- 10 minutes to read

Custom Metadata in Alerts: Looking Good When It Matters

The Power of Qualified Information

When integrations fail at 3 AM, having qualified information in your alerts is not a luxury—it's a business necessity.

The cost of unqualified alerts:

  • 45 minutes hunting for "Who owns this?"
  • Emergency calls to the wrong team
  • SLA violations while searching for runbooks
  • Customer-facing incidents where you look unprepared
  • Reputation damage: "They don't even know their own systems"

The value of metadata-enriched alerts:

  • 2 minutes to engagement (Owner + Emergency Contact in alert)
  • Instant escalation to correct team (metadata-driven routing)
  • Runbook link in alert → Immediate action
  • SLA context → Prioritize correctly
  • LOOKING GOOD: Professional, prepared, in control

See how it works: Email alerts with XSLT transformation | HTTP Webhook alerts with JSON payload | Before vs After comparison | Configuration guide

Sensitive Data Safety Rule

Alert enrichment is powerful, but it also increases data exposure risk if teams store secrets in user-editable text fields.

Warning

Anything placed in descriptions or Custom Metadata can be propagated into alerts. Never put passwords, API keys, tokens, private keys, or full connection strings in these fields.

Fields to Treat as Non-Secret

  • Description fields on Resources, Categories, and Applications
  • Custom Metadata values used for Owner, SLA, escalation, and runbook context
  • Content transformed by XSLT and sent through Email Alarm Plugins
  • Content serialized in HTTP Webhook JSON payloads

Safe Pattern

  • Keep only operational context in alerts: owner, SLA, runbook URL, business impact
  • Store credentials in secret managers or vault solutions, not in Nodinite text fields
  • Use neutral references in metadata, for example SecretRef=SqlProdConnection
  • Review every alert template and webhook consumer for accidental secret leakage

Alert Enrichment Architecture

graph LR roIntegration[" Integration
Owner: Henrik
SLA: Gold
Dept: Finance"] roService[" Service
Tech Owner: Sarah
Tech Stack: .NET"] roSystem[" System
System Owner: DB Team
Vendor: Microsoft"] roResource[" Resource
Emergency Contact: +1-555-0123
Runbook Link"] roMonitoring[" Monitoring Service
State Change Detected"] roAlarmPlugin[" Alarm Plugin
Email / HTTP Webhook"] roEmail[" Email Alert
XSLT Transforms XML
Owner + SLA + Contact"] roWebhook[" HTTP Webhook
JSON Payload
Custom Metadata Included"] roTeam[" Operations Team
Qualified Alert Received
2-Minute Engagement"] roJira[" Jira/ServiceNow
Auto-Create Ticket
Metadata Pre-Filled"] roIntegration -->|"Links to"| roService roService -->|"Links to"| roSystem roSystem -->|"Monitors"| roResource roResource -.->|"State Change
Error/Warning"| roMonitoring roMonitoring ==>|"Trigger Alert"| roAlarmPlugin roAlarmPlugin ==>|"XSLT Transform"| roEmail roAlarmPlugin ==>|"JSON Payload"| roWebhook roEmail ==>|"Enriched Alert"| roTeam roWebhook ==>|"Enriched Alert"| roJira style roIntegration fill:#90EE90,stroke:#2d5016,stroke-width:3px style roService fill:#90EE90,stroke:#2d5016,stroke-width:2px style roSystem fill:#90EE90,stroke:#2d5016,stroke-width:2px style roResource fill:#FFD700,stroke:#997300,stroke-width:3px style roMonitoring fill:#87CEEB,stroke:#1e5a7d,stroke-width:2px style roAlarmPlugin fill:#87CEEB,stroke:#1e5a7d,stroke-width:3px style roEmail fill:#E6E6FA,stroke:#6a5acd,stroke-width:2px style roWebhook fill:#E6E6FA,stroke:#6a5acd,stroke-width:2px style roTeam fill:#90EE90,stroke:#2d5016,stroke-width:3px style roJira fill:#90EE90,stroke:#2d5016,stroke-width:3px

Diagram: Custom Metadata flows from Repository entities (green) through Monitoring Service (blue) to Alarm Plugins, then transforms into enriched alerts (purple) delivered to Operations teams and external systems (green = success). Dashed lines show state changes, double lines show alert delivery.

How Custom Metadata Enriches Alerts

Email Alerts (XSLT Transformation)

Email Alarm Plugins (Email and Email with Options) receive a comprehensive XML structure containing:

XSLT stylesheets transform this XML into beautifully formatted HTML emails with:

  • Owner and Emergency Contact - "Call Henrik at +1-555-0123, escalate to Michael if no response in 15 minutes"
  • SLA Level - "[GOLD SLA] 4-hour response required"
  • Business Context - "Department: Finance, Process: Month-End Invoice Processing"
  • Compliance Tags - "GDPR + PCI DSS data flows affected"
  • Runbook Link - "Emergency Procedure: [View PDF]"
  • Architecture Diagram - "System Architecture: [View Diagram]"

See example alert below | Learn how to customize XSLT | Configure Email with Options plugin

Example alert:

