The Problem Grafana Doesn't Solve
Grafana's alerting is solid. You can define thresholds, set evaluation intervals, and configure contact points that fire off emails, Slack messages, or webhooks when something goes wrong. You can even configure repeated notifications so the alert keeps firing if it stays in a firing state.
What Grafana cannot do is escalate. If your on-call engineer misses the 2 AM page and doesn't acknowledge it within ten minutes, Grafana has no mechanism to wake up their manager. It will keep sending the same notification to the same contact point until the alert resolves or someone turns it off. That gap — the one between "alert fired" and "someone actually responded" — is where incidents quietly expand into outages.
This guide shows you how to close that gap by routing Grafana alerts into Alert24, which handles the escalation logic your team actually needs.
How the Integration Works
The architecture is straightforward. Grafana treats Alert24 as a webhook contact point. When an alert fires, Grafana sends an HTTP POST to an Alert24 webhook URL. Alert24 receives that payload, creates an incident, and immediately starts working through your escalation policy — paging your primary on-call, waiting for acknowledgment, and moving to the next tier if none arrives.
Grafana keeps doing what it does well: evaluating rules and sending notifications. Alert24 handles what happens after the notification lands.
Step 1: Create an Alert24 Webhook Integration
In your Alert24 account, navigate to Integrations and create a new integration of type Webhook — Inbound. Give it a descriptive name like "Grafana Production Alerts."
Alert24 will generate a unique webhook URL for this integration. It looks like:
https://app.alert24.co/webhook/ingest/abc123def456
Copy this URL. You will paste it into Grafana shortly.
You can also configure the integration to parse specific fields from the Grafana payload. Alert24 automatically extracts the alert name, severity labels, and the firing/resolved state from Grafana's standard webhook body, so no custom mapping is required for basic use.
Step 2: Configure a Contact Point in Grafana
In Grafana, go to Alerting > Contact Points and click Add contact point. Name it something that reflects its purpose — "Alert24 Escalation" works fine.
Set the integration type to Webhook, then paste your Alert24 webhook URL into the URL field.
# Grafana contact point configuration (exported YAML)
apiVersion: 1
contactPoints:
- orgId: 1
name: Alert24 Escalation
receivers:
- uid: alert24-webhook
type: webhook
settings:
url: https://app.alert24.co/webhook/ingest/abc123def456
httpMethod: POST
maxAlerts: 0
disableResolveMessage: false
The disableResolveMessage: false setting is important. Alert24 will automatically resolve the incident on its end when Grafana sends the resolved notification, which keeps your incident history clean and stops the escalation policy from continuing to page people after the problem is fixed.
Click Test to send a sample payload and confirm Alert24 receives it. You should see a test incident appear in your Alert24 incident log within a few seconds.
Step 3: Attach the Contact Point to a Notification Policy
Creating a contact point does nothing on its own. You need to route alerts to it through Grafana's notification policy tree.
Go to Alerting > Notification Policies. You can either edit the default policy to use Alert24 for everything, or add a specific policy that matches on labels like severity=critical or team=infrastructure.
A typical policy for critical alerts looks like:
| Matcher | Value | Contact Point |
|---|---|---|
| severity | critical | Alert24 Escalation |
| severity | warning | Slack Only |
| (default) |
This way, only critical alerts enter the escalation pipeline. Warning-level alerts still go to Slack, and anything unmatched falls through to email. You keep the noise low while ensuring the alerts that matter get proper escalation treatment.
Step 4: Build an Escalation Policy in Alert24
This is where Alert24 earns its place in the stack. Navigate to Escalation Policies and create a new policy. Name it to match your team structure — "Infrastructure On-Call" or "Backend Team Primary."
A well-structured escalation policy for a small team looks like this:
| Step | Notify | Wait Before Escalating |
|---|---|---|
| 1 | Primary on-call (SMS + phone call) | 10 minutes |
| 2 | Secondary on-call (SMS + phone call) | 10 minutes |
| 3 | Engineering manager (phone call) | 5 minutes |
| 4 | Repeat from step 1 | — |
Each step can target an individual, a rotation, or an entire team. If you have a rotation configured — say, a weekly on-call schedule — Alert24 resolves who is currently on call at the moment the incident fires, so you don't need to update the escalation policy every week.
The wait times are up to you. Ten minutes before escalating to a secondary is common, but if you're running a payment processor or anything with a hard SLA, you might tighten that to five minutes.
Linking the Policy to Your Integration
Back in your Alert24 integration settings for the Grafana webhook, select the escalation policy you just created. Every incident that comes in through this integration will now follow that policy automatically.
If you have multiple Grafana environments — staging and production, or different teams' dashboards — you can create separate integrations with separate escalation policies. Production might escalate aggressively; staging might just log incidents without paging anyone.
Testing the Full Path
Before you rely on this in production, run a deliberate test. In Grafana, temporarily lower a threshold on a non-critical metric so it fires immediately. Confirm the following:
- Grafana fires the alert and the contact point delivers the webhook.
- Alert24 creates an incident and sends the first-tier notification.
- Do not acknowledge the incident. After your configured wait time, confirm that Alert24 escalates to the second tier.
- Acknowledge the incident in Alert24 and confirm the escalation stops.
- Restore the Grafana threshold so the alert resolves. Confirm Alert24 closes the incident automatically.
If step 5 doesn't work, double-check that disableResolveMessage is set to false in your Grafana contact point configuration.
What You Have Now
After this setup, your alerting pipeline has a defined answer to the question that Grafana leaves open: what happens if nobody responds? Grafana evaluates your rules and fires reliably. Alert24 ensures the right person gets paged, and if they don't answer, the right backup gets paged too — with a full audit trail of who was notified and when.
Your next steps are straightforward. If you don't already have on-call schedules configured in Alert24, set those up so escalation policies can pull from rotations rather than static individuals. If your team uses a status page, connect Alert24 to your Alert24 status page so incidents automatically update subscriber-facing status — that eliminates the manual step of posting a status update while you're actively fighting an incident.
The Grafana contact point you created today can serve as the single inbound path for all your Grafana alerts. You control how they route from Alert24 side.