Severity and state mappings for Elastic Observability
Alert priority and resolution state mapping between Elastic Observability and Incident Response.
Elastic Observability alert priority mapping
Elastic Observability’s alert priority is based on one field in the payload.
The field of interest is actionGroupName.
| Elastic Observability payload field | Elastic Observability payload value | Incident Response alert priority value |
|---|---|---|
| actionGroupName | Fired | P4-Low |
| Alert | P3-Moderate | |
| Warning | P3-Moderate | |
| Threshold met | P3-Moderate | |
| Uptime Down Monitor | P2-Major | |
| Uptime TLS Alert | P3-Moderate | |
| Uptime TLS Alert (Legacy) | P3-Moderate | |
| Default | P4-Low | |
| Severity | critical | P1-Critical |
| major | P2-Major | |
| minor | P4-Moderate | |
| warning | P4-Low |
Elastic Observability resolution state mapping
The field of interest is actionGroupName.
| Elastic Observability payload field | Elastic Observability payload value | Incident Response alert resolution state value |
|---|---|---|
| actionGroupName | Recovered | Closed |
Values other than Recovered |
New |
Note: If you require any other severity and state mappings, use the
Generic webhook integration.