Alert Rules API
The Alert Rules API allows you to create, manage, and configure dynamic alert rules that are evaluated against real-time metrics using the Drools rule engine.
Create Rule
Create a new alert rule.
Endpoint
POST /api/v1/rulesRequest Body
{
"name": "string (required, unique)",
"description": "string (optional)",
"ruleType": "enum (required)",
"ruleConfig": {
"key": "value"
},
"severity": "enum (required)",
"priority": "integer (optional, default: 0)",
"notificationChannels": ["string"],
"notificationConfig": {
"key": "value"
},
"suppressionWindowMinutes": "integer (optional, default: 30)",
"maxAlertsPerHour": "integer (optional, default: 10)",
"createdBy": "string (optional)"
}Field Descriptions
| Field | Type | Required | Description |
|---|---|---|---|
| name | string | Yes | Unique rule name |
| description | string | No | Human-readable description |
| ruleType | enum | Yes | Type of rule (see Rule Types below) |
| ruleConfig | object | Yes | Rule-specific configuration |
| severity | enum | Yes | Alert severity: LOW, MEDIUM, HIGH, CRITICAL |
| priority | integer | No | Execution priority (higher = first). Default: 0 |
| notificationChannels | string[] | No | Channels for notifications |
| notificationConfig | object | No | Channel-specific configuration |
| suppressionWindowMinutes | integer | No | Minimum time between alerts. Default: 30 |
| maxAlertsPerHour | integer | No | Maximum alerts per hour. Default: 10 |
| createdBy | string | No | User who created the rule |
Rule Types
Current implementation supports the following rule types:
THRESHOLD- Trigger when metric exceeds/falls below thresholdRATE_CHANGE- Trigger on rate of changeANOMALY- Anomaly detection (planned)PATTERN- Pattern matching (planned)
Example Request
curl -X POST http://localhost:8080/api/v1/rules \
-H "Content-Type: application/json" \
-d '{
"name": "High Error Rate Alert",
"description": "Alert when error rate exceeds 5% over 5 minutes",
"ruleType": "THRESHOLD",
"ruleConfig": {
"metric": "errorRate",
"operator": "GREATER_THAN",
"threshold": 5.0,
"windowMinutes": 5
},
"severity": "CRITICAL",
"priority": 1,
"notificationChannels": ["email", "slack"],
"suppressionWindowMinutes": 15,
"maxAlertsPerHour": 4
}'Success Response
Status Code: 201 Created
{
"id": 1,
"name": "High Error Rate Alert",
"description": "Alert when error rate exceeds 5% over 5 minutes",
"ruleType": "THRESHOLD",
"status": "ACTIVE",
"ruleConfig": {
"metric": "errorRate",
"operator": "GREATER_THAN",
"threshold": 5.0,
"windowMinutes": 5
},
"generatedDrl": "rule \"High Error Rate Alert\"...",
"drlHash": "abc123def456",
"severity": "CRITICAL",
"priority": 1,
"notificationChannels": ["email", "slack"],
"notificationConfig": null,
"suppressionWindowMinutes": 15,
"maxAlertsPerHour": 4,
"createdBy": null,
"createdAt": "2026-01-12T10:30:45",
"updatedAt": "2026-01-12T10:30:45",
"lastTriggeredAt": null,
"triggerCount": 0,
"version": 1
}Get All Rules
Retrieve all alert rules.
Endpoint
GET /api/v1/rulesExample Request
curl "http://localhost:8080/api/v1/rules"Success Response
Status Code: 200 OK
Returns an array of rule objects (same structure as Create Rule response).
Get Rule by ID
Retrieve a specific rule.
Endpoint
GET /api/v1/rules/{id}Path Parameters
| Parameter | Type | Description |
|---|---|---|
| id | integer | Rule ID |
Example Request
curl "http://localhost:8080/api/v1/rules/1"Success Response
Same structure as Create Rule response.
Update Rule
Update an existing rule.
Endpoint
PUT /api/v1/rules/{id}Path Parameters
| Parameter | Type | Description |
|---|---|---|
| id | integer | Rule ID |
Request Body
Same as Create Rule, but all fields are optional.
