Overview
Modern infrastructure generates alerts from dozens of monitoring tools, making it difficult to cut through the noise and respond to real incidents. Solace is an open-source alert management and incident response platform that ingests alerts from any monitoring source, deduplicates them, auto-correlates them into incidents, and provides a single dashboard for managing the response.
Think PagerDuty / OpsGenie, but open-source and self-hosted.
Key Features
- Multi-Source Alert Ingestion – 6 built-in webhook normalizers for Generic, Prometheus Alertmanager, Grafana, Splunk, Datadog, and Email ingest with a pluggable architecture for custom sources.
- Fingerprint-Based Deduplication – SHA256 hashing of identity fields prevents alert fatigue by merging identical alerts within configurable time windows.
- Automatic Incident Correlation – Groups related alerts into incidents by service within configurable correlation windows, with severity auto-promotion.
- On-Call Scheduling – Flexible rotations (hourly, daily, weekly, custom) with timezone-aware handoffs, temporary overrides, and a real-time “Who’s On Call” view.
- Escalation Policies – Multi-level escalation with configurable timeouts, mixed targets (users or on-call schedules), repeat support, and service-to-policy mapping with glob patterns.
- 5 Notification Channels – Slack, Microsoft Teams, Email (SMTP), Generic Webhook (outbound with HMAC), and PagerDuty Events API v2 with per-channel severity/service filters, rate limiting, delivery logs, and a test button.
- Silence / Maintenance Windows – Time-based alert suppression with flexible matchers by service, severity, or label key-value pairs.
- Alert Enrichment – Tags, investigation notes, external ticket linking (Jira, GitHub, etc.), runbook URLs, and full raw payload preservation.
- JWT Authentication & RBAC – Secure login with role-based access control (Admin, User, Viewer), user management, and first-login password change enforcement.
- Real-Time Dashboard – WebSocket updates with fallback polling, keyboard shortcuts, search and filter, sortable columns, pagination, and live stats (MTTA, MTTR).
- Light & Dark Themes – Toggle between a high-contrast dark ops-console theme and a clean light theme.
Architecture & Tech Stack
| Layer | Technologies |
|---|---|
| Backend | Python 3.12+, FastAPI, async SQLAlchemy (asyncpg), Alembic, PostgreSQL, Redis, python-jose (JWT), passlib (bcrypt) |
| Frontend | React 18, TypeScript, Vite, Tailwind CSS, Zustand |
| Infrastructure | Docker, Docker Compose, Kubernetes-ready health probes |
How It Works
- Alert Ingestion & Normalization
- Webhook endpoints accept alerts from Prometheus, Grafana, Datadog, Splunk, Email, or any generic source.
- Each provider’s payload is normalized into a common schema via pluggable normalizer adapters.
- Deduplication & Silence Check
- Alerts are fingerprinted (SHA256 of source, name, service, host, labels) to detect duplicates within configurable windows.
- Active maintenance windows are checked before processing, suppressing matched alerts.
- Incident Correlation & Escalation
- Related alerts from the same service are automatically grouped into incidents.
- Escalation policies route notifications through multi-level targets based on service mappings.
- Incident Management & Response
- The React dashboard provides real-time visibility with one-click acknowledge/resolve and bulk operations.
- Full event timeline records every action for post-incident review.
- Notifications
- Incidents trigger notifications to configured channels (Slack, Teams, Email, Webhook, PagerDuty) with per-channel filters and rate limiting.
Quick Start
git clone https://github.com/springdom/solace.git
cd solace
docker compose up --build
- Dashboard: http://localhost:3000
- API Docs: http://localhost:8000/docs
- Default login: admin / admin (password change required on first login)
Benefits
- Reduces Alert Fatigue – Deduplication and correlation surface only actionable incidents.
- Vendor Agnostic – Integrates with any monitoring tool that supports webhooks.
- Self-Hosted – Full control over data and infrastructure with no SaaS dependency.
- Open Source – Apache 2.0 licensed, transparent, extensible, and community-driven.
Get in Touch
Interested in implementing a unified alert management platform for your organization? Contact us to discuss how we can help streamline your incident response workflows.