Attach custom key-value pairs to incidents. Escalate incidents based on severity or ownership using the saved metadata. Filter using metadata in reporting.

View incident metadata

Find all incident metadata for a specific incident in Metadata section directly on the incident page:

Add metadata

Monitors, heartbeats & integrations

Add metadata to all future incidents created for your monitor, heartbeat, or integration:

• Go to configuration for your monitor, heartbeat, or integration.
• Scroll to the bottom of the page.
• Click the Metadata section.
• Add any number of key-value pairs.

Automatically collected metadata

We automatically save relevant metadata for every incident created using integrations. Each integration has different metadata available. We save alert name, alert priority, tags, labels, and other information depending on the type of integration.

For example, for Prometheus integrations, we save the alert name, all labels, and all annotations as metadata.

groups:
  - name: payments-app
    rules:
      - alert: PaymentsAppDown
        expr: up{app=“payments”} == 0
        for: 1m
        labels:
          severity: high
        annotations:
          summary: 'Payments app is down'

Incidents created for the Prometheus alert above will have the following metadata:

• alert: PaymentsAppDown.
• severity: high.
• app: payments.
• summary: Payments app is down.

Missing metadata for your integration?

Let us know at hello@betterstack.com.

Incoming webhooks & e-mail integrations

Extract any metadata from body, headers, or query parameters for your incoming webhook integrations. Similarly, with e-mail integrations, you can extract metadata from e-mail body, subject, and from field.

• Go to Integrations → your integration.
• Find 1. Creating incidents → Extract the following data.
• Click + Extract metadata button.
• Choose which metadata to extract and how it should be parsed and matched.

Use metadata in escalation policies

Route incidents based on metadata. Customize notifications based on incident severity or notify different people based on ownership.

Navigate to any of your Escalation policies:

• Click + Metadata rule.
• Fill out metadata field and values to match.
• Select Team or Escalation policy to escalate to.

Usually, you will need to create multiple escalation policies. See examples below to see how to route incidents based on severity or ownership.

Escalate incidents based on severity

Use severity metadata to handle important incidents with urgency.

For example, send an email for incidents with low severity and call the on-call person immediately for important incidents:

Escalate incidents based on ownership

Use app metadata to route the incident to the responsible person.

For example, use a separate escalation policy for payments app and notify the main on-call person for any other incident:

Incidents that match none of your Metadata rules will propagate to the end of the escalation policy. Notifying current on-call person at the end of your escalation policies is a great way to make sure no important incidents get lost.

Use metadata on status page

Use metadata to control if resources automatically show up as down, degraded or stay unaffected. Choose how each status page resource is displayed based on incident metadata.

Navigate to any of your Status pages:

• Go to Structure tab -> Any resource -> Advanced settings.
• Configure Mark as down for and Mark as degraded for.

See example below for common status page metadata setups.

Mark status page resources as down only for critical incidents

Use Severity metadata to automatically mark status page resources as down for high severity and critical incidents. Status page resource will be marked as degraded for all non-critical incidents.

Catalog

Supercharge your metadata with Catalog. Capture relationships between incidents services and responsible teams. Map incoming incidents to affected services based on tags and payload details.

Use catalog metadata to escalate incidents based on severity and ownership. Filter using metadata in reporting.

Create your first catalog relation

Catalog relation captures a relationship between data in your incident management and allows you to automatically enrich your incidents with said business data.

Let's walk though an example on how to map incoming alert names to severities that can be later used for escalating incidents.

Navigate to Catalog:

• Click Create relation.
• Fill out Alert name -> Severity.
• Under Primary attributes select Alert name or another metadata key that is detected on your incoming incidents.
• Below Added metadata add and type in Severity.
• Click Create relation.

Now, we'll need to add specific Alert names and choose appropriate Severity for each one:

• Click the first table cell under Alert name.
• Select from values detected on your incidents or type in an alert name.
• Type high into Severity table cell.

Continue adding Alert name values you expect to see on incoming incidents.

With this catalog setup, any incoming incident with Alert name matching one of our catalog rows will get automatically added Severity metadata. Use the metadata in escalation policies, in reporting, or anywhere else across the Better Stack platform.