If an engineer’s first instinct when their pager goes off is to mute it and go back to sleep, your entire observability stack has failed its primary purpose.

Situation

As teams migrate from monolithic infrastructure to microservices and cloud databases, they tend to over-monitor. They instrument every container, queue, and database instance, and map an alert to every available metric. In theory, this provides comprehensive coverage. In reality, it creates a crushing wave of noise.

Alert fatigue is the silent killer of engineering culture. When a platform team receives 500 alerts in a week, the human brain stops processing them as signals and starts treating them as background static. This leads to the most dangerous state in systems engineering: a legitimate, catastrophic failure alert is ignored because it looks exactly like the 499 false positives that preceded it.

The Problem

The root of alert fatigue is a misunderstanding of what an alert is. A dashboard is meant for exploration and context. An alert is meant to demand immediate human action.

Most teams configure “informational alerts”—pages that fire to tell an engineer that a queue is slightly full, or that CPU is running a bit hot, even though no user impact is occurring and no action is required. These informational pages dilute the urgency of the alerting system. Furthermore, alerts are often created without clear ownership or runbooks, leaving the paged engineer guessing what they are supposed to do to mitigate the issue.

Actionable Alert Engineering

A mature observability system treats every alert as a formal contract between the system and the engineer. Every alert must strictly adhere to the following framework:

  1. Owner: The team responsible for maintaining the alert and resolving the underlying issue.
  2. Impact: The specific business or user impact (e.g., “Checkout service is failing”).
  3. Severity: The urgency of the response (e.g., SEV1 means immediate page, SEV3 means Slack notification during business hours).
  4. Runbook: A direct link to the exact steps required to triage and mitigate the issue.
  5. Threshold Rationale: A documented explanation of why the threshold is set where it is.
  6. Suppression Logic: Rules that silence the alert during known maintenance windows or downstream outages.

In Practice

The documented pattern for surviving alert fatigue involves aggressive alert bankruptcy and continuous pruning.

Context: Google’s Site Reliability Engineering book describes alert fatigue as a direct consequence of alerts that require no human action, documenting the principle that every page must be actionable and that systems should not generate pages the engineer can resolve by doing nothing (Google SRE Book: Practical Alerting from Time-Series Data). The SRE book states: “if humans are required to read an email or message more than twice a week to determine whether action is needed, that’s a symptom of a monitoring problem.”

Action: The documented operational practice is to review pager history and delete any alert that was consistently acknowledged and resolved without engineer action. Evaluating alerts over a rolling window — “condition must be true for 5 consecutive minutes” — rather than triggering on a single anomalous data point absorbs the transient spikes that account for the majority of false-positive pages in high-cardinality database environments.

Result: The same SRE principles recommend a regular alert review cadence — sometimes called “alert bankruptcy” — where the team asks: if we deleted this alert and something bad happened, would we catch it through another signal? If yes, the alert is noise.

Learning: An alert that auto-resolves before the engineer logs in should never have paged. Delay-based evaluation (sustained condition, not instantaneous breach) is the mechanical fix; runbook discipline is the organizational fix.

Where It Breaks

Implementing strict alert governance comes with organizational friction:

ApproachAdvantageDisadvantageFailure Mode
Broad Infrastructure AlertsEasy to set up; catches any anomaly on any host.Generates massive noise; low correlation to user pain.Engineers ignore the pager, missing real outages.
Strict SLO/User-Impact AlertsExtremely high signal-to-noise ratio; pages only when users suffer.Requires deep instrumentation of the application stack.A database fills its disk silently until it hard-crashes, causing a massive outage.

What to Do Next

  • Problem: Alert fatigue is not a volume problem — it’s a contract problem. Alerts that fire without a clear required action train engineers to ignore pages, making the one alert that matters indistinguishable from the noise.
  • Solution: Require every alert to pass an actionability review before deployment: who owns it, what specific runbook step executes when it fires, what threshold justification exists — alerts failing this review are rejected, not tuned.
  • Proof: Identify your top-firing alert from the past month, delete it, and monitor for two weeks — if no business impact occurs, it was noise. If impact occurs, the condition should have been caught upstream by an SLO-based alert, not this threshold.
  • Action: Run a pager review meeting this week. For every alert that fired and was resolved without action, either delete it or document why it deserved a page. The goal is to cut weekly alert volume by at least 50% before the next on-call rotation.