Alert Ingestion
Receive alerts from Prometheus, Datadog, CloudWatch, and other monitoring tools directly in BlameTrail.
Alert Ingestion
The alert ingestion integration receives webhook notifications from your existing alerting tools and automatically creates, correlates, and resolves incidents in BlameTrail. Alerts from multiple providers are normalized into a common format, deduplicated by fingerprint, and correlated to your services.
Supported providers
| Provider | Webhook Format | Signature Verification |
|---|---|---|
| Prometheus / AlertManager | AlertManager webhook payload | No |
| Datadog | Datadog webhook payload | Optional HMAC-SHA256 |
| AWS CloudWatch | SNS notification (with auto-confirmation) | No |
| Generic | Simple JSON payload | No |
How it works
- Create a token — Generate an alert ingest token in Settings > Integrations > Alert Ingestion. One token works across all provider endpoints.
- Configure your alerting tool — Point your provider's webhook URL to the appropriate BlameTrail endpoint and include the token in the
X-Alert-Tokenheader. - Alerts flow in — BlameTrail receives alerts, normalizes them, deduplicates by fingerprint, and creates or correlates incidents automatically.
- Auto-resolution — When a resolve event arrives (or after 24 hours of silence), the associated incident is automatically resolved.
Endpoints
All endpoints accept POST requests at https://blametrail.com/api/alerts/ingest/<provider>:
| Provider | Endpoint |
|---|---|
| Prometheus / AlertManager | /api/alerts/ingest/prometheus |
| Datadog | /api/alerts/ingest/datadog |
| AWS CloudWatch | /api/alerts/ingest/cloudwatch |
| Generic | /api/alerts/ingest/generic |
Incident creation rules
Not every alert immediately creates an incident. BlameTrail uses severity-based thresholds to reduce noise:
| Severity | Incident created |
|---|---|
| Critical or Error | Immediately on first alert |
| Warning | On the second occurrence |
| Info | After 3 occurrences |
If an open incident already exists for the same service, new alerts are correlated to it rather than creating duplicates. Severity is automatically escalated (never downgraded) when more severe alerts arrive.
Plan limits
| Feature | Free | Starter | Pro |
|---|---|---|---|
| Ingest tokens | 0 | 5 | 25 |
| Rate limit | — | 300/min | 1,000/min |
| Alert replay | No | Yes | Yes |