essential

Solace: Alert Management & Incident Response Platform

A self-hosted alternative to PagerDuty and OpsGenie — alert ingestion, deduplication, incident correlation, on-call scheduling, escalation, and multi-channel notifications.

View on GitHub

Overview

Modern infrastructure generates alerts from dozens of monitoring tools, making it difficult to cut through the noise and respond to real incidents. Solace is an open-source alert management and incident response platform that ingests alerts from any monitoring source, deduplicates them, auto-correlates them into incidents, and provides a single dashboard for managing the response.

Think PagerDuty / OpsGenie, but open-source and self-hosted.

Key Features

  • Multi-Source Alert Ingestion – 6 built-in webhook normalizers for Generic, Prometheus Alertmanager, Grafana, Splunk, Datadog, and Email ingest with a pluggable architecture for custom sources.
  • Fingerprint-Based Deduplication – SHA256 hashing of identity fields prevents alert fatigue by merging identical alerts within configurable time windows.
  • Automatic Incident Correlation – Groups related alerts into incidents by service within configurable correlation windows, with severity auto-promotion.
  • On-Call Scheduling – Flexible rotations (hourly, daily, weekly, custom) with timezone-aware handoffs, temporary overrides, and a real-time “Who’s On Call” view.
  • Escalation Policies – Multi-level escalation with configurable timeouts, mixed targets (users or on-call schedules), repeat support, and service-to-policy mapping with glob patterns.
  • 5 Notification Channels – Slack, Microsoft Teams, Email (SMTP), Generic Webhook (outbound with HMAC), and PagerDuty Events API v2 with per-channel severity/service filters, rate limiting, delivery logs, and a test button.
  • Silence / Maintenance Windows – Time-based alert suppression with flexible matchers by service, severity, or label key-value pairs.
  • Alert Enrichment – Tags, investigation notes, external ticket linking (Jira, GitHub, etc.), runbook URLs, and full raw payload preservation.
  • JWT Authentication & RBAC – Secure login with role-based access control (Admin, User, Viewer), user management, and first-login password change enforcement.
  • Real-Time Dashboard – WebSocket updates with fallback polling, keyboard shortcuts, search and filter, sortable columns, pagination, and live stats (MTTA, MTTR).
  • Light & Dark Themes – Toggle between a high-contrast dark ops-console theme and a clean light theme.

Architecture & Tech Stack

Layer Technologies
Backend Python 3.12+, FastAPI, async SQLAlchemy (asyncpg), Alembic, PostgreSQL, Redis, python-jose (JWT), passlib (bcrypt)
Frontend React 18, TypeScript, Vite, Tailwind CSS, Zustand
Infrastructure Docker, Docker Compose, Kubernetes-ready health probes

How It Works

  1. Alert Ingestion & Normalization
    • Webhook endpoints accept alerts from Prometheus, Grafana, Datadog, Splunk, Email, or any generic source.
    • Each provider’s payload is normalized into a common schema via pluggable normalizer adapters.
  2. Deduplication & Silence Check
    • Alerts are fingerprinted (SHA256 of source, name, service, host, labels) to detect duplicates within configurable windows.
    • Active maintenance windows are checked before processing, suppressing matched alerts.
  3. Incident Correlation & Escalation
    • Related alerts from the same service are automatically grouped into incidents.
    • Escalation policies route notifications through multi-level targets based on service mappings.
  4. Incident Management & Response
    • The React dashboard provides real-time visibility with one-click acknowledge/resolve and bulk operations.
    • Full event timeline records every action for post-incident review.
  5. Notifications
    • Incidents trigger notifications to configured channels (Slack, Teams, Email, Webhook, PagerDuty) with per-channel filters and rate limiting.

Quick Start

git clone https://github.com/springdom/solace.git
cd solace
docker compose up --build
  • Dashboard: http://localhost:3000
  • API Docs: http://localhost:8000/docs
  • Default login: admin / admin (password change required on first login)

Benefits

  • Reduces Alert Fatigue – Deduplication and correlation surface only actionable incidents.
  • Vendor Agnostic – Integrates with any monitoring tool that supports webhooks.
  • Self-Hosted – Full control over data and infrastructure with no SaaS dependency.
  • Open Source – Apache 2.0 licensed, transparent, extensible, and community-driven.

Get in Touch

Interested in implementing a unified alert management platform for your organization? Contact us to discuss how we can help streamline your incident response workflows.

CaptivIT - IT Consulting

Providing expert solutions in Cloud, Security, DevOps, and Digital Transformation.

Product

Company

Other

Contact Us

Email: info@captivit.com
Phone: +1 404 669 6419
© 2026 CaptivIT
essential