You can set alert condition(s) based on rule type.

Rule Type

• Simple: Alert configurations are done for a single metric for critical, major, and minor thresholds. You can add a single condition only. You can provide the recovery threshold value for critical, major, and minor thresholds.
• Composite: Configurations are done for multiple metrics for critical, major, and minor thresholds in separate sections. You can add multiple conditions by using the AND (&&) and OR (||) operators. You can provide the recovery threshold value for critical, major, and minor thresholds in their respective sections.
  Note:Recovery thresholds are optional thresholds added to alert conditions (Critical/ Major/Minor) to indicate an additional condition to metrics recovery from alert to normal states.
  Example: If the critical threshold value is defined as 100 and recovery threshold is defined as 50, then the recovery threshold is satisfied when the metric value is reached to 50.

Condition Type

• Threshold: This is a standard alert in which the expected values are known. A threshold alert compares metric values to a static threshold. It calculates the average/minimum/maximum/sum throughout the given period for each alert evaluation and verifies if it is above or below the threshold.
  Trigger when the average/sum of every/maximum/minimum/at least one value of the metric during the last "X" interval is above/above or equal to/below/below or equal to the threshold.
  Advanced option:
  
  • Check the condition at every one minute over rolling "X" intervals.
  • Check the condition at every "X" interval over a fixed "X" interval.
  
  

  Rolling interval:Graph data value for alert is calculated on each new sample generated. For example: Suppose the rolling interval is defined as 1 minute and the window size is 5 minutes, then the first the data samples are calculated for 1-5 minutes window. Then, the second data samples are calculated for a 2-6 minutes window and in a similar way a third data sample for a 3-7 minute window, and so on.
  

  Fixed interval:Graph data value for alert is calculated for a fixed time as specified. For example: Suppose the fixed interval is defined as 1 minute and the window size is 5 minutes, then the first the data samples are calculated for 1-5 minutes window. Then, the second data samples are calculated for a 6-10 minutes window and in a similar way a third data sample for a 11-15 minute window, and so on.
  

  Trigger when every value of the metric during the last "X" minutes is above the threshold.
  Advanced option:

  • Evaluate the value of the metric during the last "X" minutes using last/any "Y" % samples.
  • Check the condition at every one minute over rolling "X" intervals.
  • Check the condition at every "X" interval over a fixed "X" interval.
• Change:This type of alert is suitable when you need to find spikes, dips, or minor changes in a metric when the threshold is unexpected. A change alert matches the absolute or relative (percentage) change in value from X minutes ago to now to a set threshold. The compared data points are not single points, but are calculated using the alert parameters in the alert conditions section.
  On the assessment of each alert, the raw difference between the series now and X minutes ago is calculated, and then the average / minimum / maximum / sum over the selected period is computed. When this computed series crosses the threshold, an alert is triggered.
  Trigger when change / %change in average / sum of every / maximum / minimum / at least one value of the metric during last "X" interval is above / above or equal to/ below / below or equal to the threshold compared to average of all samples during same time interval "Y" interval before.
  Advanced option:
  • Check the condition at every one minute over rolling "X" intervals.
  • Check the condition at every "X" interval over a fixed "X" interval.

  Trigger when change / %change in every value of the metric during the last "X" interval is above/above or equal to/below/below or equal to the threshold compared to average of all samples during the same time "Y" interval before.
  Advanced option:

