# Threshold Alert Escalation Normally, an alert is triggered whenever the threshold is breached. In cases where system metrics produce one-time spikes, even though there is no actual system impact, this can result in false alarms. To improve alert accuracy and reduce false positives: * The threshold override can be updated to generate alerts only if the issue persists. * An escalation rule can be configured to trigger a Critical Alert only when the alert count exceeds a defined value within a specific time window. [Thresholds](https://docs.itconductor.com/user-guide/notifications/threshold-overrides) in IT-Conductor have dedicated escalation configurations that allow for complex rule definitions, such as considering prior values, frequency, and persistence of conditions. This flexibility makes it possible to: * Differentiate between one-off and recurring issues. * Ensure only sustained problems trigger escalations. #### What are escalation rules in IT-Conductor? Escalation rules define how alerts progress in severity and priority while a warning or alarm condition persists. When the threshold override **Escalate Alerts** checkbox is enabled: * The Escalation Rules tool becomes visible in the threshold override toolbar. * Defined escalation rules are applied as long as the warning or alarm condition persists. * These rules determine how alerts are generated, determining alert escalation level and priority. {% hint style="info" %} **Note:** * Alerts with Priority ≥ High and Escalation Level > 0 are not auto-resolved. * Escalation attributes influence notification priority and incident workflow. * [Subscriptions](https://docs.itconductor.com/user-guide/notifications/subscriptions) can target a certain level of alert escalation, preventing notifications on alerts with a lower level of escalation. {% endhint %} #### Use Case: PagerDuty Integration In many IT operations environments, IT-Conductor alerts are integrated with [PagerDuty](https://docs.itconductor.com/user-guide/notifications/integration-providers/pagerduty) to manage on-call notifications. **Scenario** PagerDuty is configured to trigger a call to the SAP Basis team whenever an alert is raised in production systems. **Expectations** * The team wants to be notified only when a critical production issue persists. * A one-time occurrence should raise only a Warning Alert, not a Critical Alert or PagerDuty incident. **Solution** With IT-Conductor’s escalation rules capability: * A Warning Alert is generated for one-time events. * A Critical Alert (which triggers PagerDuty) is only raised if the issue repeats multiple times over a set duration. ### Configure Threshold Alert Escalation To configure threshold alert escalation, start by enabling the *Escalation Rules* tool, then create a new escalation rule. #### Enable Escalation Rules 1. Navigate to the service grid and select the metric to configure with a threshold alert escalation. Click

**Threshold Overrides**, then select

**Overrides**.

2. Select the threshold override you want to modify, click

**Threshold Default Settings**, then select

**Modify.**

3. Tick the **Escalate** checkbox, then click

**Save** to enable escalation rules.

Once enabled,

**Escalation Rules** will appear in the threshold toolbar. {% hint style="info" %} **Note:** Make sure to define the threshold **Warning Value**, and select the desired option in the **Alert On** dropdown menu. See [Alerts](https://docs.itconductor.com/user-guide/notifications/alerts) for more information. {% endhint %} #### Create New Threshold Alert Escalation Rule 1. Click

**Escalation Rules** to access the list of existing escalation rules.

2. Click

**Create New Object** to start adding a new escalation rule.

3. Fill out all the necessary information in the **Create Threshold Alert Escalation** wizard. Once completed, click

to save the configuration.

Figure 6: Create Threshold Alert Escalation Wizard

* **Description** – refers to a short description for the escalation rule. * **Level** – refers to the escalation level applied when the rule is triggered. * **Intervals** – refers to the look-back aggregation interval count used for monitoring alert conditions. * **Alert Count** – refers to the number of alerts within the defined look-back interval that will trigger escalation. * **Escalation Priority** – refers to the priority assigned to the escalation alert. * **Escalate Severity** – refers to the severity level set for the escalation alert. * **Escalation Message** – refers to the message content displayed when an escalation alert is generated. Once created, the **Escalation Rule** is applied to the associated monitor. {% hint style="info" %} **Best Practices:** * Review escalation thresholds periodically based on alert trends or environmental patterns. * Use historical alert data to fine-tune frequency count, time interval, and escalation priority. * Document and communicate escalation logic with both monitoring and incident response teams. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.itconductor.com/user-guide/notifications/threshold-overrides/threshold-alert-escalation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.