The Runbook-Attached Alert Pattern

Every alert links to a runbook. Without it, the alert is a ping with no action. The pattern, the enforcement, and the runbook gaps it surfaces.

The rule

Every alert configuration has a runbook URL field. Missing field: the alert cannot be saved.

Runbook URL must resolve. CI checks; broken links fail.

On-call sees the runbook link in every page. One click; not a search.

Gaps the rule surfaces

Alerts that exist without a clear playbook. The rule forces the team to write one or remove the alert.

Runbooks that are vague or out of date. When linked from a real alert, they get fixed.

Alerts that are duplicates of others. The runbook overlap reveals the duplication.

The trade

Effort to write the runbook. 30-60 minutes per alert; pays back the first time the on-call uses it.

Resistance to creating new alerts. Friction is correct; alerts without runbooks were always low-value.

Smaller alert pool. The team converges on alerts that are real and actionable.