docs/sources/alerting/configure-notifications/create-notification-policy.md
Notification policies determine how alerts are routed to contact points.
Policies have a tree structure. Each policy can have one or more child policies and a set of label matchers.
Each alert (or alert instance) is evaluated by the default policy and subsequently by each child policy. Alerts are routed to the appropriate notification policy by matching alert labels with the policy's label matchers. For further details, refer to label matching and routing in notification policies.
{{< figure src="/media/docs/alerting/get-started-notification-policy-tree-combo.png" max-width="750px" alt="A diagram displaying how the notification policy tree routes alerts" >}}
When an alert instance is assigned to a notification policy, the notification policy is responsible for:
{{< admonition type="note" >}} The default notification policy and its child policies are assigned to a specific Alertmanager, and they cannot use contact points or mute timings from other Alertmanagers. {{< /admonition >}}
You can create a child policy under a default policy or under an existing child policy.
If you want to choose where to position your policy, see the section on Add a sibling policy.
In the left-side menu, click Alerts & IRM and then Alerting.
Click Notification configuration, then select the Notification policies tab.
From the Choose Alertmanager dropdown, select an Alertmanager. By default, the Grafana Alertmanager is selected.
Click +New child policy from the default policy or an existing child policy.
In the Matching labels section of the child policy, add one or more matching label rules to narrow down a specific case from the parent policy.
For instance, a child policy of the default policy handles team=security alerts, or a child policy handles only the severity=critical alerts of a parent policy.
In the Contact point dropdown, select the contact point to send notifications. If left empty, the contact point of the parent policy is inherited.
Optionally, enable Continue matching subsequent sibling nodes to continue matching sibling policies even after the alert matched the current policy. If enabled, multiple policies can handle the same alert.
Optionally, enable Override grouping to set different grouping than the parent policy. If disabled, the grouping of the parent policy is inherited.
Optionally, enable Override general timings to set different timing options than the parent policy. If disabled, the timing options of the parent policy are inherited.
Click Save policy to save your changes.
In the left-side menu, click Alerts & IRM and then Alerting.
Click Notification configuration, then select the Notification policies tab.
Find the child policy you want to create a sibling for.
Click Add new policy -> New sibling above or New sibling below.
It's important to determine which policy receives the alert first and to set the correct order of sibling and child policies.
Policies are evaluated from top to bottom. If a matching policy is found, the system continues to evaluate its child policies in the order they are displayed. For more details, refer to notification policies routing.
Follow the instructions from step 5 onward in adding a child policy.
Grafana allows you to search within the tree of policies by the following:
To search by contact point simply select a contact point from the Search by contact point dropdown. The policies that use that contact point are highlighted in the user interface.
To search by label matchers simply enter a valid matcher in the Search by matchers input field. Multiple matchers can be combined with a comma (,).
It is important to note that all matched policies are exact matches. Grafana supports regular expressions for creating label matchers. It does not support regular expression or partial matching in the search for policies.
Mute timings are not inherited from a parent notification policy, and they have to be configured on each level. For instructions, refer to Configure mute timings.
An example of an alert configuration.
cluster, namespace and severity so that you get a notification per alert rule and specific Kubernetes cluster and namespace.