Skip to main content

Create your first alert

info

In this guide you'll learn how to create your first alert. To follow the instructions in this guide, you will need to have ThirdEye running.

Alerts are the rules you build to detect anomalies. An alert configuration contains all the information necessary to:

  • Fetch data from a datasource.
  • Preprocess data
  • Compute baselines
  • Detect anomalies
  • Filter anomalies with business rules
  • Send alerts to your subscription groups

In this tutorial, we will create an alert that detects when a metric does not lie between a minimum and a maximum value. We will also see how alerts are created in the ThirdEye UI.

caution

The following assumes you have a working ThirdEye environment. See Install ThirdEye.
If you just want to understand detection in alerts, see understanding detection configuration.

Load a sample dataset

Start by loading some data into Apache Pinot.

  1. Go to your Startree Dataset Manager at [your_startree_url]/datasets.
  2. Click on Add New Dataset.
  3. Create a sample dataset:
    1. Name the dataset complexWebsite
    2. Click on Use Sample Data
    3. Select Website With Anomalies
    4. Click Next
  4. On the next screen, click Submit

The test dataset is now loaded into Pinot.

Setup the datasource

Configure ThirdEye to get access to the Pinot database.

ThirdEye connects to the Pinot Database automatically.
Pinot datasets are onboarded automatically.
Ask StarTree support if you cannot see Pinot datasets in configuration → datasets.

Create the alert configuration

  1. Go to your Thirdeye app.
  2. Click on Create Alert
  3. Copy and paste this JSON in the configuration field:
    quickstart_complexWebsite_alert.json
    {
    "name": "my-first-detection-configuration",
    "description": "",
    "cron": "0 0 5 ? * * *",
    "template": {
    "name": "startree-threshold"
    },
    "templateProperties": {
    "dataSource": "pinot",
    "dataset": "complexWebsite",
    "aggregationFunction": "sum",
    "aggregationColumn": "views",
    "max": "15000",
    "min": "5000",
    "monitoringGranularity": "P1D"
    }
    }
    This configuration uses the `startree-threshold` template. A template contains all the logic to perform a detection, and exposes configuration fields. The configuration fields are given via the `templateProperties`.

With this configuration, the following logic is applied:

  • A SQL query returns the sum of views grouped by day from the complexWebSite table.

  • A threshold rule is applied on the query results. If a data point is outside the thresholds, it is flagged as an anomaly.

    tip

    For more about alert configuration, see understanding detection configuration.

  1. Below the JSON configuration, in the preview panel, press the refresh button: you will see the result of the detection configuration. Notice that there are a few anomalies.


    Try changing the dates on the timeframe selector in the top right corner and the min/max values in the JSON to see what happens. Click on the legend fields at the bottom to show/hide timeseries.
  2. Below the chart there is a notifications panel. It is used to send anomaly messages to external systems like Slack and email. It is optional, click on Create Alert.

That’s it! Your first alert is created, and you will be redirected to the alert page. When an alert is created, the detection is rerun on past data. It may take a few seconds, so you may have to refresh the page.

View an anomaly

  1. Click on an anomaly. This will open the anomaly page.


  2. Click on investigate. This will open the root-cause analysis page.


  3. Use the bottom tabs to find the root-cause of the anomaly.


Next Steps

You have successfully configured your first alert and inspected an anomaly.