As described in the Alerts Overview, alerts can be easily and quickly created according to your data stream settings by using the +New Alerts option in the Alert Console or Alerts Management pages. Note that you can also create alerts from Dashboards and Business Packages.
This article includes the following:
How to create an alert
- From the Alert Console or Alerts Management pages, click +New Alerts (located in the top right corner). The Create New Alert screen is displayed, as shown below.
- Select the relevant Alert Type: Anomaly (selected by default), Static, or No Data. Note that this article refers to creating Anomaly alerts only; although similar, see this article on Creating Static or No Data Alerts for further information.
- In the Alert Metrics section, define your alert metrics by clicking Add a Function to select from the displayed functions.
You also can search for the relevant measures, dimensions, and streams to include in your alert metrics by clicking in the search box. Note that if a measure appears in more than one stream, first select the measure, click the measure row and select a stream. For further information about defining your alert metrics, see Metric Expressions.
Note: You can also click on one of the popular measures displayed in the Quick Start section to include it as part of your alert metrics.
- In the Alert Conditions section, define the relevant alert conditions.
Note that as you apply metrics and conditions to your alert, you can choose to dynamically load simulated alert data you select for each metric/condition; see Simulating an alert. You can also define additional alert conditions by clicking Show more conditions. For details on all the possible conditions you can apply to an alert, see Defining advanced alert conditions.
Time scale (from 1 hour - 1 week); the span of time for which metrics are aggregated.
Inclusion of anomalies with a minimum duration period (in Hours, Days, or Weeks).
If the alert should be triggered for a Spike, Drop, or both.
The Minimum Significance Score, which defines how important the alert is to you; its importance is determined by how much and for how long the metric deviated from the expected pattern compared to past anomalies of the metric.
- In the Info & Recipients section, define general information about the alert, as well as alert recipients and notifications.
The Alert Name and a general (optional) Description of the alert.
Alert Notifications, such as when and who to send the alert to. Also define Dynamic Routing if required.
Text Labels that can be added to any alert.
The Severity of the alert, which will be shown on every trigger.
The Alert Owner, which can be a selected user or group of users.
- Click Create Alert to implement your settings. The new alert is automatically displayed on the Alerts Management and Alert Console pages.
Simulating an alert
When defining the metrics for your Anomaly or Static alert, you can choose to dynamically load simulated alert data you select for each metric; the displayed data simulates the estimated number of alerts that will be generated according to the metric selected. This metric data is automatically displayed in the main content area of the Create New Alert screen, as shown below.
To inspect specific trigger values, hover over the metric line; the displayed values will depend on the alert type. The total number of alerts is displayed below the simulation: Estimated rate of Alerts/day.
- As the simulation of metric data can often be resource-intensive, you can choose to disable the automatic simulation by clicking the Auto-Simulate button in the top right corner. However, even when the automatic simulation is disabled, you can still simulate the defined alert at any time by clicking Start Simulation in the bottom of the screen.
- Investigate alert-based anomalies (shown with an orange line: _______ ) to determine which settings to adjust to receive fewer alerts; investigate non-alert-based anomalies (shown with a gray line: ________ ) to determine which settings to adjust to trigger more alerts. See To increase/decrease the estimated alert rate.
- To display all simulation time periods in the graphs, Anodot down-samples metric data except for periods of anomalies, in which case, the original data points are kept.
To increase/decrease the estimated alert rate:
- In the simulation data chart, trace an alert with the cursor to show the trigger values:
- To increase the estimated rate of alerts: Reduce the level of each setting which triggered the alert. Depending on their settings, either one or all of Significance, Delta and Duration may be responsible for the alert in the above example.
To decrease the estimated rate of alerts: Increase the level of each setting which triggered the alert.
- When the simulation Estimated rate of Alerts/day meets your requirements, click Create Alert to complete the alert definition.