SUBJECT: [GOLD SLA] Finance Integration Failed: Order-to-Cash

Integration: Order-to-Cash Payment Processing
Owner: Henrik (henrik@company.com, +1-555-0123)
Emergency Contact: Michael (michael@company.com, +1-555-0199)
Department: Finance
SLA: Gold (4-hour response, 99.9% uptime required)
Business Impact: $50M annual revenue stream affected
Compliance: GDPR + PCI DSS data flows

Runbook: [Emergency Recovery Procedure]
Architecture: [System Diagram]

ACTION REQUIRED:
1. Call Henrik immediately (+1-555-0123)
2. If no response in 15 minutes, escalate to Michael
3. Follow runbook for database failover
4. Notify Finance VP if downtime exceeds 30 minutes

Details:
Failed at: 2025-02-03 03:42:15 EST
Error: Database connection timeout (SQL Server)
Affected Systems: Payment Gateway, Order Management
Pending Transactions: 127 orders ($342,500 value)

What the alert does NOT say without metadata:

SUBJECT: Monitor View State Changed

A resource in Monitor View "Payment Processing" changed state to Error.

Details: Database connection timeout

[End of email]

Result: With metadata, your team looks professional, prepared, and in control. Without metadata, you look disorganized.

Learn how to configure Email alerts | Compare Email vs Email with Options | Explore XSLT customization

HTTP Webhook Alerts (JSON Payload)

HTTP Webhook Alarm Plugin sends JSON payloads to external systems:

  • Jira, ServiceNow, Freshdesk (incident management)
  • Slack, Teams, PagerDuty (team notifications)
  • Azure Logic Apps, Power Automate (workflow automation)
  • Custom integrations (data warehouses, dashboards, SMS providers)

JSON payload includes Custom Metadata:

{
  "monitorViews": [
    {
      "name": "Payment Systems",
      "resources": [
        {
          "name": "Payment Gateway Database",
          "state": "Error",
          "integration": {
            "name": "Order-to-Cash",
            "customMetadata": {
              "Owner": "Henrik",
              "EmergencyContact": "+1-555-0123",
              "Department": "Finance",
              "SLALevel": "Gold",
              "ComplianceTags": ["GDPR", "PCI DSS"],
              "RunbookUrl": "https://docs.company.com/runbooks/payment-failover.pdf",
              "BusinessImpact": "$50M annual revenue"
            }
          },
          "system": {
            "name": "SQL Server Payment DB",
            "customMetadata": {
              "SystemOwner": "Database Team",
              "Vendor": "Microsoft",
              "Environment": "Production",
              "MaintenanceWindow": "Saturday 2-6 AM EST"
            }
          }
        }
      ]
    }
  ],
  "timestamp": "2025-02-03T03:42:15Z",
  "severity": "Critical",
  "isRecurring": false
}

What you can do with this data:

  • Auto-create Jira ticket with Owner, SLA, Emergency Contact pre-filled
  • Route to correct Slack channel based on Department metadata
  • Calculate SLA breach time using SLA Level metadata
  • Include runbook link in ServiceNow incident
  • Tag compliance team if GDPR/HIPAA data affected
  • Send SMS to Emergency Contact for critical failures

See JSON payload structure above | Configure HTTP Webhook plugin | Learn about webhook authentication

Example Jira ticket auto-created from metadata:

Summary: [GOLD SLA] Finance Integration Down: Order-to-Cash Payment Processing
Priority: Critical (Gold SLA = 4-hour response)
Assignee: Henrik (from Owner metadata)
Labels: Finance, GDPR, PCI-DSS, Payment-Processing
Description:
  Integration: Order-to-Cash
  Owner: Henrik (henrik@company.com, +1-555-0123)
  Emergency Contact: Michael (+1-555-0199)
  SLA: Gold (4-hour response required)
  Business Impact: $50M annual revenue stream

  Error: Database connection timeout
  Affected Systems: Payment Gateway Database

  Emergency Procedure: [Runbook Link]
  Architecture: [Diagram Link]

  Escalation: If not resolved in 4 hours, breach Gold SLA.
               If no response from Henrik in 15 min, call Michael.

Technical Integration: How Metadata Flows to Alerts

XSLT: Customize Email Alert Presentation

Email Alarm Plugins use XSLT to transform XML alarm data into HTML emails.

See example email alert | Learn about Stylesheets | Read full Alarm Plugin Object reference

Example XSLT snippet to display Custom Metadata:

<xsl:for-each select="MonitorViews/MonitorView/Resources/Resource">
  <h2><xsl:value-of select="Name"/></h2>

  <!-- Display Custom Metadata from Integration -->
  <h3>Business Context</h3>
  <table>
    <tr>
      <td>Owner:</td>
      <td><xsl:value-of select="Integration/CustomMetadata/Field[@Name='Owner']/@Value"/></td>
    </tr>
    <tr>
      <td>Emergency Contact:</td>
      <td><xsl:value-of select="Integration/CustomMetadata/Field[@Name='EmergencyContact']/@Value"/></td>
    </tr>
    <tr>
      <td>SLA Level:</td>
      <td><xsl:value-of select="Integration/CustomMetadata/Field[@Name='SLALevel']/@Value"/></td>
    </tr>
    <tr>
      <td>Department:</td>
      <td><xsl:value-of select="Integration/CustomMetadata/Field[@Name='Department']/@Value"/></td>
    </tr>
    <tr>
      <td>Compliance:</td>
      <td><xsl:value-of select="Integration/CustomMetadata/Field[@Name='ComplianceTags']/@Value"/></td>
    </tr>
  </table>

  <!-- Display Runbook Link -->
  <p>
    <strong>Emergency Procedure:</strong>
    <a href="{Integration/CustomMetadata/Field[@Name='RunbookUrl']/@Value}">
      View Runbook
    </a>
  </p>
</xsl:for-each>

Result: Professional, branded HTML email with all business context visible at a glance.

