Severity levels
How critical, high, medium, low, and info are defined and used to route notifications
Severity levels
Every analysis result has a severity, assigned by the AI based on
the impact and urgency it infers from the logs and your project context.
Severity drives notification routing and feature gating (e.g. auto-trigger
analysis from a support desk only on high or above).
| Level | Meaning | Examples |
|---|---|---|
critical | Total or near-total outage; revenue impact; security breach | Login completely down, checkout fully broken, data exposure |
high | Major functionality degraded; significant user impact | 30% of users seeing errors, payment provider returning 5xx |
medium | Localized degradation; some users affected | One feature broken for a subset, slow but recoverable |
low | Minor or transient; mostly informational | Single user error, brief blip |
info | No incident, just an analysis run for visibility | Routine smoke tests, scheduled diagnostics |
How severity is assigned
The AI considers:
- Volume of error events (single error vs flood)
- Service centrality (auth/checkout > internal admin tool)
- Error types (5xx vs 4xx, timeouts vs validation errors)
- User impact signals in your project context (e.g. "Critical paths: /checkout, /api/webhooks/stripe" tells the AI those services warrant higher severity)
- The error's spread across services
You can override severity manually by re-running an analysis with a more specific description, or by adding the right context to your project's AI analysis context.
How severity drives notifications
Each notification channel has a severity threshold. The channel fires only for analyses at or above that threshold.
Example routing:
| Channel | Threshold | Result |
|---|---|---|
#oncall-critical (Slack) | critical | Only fires for critical |
#incidents (Slack) | high | Fires for high and critical |
#engineering (Slack) | medium | Fires for medium, high, and critical |
oncall@company.com | low | Fires for low and above |
There's also a tenant default severity — applied to channels that don't override it — and per-user preferences like "notify me only for analyses I personally triggered". See Notification Channels and Severity thresholds.
How severity drives auto-triggers
In Watchdog rules and Support desk auto-analysis, severity is the gating signal:
- Watchdog can
notify_only(alert without analysis) orauto_analyze(run a full analysis) depending on the rule type - Support desk can
auto_analyzeonly for tickets the triage classifier flagged at or above a configured severity (default:high)