Example Request
curl -X PUT http://localhost:8080/api/v1/rules/1 \
-H "Content-Type: application/json" \
-d '{
"description": "Updated description",
"suppressionWindowMinutes": 20
}'Success Response
Status Code: 200 OK
Returns updated rule object.
Delete Rule
Delete a rule.
Endpoint
DELETE /api/v1/rules/{id}Example Request
curl -X DELETE "http://localhost:8080/api/v1/rules/1"Success Response
Status Code: 204 No Content
Enable Rule
Activate a rule for evaluation.
Endpoint
POST /api/v1/rules/{id}/enableExample Request
curl -X POST "http://localhost:8080/api/v1/rules/1/enable"Success Response
Status Code: 200 OK
Returns rule object with status: "ACTIVE".
Disable Rule
Temporarily disable a rule without deleting it.
Endpoint
POST /api/v1/rules/{id}/disableExample Request
curl -X POST "http://localhost:8080/api/v1/rules/1/disable"Success Response
Status Code: 200 OK
Returns rule object with status: "PAUSED".
Archive Rule
Archive a rule for historical reference.
Endpoint
POST /api/v1/rules/{id}/archiveExample Request
curl -X POST "http://localhost:8080/api/v1/rules/1/archive"Success Response
Status Code: 200 OK
Returns rule object with status: "ARCHIVED".
Get Active Rules
Retrieve only active rules.
Endpoint
GET /api/v1/rules/activeExample Request
curl "http://localhost:8080/api/v1/rules/active"Success Response
Returns array of active rules only.
Get Rules by Type
Filter rules by type.
Endpoint
GET /api/v1/rules/type/{type}Path Parameters
| Parameter | Type | Description |
|---|---|---|
| type | enum | Rule type: THRESHOLD, RATE_CHANGE, ANOMALY, PATTERN |
Example Request
curl "http://localhost:8080/api/v1/rules/type/THRESHOLD"Get Rules by Status
Filter rules by status.
Endpoint
GET /api/v1/rules/status/{status}Path Parameters
| Parameter | Type | Description |
|---|---|---|
| status | enum | ACTIVE, PAUSED, ARCHIVED |
Example Request
curl "http://localhost:8080/api/v1/rules/status/ACTIVE"Search Rules
Search rules by name or description.
Endpoint
GET /api/v1/rules/search?q={searchTerm}Query Parameters
| Parameter | Type | Description |
|---|---|---|
| q | string | Search term |
Example Request
curl "http://localhost:8080/api/v1/rules/search?q=error"Get Most Triggered Rules
Retrieve rules sorted by trigger count.
Endpoint
GET /api/v1/rules/top-triggeredExample Request
curl "http://localhost:8080/api/v1/rules/top-triggered"Get Rule Statistics
Get aggregate statistics about rules.
Endpoint
GET /api/v1/rules/statisticsExample Request
curl "http://localhost:8080/api/v1/rules/statistics"Success Response
Status Code: 200 OK
{
"totalRules": 25,
"activeRules": 18
}Regenerate DRLs
Regenerate Drools DRL for all rules (maintenance endpoint).
Endpoint
POST /api/v1/rules/regenerate-drlsExample Request
curl -X POST "http://localhost:8080/api/v1/rules/regenerate-drls"Success Response
Status Code: 200 OK
{
"message": "DRL regenerated successfully",
"rulesUpdated": 25
}Rule Statuses
| Status | Description |
|---|---|
| ACTIVE | Rule is enabled and being evaluated |
| PAUSED | Rule temporarily disabled |
| ARCHIVED | Rule archived for historical reference |
Alert Severities
| Severity | Description |
|---|---|
| LOW | Informational alerts |
| MEDIUM | Moderate importance |
| HIGH | Important issues requiring attention |
| CRITICAL | Critical issues requiring immediate action |
Best Practices
- Unique Names: Use descriptive, unique names for rules
- Suppression Windows: Set appropriate suppression to avoid alert fatigue
- Max Alerts: Limit hourly alerts to prevent flooding
- Priority: Higher priority rules execute first
- Testing: Test rules before enabling (see Rule Testing API)
- Monitoring: Review trigger counts and adjust thresholds
Last updated on