Learn more: Alarm Plugin Object - Complete XSLT documentation with examples

Real-World Impact: Before vs After

Before Custom Metadata in Alerts

Alert received:

SUBJECT: Monitor View State Changed

A resource changed state to Error.

Resource: PaymentDB
Monitor View: Production Servers

What happens next:

  1. 3:00 AM: Alert received → "Who owns this?"
  2. 3:05 AM: Search SharePoint for integration documentation
  3. 3:15 AM: Call general support line → "We don't know, let me check"
  4. 3:30 AM: Finally reach Henrik's mobile → "I'm on vacation, call Michael"
  5. 3:45 AM: Michael answers → "What's the runbook?" → Another 10 minutes hunting
  6. 4:00 AM: Start troubleshooting (1 hour wasted)

Customer perception: "They don't even know who owns their own systems. Unprofessional."

After Custom Metadata in Alerts

Alert received:

SUBJECT: [GOLD SLA] Finance Integration Failed: Order-to-Cash

Integration: Order-to-Cash Payment Processing
Owner: Henrik (henrik@company.com, +1-555-0123)
Emergency Contact: Michael (michael@company.com, +1-555-0199)
Department: Finance
SLA: Gold (4-hour response, 99.9% uptime)
Runbook: [Emergency Recovery Procedure]

ACTION: Call Henrik. If no response in 15 min, call Michael.

What happens next:

  1. 3:00 AM: Alert received → Call Henrik immediately
  2. 3:02 AM: Henrik answers → Opens runbook from alert → Starts recovery
  3. 3:16 AM: Issue resolved (16 minutes total)

Customer perception: "They were on it instantly. Professional, prepared, in control."

Business impact:

  • Time to engagement: 45 minutes → 2 minutes (95% faster)
  • Time to resolution: 60 minutes → 16 minutes (73% faster)
  • SLA compliance: Breach → Met
  • Reputation: Damaged → Enhanced

Ready to set up alert enrichment? Follow the configuration guide below to define Custom Metadata fields, assign them to Integrations, and configure Alarm Plugins.

Configuration Guide

Step 1: Define Custom Metadata Fields

Navigate to AdministrationRepositoryAdd or manage Custom Metadata

Create fields:

  • Owner (Select: Henrik, Sarah, Ahmed, Michael)
  • Emergency Contact (Text: Phone number)
  • SLA Level (Select: Gold, Silver, Bronze)
  • Department (Select: Finance, HR, Operations, IT)
  • Compliance Tags (Multi-Select: GDPR, HIPAA, PCI DSS, SOX)
  • Runbook URL (Link: URL to runbook document)

Learn more: Custom Metadata Overview | Entity Coverage | Rich Data Types

Step 2: Assign Metadata to Integrations

Navigate to RepositoryAdd or manage Integration

Assign values:

Learn more: Integrations | Systems | Services | Mandatory Fields

Step 3: Configure Alarm Plugins

For Email Alerts:

Navigate to AdministrationSettingsAlarm PluginsEmail with Options

  • Upload XSLT stylesheet that displays Custom Metadata
  • Configure recipients (operations team, on-call engineers)
  • Test alert → Verify Owner, SLA, Emergency Contact appear in email

For HTTP Webhook Alerts:

Navigate to AdministrationSettingsAlarm PluginsHTTP Webhook

  • Configure webhook URL (Jira, ServiceNow, Slack, custom endpoint)
  • Custom Metadata automatically included in JSON payload
  • Test webhook → Verify JSON includes customMetadata object

Learn more: Compare all Alarm Plugins | Event Log for SCOM integration

Step 4: Assign Alarm Plugins to Monitor Views

Navigate to AdministrationMonitor ManagementAdd or manage Monitor View

  • Select Monitor View (e.g., "Payment Systems")
  • Assign Alarm Plugins: Email with Options, HTTP Webhook
  • Configure alert recurrence (e.g., Error: resend every 15 minutes)
  • Test Monitor View → Verify alerts include Custom Metadata

Learn more: Monitor Views | Resources | Time Intervals for alert recurrence

Next Step

Add or manage Custom Metadata – Create Owner, SLA, Emergency Contact fields

Add or manage Alarm Plugin – Configure Email with Options or HTTP Webhook

Alarm Plugin Object – Customize XSLT to display Custom Metadata in emails

Foundation:

Alarm Plugins:

Customization:

Monitoring: