Try StarTree Cloud: 30-day free trial
Create your first alert

Create your first alert

In this guide you'll learn how to create your first alert. To follow the instructions in this guide, you will need to have ThirdEye running.

Alerts are the rules you build to detect anomalies. An alert configuration contains all the information necessary to:

  • Fetch data from a datasource.
  • Preprocess data
  • Compute baselines
  • Detect anomalies
  • Filter anomalies with business rules
  • Send alerts to your subscription groups

In this tutorial, we will create an alert that detects when a metric does not lie between a minimum and a maximum value. We will also see how alerts are created in the ThirdEye UI.


The following assumes you have a working ThirdEye environment. See Install ThirdEye.
If you just want to understand detection in alerts, see understanding detection configuration.

Load a sample dataset

Start by loading some data into Apache Pinot.

StarTree Cloud
  1. Go to your Startree Data Manager at
  2. Click on "Create a Dataset".
  3. In Sample Datasets, click on "Complex Website"
  4. Set the name to complexWebsite
  5. Confirm

The test dataset is now loaded into Pinot.

Setup the datasource

Configure ThirdEye to get access to the Pinot database.

StarTree Cloud

ThirdEye connects to the Pinot Database automatically. The first time ThirdEye is opened, a page will guide you through the onboarding of the dataset. Ask StarTree support if you cannot see Pinot datasets or fail to onboard.

Create the alert configuration

  1. Go to your Thirdeye app.
  2. Click on Create Alert
  3. Copy and paste this JSON in the configuration field:
StarTree Cloud
  "name": "my-first-detection-configuration",
  "description": "",
  "cron": "0 0 5 ? * * *",
  "template": {
    "name": "startree-threshold"
  "templateProperties": {
    "dataSource": "pinot",
    "dataset": "complexWebsite",
    "aggregationFunction": "sum",
    "aggregationColumn": "views",
    "max": "15000",
    "min": "5000",
    "monitoringGranularity": "P1D"


This configuration uses the startree-threshold template.
A template contains all the logic to perform a detection, and exposes configuration fields. The configuration fields are given via the templateProperties.

With this configuration, the following logic is applied:

  • A SQL query returns the sum of views grouped by day from the complexWebSite table.
  • A threshold rule is applied on the query results. If a data point is outside the thresholds, it is flagged as an anomaly.

For more about alert configuration, see understanding detection configuration.

  1. Below the JSON configuration, in the preview panel, press the refresh button: you will see the result of the detection configuration. Notice that there are a few anomalies.

Try changing the dates on the timeframe selector in the top right corner and the min/max values in the JSON to see what happens. Click on the legend fields at the bottom to show/hide timeseries.

  1. Below the chart there is a notifications panel. It is used to send anomaly messages to external systems like Slack and email. It is optional, click on Create Alert.

That’s it! Your first alert is created, and you will be redirected to the alert page. When an alert is created, the detection is rerun on past data. It may take a few seconds, so you may have to refresh the page.

View an anomaly

  1. Click on an anomaly. This will open the anomaly page.

  2. Click on investigate. This will open the root-cause analysis page.

  3. Use the bottom tabs to find the root-cause of the anomaly.

Next Steps

You have successfully configured your first alert and inspected an anomaly.