--- title: "Improve your application monitoring by reducing overhead of managing and updating alert rules" page_name: "Improve your application monitoring by reducing overhead of managing and updating alert rules" type: "blog" slug: "reducing-alert-fatigue-grouping-customization" published_at: "2022-09-13" modified_at: "2025-06-17" url: "https://www.sumologic.com/blog/reducing-alert-fatigue-grouping-customization" canonical: "https://www.sumologic.com/blog/reducing-alert-fatigue-grouping-customization" markdown_url: "https://www.sumologic.com/blog/reducing-alert-fatigue-grouping-customization.md" lang: "en" excerpt: "Efficiently monitoring modern applications stacks to get notified about production issues is hard and complex. Improve alerting and managing as your applications grow." taxonomy_blog_category: - "Application Observability" --- [ All blogs ](https://www.sumologic.com/blog "blog")[Application Observability](https://www.sumologic.com/blog/application-observability) # Improve your application monitoring by reducing overhead of managing and updating alert rules [Michael Baldani](#blog-author-block-212)[Angad Singh](#blog-author-block-37) September 13, 2022 3 min read [Application Observability](https://www.sumologic.com/blog/application-observability) ##### Table of contents Just about every organization today relies on key applications running on complex multi-cloud environments to transact business and enable users to work. It is critical to ensure that those applications are running optimally. A solid monitoring and alerting system is required to know when an issue needs attention. But having a robust monitoring system is not enough. For complex large-scale distributed applications, you also need an easy and effective way to manage and update your monitoring definitions as your applications are ever evolving with each code change and Git commit. To better relate to this overhead of managing the monitoring system, let’s imagine you are running a distributed web application with just 20 microservices. You need to monitor each of the 20 microservices, so you set up some alert monitors. To keep things simple and reduce alert fatigue you decide to only monitor the four golden metrics: Latency, Error, Traffic & Saturation. You now have 80 alert definitions that you need to manage (20 microservices \* 4 alerts per service). Let’s say that you decided to change your boilerplate instrumentation to add or remove some attributes. That change will require you to update all 80 monitor definitions, as there is an underlying change to the data. This is a lot of work. This overhead in managing the monitoring definitions as applications evolve is a serious pain point that every organization that has alerting in place faces. Sumo Logic addresses this problem for our customers. We want to reduce this management overhead as much as possible. One of the ways to do it is by reducing the number of monitor definitions that users have to create. What if users in the above example created only four monitor definitions to track the four golden metrics instead of configuring one per microservice? That would significantly reduce the management overhead. This is exactly what our new alert grouping feature does. ### Alert grouping This feature allows flexibility in how alerts and notifications are generated from a monitor. There are cases when you would like a monitor to create and resolve more than one alert based on specific conditions. For example, in the above example, you want to monitor the error rate for all microservices, and you want to get an alert for each service separately that breaches a specific error threshold. With alert grouping, you can create one single monitor that does this instead of creating multiple monitors for each service. Monitors allow users to specify a grouping condition based on a specific field/(s). Each unique value of the field/(s) will be evaluated against the alerting and resolution conditions, and if it meets the threshold, an alert will be fired and resolved, respectively. For the example mentioned above, service is the grouping condition, and each service will generate a separate alert if that service meets the alert requirement. You can set up alert grouping for both metrics and logs-based monitors. In addition to the alert grouping feature above, we’ve released several new capabilities and improvements for alerts to help you find and resolve issues quickly. ### Configurable auto resolution We’re extending the flexibility to configure alert auto resolution by enabling a couple of other parameters to help you create more stable alerts. 1. Users can specify whether a single data point (at any time) is sufficient or if all the data points (at all times) within the detection window should be analyzed for recovering an alert. This gives you more flexibility in defining how alerts get resolved automatically after the underlying issue is corrected. 2. Users can specify a time period of normal activity that will resolve the alert. This helps you avoid alert flapping by letting you wait for an appropriate amount of time before resolving the alert. ### Customizable alert names We are now allowing the monitor author to customize the alert’s name in the notification and also on the Alert Response page. This is important in many circumstances, especially when you have configured multiple alerts from the same monitor and want a unique name for each alert to make it easily distinguishable during troubleshooting. You can customize the name of the alert using free text and other template variables, as shown in the screenshot below ### Highlighted alert query row With Metrics Monitors that have multiple query rows, it is confusing for users to know which row is used for alerting. To improve usability, we now highlight the query row that triggers the alert on the monitor creation model. ### Cloud SOAR connection availability We are launching a new Cloud SOAR connection capability that allows users to create an incident in Sumo Logic SOAR directly from a scheduled search. To learn more about Sumo Logic’s alerting capabilities, you can watch Angad Singh’s session on alert response from Illuminate 2022. If you don’t enjoy videos or events, you can [read more about application modernization](https://www.sumologic.com/solutions/application-modernization/). ### Article Tags - [Application Observability](https://www.sumologic.com/blog/application-observability) Michael Baldani Senior Product Marketing Manager Mike Baldani is a senior product marketing manager for Observability at Sumo Logic. He has spent the last 20 years marketing software and SaaS solutions that help developers and SREs overcome the challenges they face in their daily roles. Angad Singh Product Manager As a Product Manager at Sumo Logic, Angad Singh is focused on building product capabilities that allow organizations to leverage machine data to help them make better business decisions. Having completed his Microsoft Certified Professional (MCP) training at age 14, Angad developed a passion for technology at a very early age. After receiving a formal degree in computer engineering and earning his masters from MIT, he’s worked with various organizations to help them build software products and most recently, has developed an interest in data analytics. [](https://www.sumologic.com/feed "RSS Feed")[](https://twitter.com/intent/tweet?text=Improve%20your%20application%20monitoring%20by%20reducing%20overhead%20of%20managing%20and%20updating%20alert%20rules&url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Freducing-alert-fatigue-grouping-customization "X")[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Freducing-alert-fatigue-grouping-customization "Facebook")[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Freducing-alert-fatigue-grouping-customization "Linkedin") [Previous blog SOAR Market Guide 2022: What does the Gartner research say?](https://www.sumologic.com/blog/soar-market-guide-2022-what-does-the-gartner-research-say)[Next blog FedRAMP: The journey to cloud secure operations](https://www.sumologic.com/blog/fedramp-authorization-you-should-know) People who read this also enjoyed [ Observability is security (We just pretended it wasn’t) April 28, 2026 ](https://www.sumologic.com/blog/observability-is-security)[ Get more out of Sumo Logic: five log search hacks you’ll actually use June 18, 2025 ](https://www.sumologic.com/blog/five-log-search-hacks)[ How to create and monitor an AWS Lambda function in Java 11 April 15, 2025 ](https://www.sumologic.com/blog/how-to-write-aws-lambda-function-in-java8)[ Elastic vs Sumo Logic: Build vs buy the right logging platform December 10, 2024 ](https://www.sumologic.com/blog/elastic-sumo-logic-build-or-buy) [AI Instructions](https://www.sumologic.com/ai-instructions.md)