The AlertKick blog

Field notes on alerting, eBPF, and AI ops

Opinionated, practical, sometimes impolitic writing on modern monitoring - from the team building AlertKick.

Running incident triage from your AI assistant: a walkthrough
Latest
mcp

Running incident triage from your AI assistant: a walkthrough

AlertKick ships an MCP server, which means your AI assistant can query alerts, inspect hosts, acknowledge pages, and dig into security events in natural language. Here's what that actually looks like during an incident.

Read the post
The real cost of building your own monitoring stack
diy stack

The real cost of building your own monitoring stack

Stitching together your own monitoring is a perfectly valid choice. It's just not a free one. Here's where the cost actually shows up - in time, attention, and the person on your team who stops being an engineer and starts being the monitoring engineer.
How AI triage cuts most of your eBPF alert noise
ebpf

How AI triage cuts most of your eBPF alert noise

Raw eBPF events are noisy by design - a useful ruleset will fire dozens of times a day on a healthy host. An AI triage layer sitting between the detection and the alert channel is what makes the whole thing usable. Here's how ours works.
Heartbeat monitoring: the single line of script that saves your backups
heartbeats

Heartbeat monitoring: the single line of script that saves your backups

The most under-used monitoring pattern in small-team infrastructure is the heartbeat - a scheduled job that pings a URL on success, and a monitor that alerts when the ping stops arriving. Add one line to your scripts, never miss a silent failure again.
The escalation levels AlertKick ships by default
on call

The escalation levels AlertKick ships by default

On-call escalation policies don't need to be complicated. AlertKick ships a small set of sensible defaults - three levels, one rotation, one set of quiet hours. Here's what each level is for and why that's enough.
The checks every server should have on day one
opinionated monitoring

The checks every server should have on day one

There's a short list of things that break a Linux server and a shorter list of checks that catch most of them. AlertKick ships all of them on by default. Here's the list, and why it's the list.
What eBPF actually is - and why it's finally practical to run
ebpf

What eBPF actually is - and why it's finally practical to run

eBPF is the reason modern runtime security works. Historically it's come with an enterprise price tag and a team to match. Here's what it does, why that's changed, and what AlertKick gives you on day one.
Why AlertKick is opinionated, not configurable
opinionated monitoring

Why AlertKick is opinionated, not configurable

Every knob in a monitoring tool is a decision somebody has to make. Most of those decisions have a right answer. AlertKick ships the right answer by default - so you don't have to be the person figuring it out.
Why we built AlertKick
founder

Why we built AlertKick

Monitoring infrastructure is a pain in the ass. It takes numerous tools, each needing code and config, and once it breaks the team ends up with a dedicated monitoring person whose only job is keeping the stack alive. That's not a good outcome. So we built something opinionated.