • summary: Payments app is down.

What metadata is collected for a specific integration?

Check the incidents created using the integration to see the saved metadata.

Missing metadata for your integration?

Let us know at hello@betterstack.com.

Incoming webhooks & e-mail integrations

Extract any metadata from body, headers, or query parameters for your incoming webhook integrations. Similarly, with e-mail integrations, you can extract metadata from e-mail body, subject, and from field.

  • Go to Integrations → your integration.
  • Find 1. Creating incidents → Extract the following data.
  • Click + Extract metadata button.
  • Choose which metadata to extract and how it should be parsed and matched.

Screenshot of extracting severity in webhook integration

Use metadata in escalation policies

Route incidents based on metadata. Customize notifications based on incident severity or notify different people based on ownership.

Navigate to any of your Escalation policies:

  • Click + Metadata rule.
  • Fill out metadata field and values to match.
  • Select Team or Escalation policy to escalate to.

Usually, you will need to create multiple escalation policies. See examples below to see how to route incidents based on severity or ownership.

Escalate incidents based on severity

Use severity metadata to handle important incidents with urgency.

For example, send an email for incidents with low severity and call the on-call person immediately for important incidents:

Screenshot of escalation with severity-based routing

Want to handle more severities?

Add more Metadata rules to your escalation policy to match more severities.

Escalate incidents based on ownership

Use app metadata to route the incident to the responsible person.

For example, use a separate escalation policy for payments app and notify the main on-call person for any other incident:

Screenshot of escalation with ownership-based routing

Incidents that match none of your Metadata rules will propagate to the end of the escalation policy. Notifying current on-call person at the end of your escalation policies is a great way to make sure no important incidents get lost.

Previous article

AIOps incident silencing

Next article

Get started with status pages