  • Evaluate the value of the metric during the last "X" minutes using last/any "Z" % samples.
  • Check the condition at every one minute over rolling "X" intervals
  • Check the condition at every "X" interval over a fixed "X" interval.
• Anomaly:An anomaly detection alert uses the previous performance of a metric to spot when it is behaving unusually. Anomaly alerts analyze an estimated range of values for a series based on the previous time. Some anomaly algorithms calculate the expected range based on the time of day or a day of the week, identifying anomalies that would be missed by a basic threshold alert. In an instance, the series is extremely high for 8 AM, despite being normal for 11 AM.
  The percentage of the series that falls above, below, or outside of the expected range is determined for each alert evaluation. When this percentage crosses the preset threshold, an alert is triggered.
  Trigger when at least one value of the metric during the last "X" interval is above/below/above or below the bounds.
  Advanced option:
  • Check the condition at every one minute over rolling "X" intervals.
  • Check the condition at every "X" interval over a fixed "X" interval.
  • Severity: Critical / Major / Minor (default is Major)
  • Use theta/basic/agile/robust algorithm to detect anomalies "N" deviations from the predicted data.
  • Basic:This is used when metrics have no recurring seasonal pattern. It uses a simple computation method to determine the range of predictable values. It consumes lesser data and regulates rapidly to changing conditions but has no understating of seasonal behavior or extensive trends.
  • Agile:This is used when metrics are seasonal and predicted to change. It rapidly regulates metric level shifts. It integrates the instant past into its forecast, allowing rapid updates for level shifts at the overhead of being less strong to recent, permanent anomalies.
  • Robust:This is used when seasonal metrics are predicted to be steady, and slow, level shifts are considered anomalies. It is very steady and predictions remain constant even through permanent anomalies at the expense of taking longer to respond to intended level shifts (For example: Shifting of a metric level due to a change in code)
  Triggers when every value of the metric during the last "X" interval is above/below/above or below the bounds.
  Advanced option:
  • Evaluate the value of the metric during the last "X" minutes using last/any "Z" % samples.
  • Check the condition at every one minute over rolling "X" intervals.
  • Check the condition at every "X" interval over a fixed "X" interval
  • Severity: Critical / Major / Minor (default is Major)
  • Use theta/basic/agile/robust algorithm to detect anomalies "N" deviations from the predicted data.
• Outlier:Outlier monitors detect when a subject of a group is behaving unusually compared to the rest of the subjects during a specified time period. On the assessment of each alert, it is analyzed whether or not all groups are grouped together and showing the same behavior. When one or more groups deviates from the rest, an alert is triggered. You can use an algorithm (from the list) with a tolerance value.
  Triggers when at least one value of the metric for a subject is outlier during the last "X" interval out of subjects at the same hierarchy.
  Advanced option:
  • Check the condition at every "X" interval over a fixed "X" interval.
  • Use MAD/DBSCAN/ScaledMAD/ScaledDBSCAN algorithm with tolerance 0.33/0.5/1.0/1.5/2.0/2.5/3.0/3.5/4.0/4.5/5.0
  Triggers when every value of the metric for a subject is outlier during the last "X" interval out of subjects in the same hierarchy.
  Advanced option:
  • Evaluate the value of the metric during the last "X" minutes using last/any "Z" % samples.
  • Check the condition at every "X" interval over a fixed "X" interval.
  • Use MAD/DBSCAN/ScaledMAD/ScaledDBSCAN algorithm with tolerance 0.33/0.5/1.0/1.5/2.0/2.5/3.0/3.5/4.0/4.5/5.0
  • MAD: The Median Absolute Deviation (MAD) is a strong measure of inconsistency, and can be observed as the robust equivalent for standard deviation. Robust statistics define information in such a way that outliers do not excessively affect them.
  • DBSCAN: It is a popular density-based clustering algorithm. It works by collecting or forming points into a mass or group that are close to each other. Clusters with few points in them are considered as outliers.
  • ScaledMAD: The ScaledMAD algorithm considers the relative scales of the deviation and the median of the data. Mostly, it acts like the MAD algorithm. Though, when the scattering of the data set contracts as compared to the median, the space threshold for defining whether a point is an outlier becomes a part of the median.
  • ScaledDBSCAN: This algorithm scales the preliminary space threshold according to the relative magnitudes of the median series and the subjects' distances to the median series. Mostly, it acts like a normal DBSCAN. However, when the median series is huge compared to the spaces to the median series, calculating whether two time series are close depends on the scale of the median series.
• Forecast:It forecasts the forthcoming performance of a metric and compares it to a fixed threshold. It is appropriate for metrics with robust trends or repetitive patterns. On the assessment of each alert, it predicts the future values of the metric along with the estimated deviation bounds. When any part of the bounds crosses the configured threshold, an alert is triggered.
  Trigger when the average/sum of every/maximum/minimum/at least one forecasted value of the metric is above/above or equal to/below/below or equal to the threshold in the next "X" interval.
  Advanced option:
  • Evaluate the average forecasted value of the metric based on "X" interval trend.
  • Check the condition at every one minute over rolling "X" intervals.
  • Check the condition at every "X" interval over a fixed "X" interval.
  • Severity: Critical / Major / Minor (default is Major)
  • Apply default/simple/reactive model for linear forecast or
  • Apply hourly/daily/weekly choices for Seasonal forecasts.
  Linear Forecast: It is used for metrics having fixed trends but no recurring seasonal pattern. Following are the models, which control this algorithm's sensitivity to level shifts:
  • Default: Adjusts to the most recent trend and concludes data while being resistant to recent noise.
  • Simple: Performs a strong linear regression through the complete past.
  • Reactive: Concludes latest performance at the risk of overfitting to noise, spikes, or dips
  .

  Seasonal Forecast: This algorithm is used for metrics with recurring patterns. There are the following options:

  • Hourly: Behavior expectation of the same minute post hour like past minutes post hour. For example - 7:20 behaves like 6:20, 5:20, and so on.
  • Daily: Behavior expectation of the same time today like past days. For example, 7 pm today behaves like 7 pm yesterday, 7 pm the day before yesterday, etc.
  • Weekly: Behavior expectation of the mentioned day of the week like past days of the week. For example - this Thursday behaves like past Thursdays
  
  Trigger when every forecasted value of the metric is above/above or equal to/below/below or equal to the threshold in next "X" interval
  Advanced option:
  • Evaluate the average forecasted value of the metric based on the "X" interval trend using last/any "Z" % samples.
  • Check the condition at every one minute over rolling "X" intervals.
  • Check the condition at every "X" interval over a fixed "X" interval.
  • Severity: Critical / Major / Minor (default is Major)
  • Apply default/simple/reactive model to make a linear/seasonal forecast

Recovery Threshold: Note: Recovery thresholds are optional thresholds added to alert conditions (Critical/ Major/Minor) to indicate an additional condition to metrics recovery from alert/warning states to normal states.
Example: If the critical threshold value is defined as 100 and recovery threshold is defined as 50, then the recovery threshold is satisfied when the metric value is reached to 50.