Prometheus / Alertmanager

Fluidify Regen receives alerts from Prometheus Alertmanager via webhook. When an alert fires, Regen creates an incident, opens a Slack channel, and starts the timeline.

Webhook URL

POST https://your-domain.com/api/v1/webhooks/prometheus

No authentication token is required. Security relies on keeping the URL private and network-level access controls.

Alertmanager configuration

Add a receiver to your alertmanager.yml:

receivers:
  - name: fluidify-regen
    webhook_configs:
      - url: 'http://localhost:8080/api/v1/webhooks/prometheus'
        send_resolved: true

Then add it to a route:

route:
  group_by: ['alertname', 'severity']
  group_wait: 30s
  group_interval: 5m
  repeat_interval: 4h
  receiver: fluidify-regen
  routes:
    - matchers:
        - severity =~ "critical|warning"
      receiver: fluidify-regen

Reload Alertmanager after saving:

curl -X POST http://localhost:9093/-/reload

How alert fields map to Regen

Alertmanager field	Regen field	Notes
`labels.alertname`	Title	—
`annotations.summary`	Description	Falls back to `annotations.description`
`labels.severity`	Severity	`critical`, `warning`, `info` — defaults to `warning` if missing
`status`	Status	`firing` → active alert, `resolved` → auto-resolves
`fingerprint`	ExternalID	Used for deduplication across fire/resolve cycles
All `labels`	Labels	Stored and searchable
All `annotations`	Annotations	Stored and searchable

Example payload

This is what Alertmanager sends to Regen:

{
  "version": "4",
  "groupKey": "{}:{alertname=\"HighErrorRate\"}",
  "status": "firing",
  "receiver": "fluidify-regen",
  "alerts": [
    {
      "status": "firing",
      "labels": {
        "alertname": "HighErrorRate",
        "severity": "critical",
        "service": "payments-api",
        "env": "production"
      },
      "annotations": {
        "summary": "Error rate above 5% for payments-api",
        "description": "Current error rate: 8.3%"
      },
      "startsAt": "2024-01-15T10:30:00Z",
      "endsAt": "0001-01-01T00:00:00Z",
      "generatorURL": "http://prometheus:9090/graph?...",
      "fingerprint": "a1b2c3d4e5f6a7b8"
    }
  ]
}

Deduplication

Regen uses the fingerprint field to deduplicate. If the same alert fires multiple times before resolving, Regen updates the existing alert rather than creating a new incident.

When Alertmanager sends status: resolved, Regen:

Marks the alert as resolved
If all linked alerts are resolved, suggests resolving the incident (timeline entry added)

Severity mapping

Alertmanager `severity` label	Regen severity
`critical`	Critical
`warning`	Warning / Medium
`info` or `low`	Info / Low
(anything else)	Warning (default)

Incident auto-creation

By default, alerts with severity critical or warning automatically create an incident. You can configure this under Settings → Routing Rules.