Create your first alert
You must install ThirdEye before you begin.
Alerts are the rules you build to detect anomalies. An alert configuration contains all the information necessary to:
- Fetch data from a datasource
- Preprocess data
- Compute baselines
- Detect anomalies
- Filter anomalies with business rules
- Send alerts to your subscription groups
In this guide, we'll create an alert that detects when a metric lies outside of a defined range. We will use StarTree Cloud, which includes Apache Pinot hosted as software-as-a-service (SaaS).
Load a sample dataset
To begin, load data into Apache Pinot.
Use StarTree Data Manager to load data
- Go to your StarTree Data Manager at
data.your.instance.startree.cloud
. - Click Create a Dataset.
- In Sample Datasets, click Complex Website.
- Set the name to
complexWebsite
, and then click Confirm.
The test dataset is now loaded into Pinot.
Set up the datasource
Configure ThirdEye to get access to the Pinot database.
Connect ThirdEye to Pinot
In StarTree Cloud, ThirdEye connects to the Pinot database automatically. The first time ThirdEye is opened, a page will guide you through the onboarding of the dataset. Ask StarTree support for help if you cannot see Pinot datasets or fail to onboard.
Create the alert configuration
- In StarTree Cloud, open the Thirdeye app.
- Click Create Alert.
- Copy and paste this JSON in the configuration field:
Use this JSON to configure your alert
{
"name": "my-first-detection-configuration",
"description": "",
"cron": "0 0 5 ? * * *",
"template": {
"name": "startree-threshold"
},
"templateProperties": {
"dataSource": "pinot",
"dataset": "complexWebsite",
"aggregationFunction": "sum",
"aggregationColumn": "views",
"max": "15000",
"min": "5000",
"monitoringGranularity": "P1D"
}
}
quickstart_complexWebsite_alert.json
This configuration uses the startree-threshold
template. A template contains all the logic to perform a detection, and exposes configuration fields. Properties are configured in templateProperties
.
With this configuration, the following logic is applied:
- An SQL query returns the sum of views, grouped by day, from the
complexWebSite
table. - A threshold rule is applied to the query results. If a data point falls outside the thresholds, it is flagged as an anomaly.
For more information about alert configuration, see understanding detection configuration.
-
Below the JSON configuration, in the preview panel, press the refresh button: you will see the result of the detection configuration. Notice that there are a few anomalies.
Try changing the dates on the timeframe selector in the top right corner and the min/max values in the JSON to see what happens. Click the legend fields at the bottom to show/hide timeseries.
-
(Optional) Use the notifications panel below the chart to send anomaly messages to external systems like Slack and email. To create a notification, click Create Alert.
ThirdEye will guide you through the process, helping you find the right algorithm for your data. Once you get to the end and click Create, your first alert is created, and you will be redirected to the alert page.
When an alert is created, the detection is rerun on past data. It may take a few seconds, so you may have to refresh the page.
View an anomaly
-
Click an anomaly to open the anomaly page.
-
Click investigate to open the root-cause analysis page.
-
Use the bottom tabs to explore and help you find the root-cause of the anomaly.
Next Steps
Now that you have successfully configured your first alert and inspected an anomaly, explore these links to learn more:
- To learn how to use root cause analysis features in the anomaly pages, see root cause analysis concepts
- To learn more about alert configuration, see Alert configuration and execution.
- To see alert examples, see create alerts how-tos.