Alerts

Create alert rules that fire when your logs match specific conditions — and deliver notifications to Slack, Discord, email, or any webhook.

What you’ll need

• At least one project with events flowing in
• A webhook URL (e.g. Slack incoming webhook) or email address for notifications

Step 1: Navigate to Alerts

Click Alerts in the left sidebar. You’ll see a list of your alert rules (empty if you haven’t created any yet).

Step 2: Create an alert rule

Click New Alert in the top right. The alert creation form has these fields:

Condition:

• Field — which log field to watch: level, type, service, environment, or device_type
• Value — the value to match, e.g. error, crash, payment-service
• Threshold — how many matching events must occur before the alert fires (e.g. 5 events)
• Window — the time window to count events in (e.g. 5 minutes)

Delivery:

• Webhook URL — a URL to POST the alert payload to (Slack, Discord, PagerDuty, etc.)
• Email — an email address to send the notification to

Cooldown:

• Cooldown minutes — minimum time between repeated firings of this alert (prevents spam)

Step 3: Configure a Slack notification

If you’re using Slack, create an incoming webhook in your Slack workspace:

1. Go to your Slack workspace → Settings → Apps → Incoming Webhooks
2. Add a new webhook and choose the channel
3. Copy the webhook URL (starts with https://hooks.slack.com/)
4. Paste it into the Webhook URL field in ScryWatch

Tip: The alert payload is sent as a JSON POST. Most webhook-compatible tools (Discord, Teams, PagerDuty, Opsgenie) accept this format with a custom URL.

Step 4: Set a meaningful threshold

Avoid setting thresholds too low — a threshold of 1 error event will fire constantly on any active system.

Good starting points:

• Error spike: level=error, threshold=10, window=5 minutes
• Crash detection: type=crash, threshold=1, window=1 minute (crashes are always urgent)
• Service degradation: service=payment-api, level=error, threshold=5, window=5 minutes

Step 5: Enable and test the alert

After saving, the alert is enabled by default. Toggle it off using the Enable/Disable switch if you want to pause it without deleting it.

To test: trigger enough matching events (e.g. send 10 error-level events in 5 minutes via the ingest API) and watch for the webhook notification.

Note: The cron that checks alert conditions runs every minute. There may be up to 60 seconds of delay between events arriving and an alert firing.

Step 6: View alert history

Click History on any alert rule to see a log of every time that alert fired — including the event count, timestamp, and whether the webhook delivery succeeded.

If your webhook returns a non-2xx response, the delivery will be marked as failed in the history.

You’re done

You now know how to:

• Create an alert rule with a condition, threshold, and delivery method
• Configure Slack (or any webhook) notifications
• Set appropriate thresholds to avoid alert fatigue
• View the alert firing history

Related docs

Full alert API reference — create, list, update, and delete alert rules programmatically.