Create your first alert

You must install ThirdEye before you begin.

Alerts are the rules you build to detect anomalies. An alert configuration contains all the information necessary to:

Fetch data from a datasource
Preprocess data
Compute baselines
Detect anomalies
Filter anomalies with business rules
Send alerts to your subscription groups

In this guide, we'll create an alert that detects when a metric lies outside of a defined range. We will use StarTree Cloud, which includes Apache Pinot hosted as software-as-a-service (SaaS).

Load a sample dataset

To begin, load data into Apache Pinot.

Use StarTree Data Manager to load data

Go to your StarTree Data Manager at data.your.instance.startree.cloud.
Click Create a Dataset.
In Sample Datasets, click Complex Website.
Set the name to complexWebsite, and then click Confirm.

The test dataset is now loaded into Pinot.

Set up the datasource

Configure ThirdEye to get access to the Pinot database.

Connect ThirdEye to Pinot

In StarTree Cloud, ThirdEye connects to the Pinot database automatically. The first time ThirdEye is opened, a page will guide you through the onboarding of the dataset. Ask StarTree support for help if you cannot see Pinot datasets or fail to onboard.

Create the alert configuration

In StarTree Cloud, open the Thirdeye app.
Click Create Alert.
Copy and paste this JSON in the configuration field:

Use this JSON to configure your alert

{
  "name": "my-first-detection-configuration",
  "description": "",
  "cron": "0 0 5 ? * * *",
  "template": {
    "name": "startree-threshold"
  },
  "templateProperties": {
    "dataSource": "pinot",
    "dataset": "complexWebsite",
    "aggregationFunction": "sum",
    "aggregationColumn": "views",
    "max": "15000",
    "min": "5000",
    "monitoringGranularity": "P1D"
  }
}

quickstart_complexWebsite_alert.json

This configuration uses the startree-threshold template. A template contains all the logic to perform a detection, and exposes configuration fields. Properties are configured in templateProperties.

With this configuration, the following logic is applied:

An SQL query returns the sum of views, grouped by day, from the complexWebSite table.
A threshold rule is applied to the query results. If a data point falls outside the thresholds, it is flagged as an anomaly.

💡

For more information about alert configuration, see understanding detection configuration.

Below the JSON configuration, in the preview panel, press the refresh button: you will see the result of the detection configuration. Notice that there are a few anomalies.

Try changing the dates on the timeframe selector in the top right corner and the min/max values in the JSON to see what happens. Click the legend fields at the bottom to show/hide timeseries.
(Optional) Use the notifications panel below the chart to send anomaly messages to external systems like Slack and email. To create a notification, click Create Alert.

ThirdEye will guide you through the process, helping you find the right algorithm for your data. Once you get to the end and click Create, your first alert is created, and you will be redirected to the alert page.

When an alert is created, the detection is rerun on past data. It may take a few seconds, so you may have to refresh the page.

View an anomaly

Click an anomaly to open the anomaly page.
Click investigate to open the root-cause analysis page.
Use the bottom tabs to explore and help you find the root-cause of the anomaly.

Next Steps

Now that you have successfully configured your first alert and inspected an anomaly, explore these links to learn more:

To learn how to use root cause analysis features in the anomaly pages, see root cause analysis concepts
To learn more about alert configuration, see Alert configuration and execution.
To see alert examples, see create alerts how-tos.

ThirdEye data requirements Alert Examples