Skip to content

Alerts

We support two kinds of alerts , which are evaluated for specified stream :

  1. Scheduled alerts
  2. Real time alerts

To navigate to alerts in OpenObserve , select preferred organization using organization selection control, then click on Alerts menu , which will take one to alerts list screen. The screen lists all alerts for selected organization.

Alerts

Alert screen details :

  1. Search in listed alerts
  2. Add new alert
  3. Name of the alert - used during notification
  4. Stream name for alert
  5. Query used during alert evaluation - applicable only to scheduled alerts
  6. Condition being evaluated for alert
  7. Edit alert
  8. Delete alert

Scheduled alerts

Scheduled alerts are evaluated at frequency for the condition of the alert , over duration specified as part of alert. If the condition evaluates to true a notification is sent to alert destination. Additionally user can delay notification after a notification is generated once for specified delay.

For eg : A user wants to be notified of condition if error code 500 occurs more than 15 time for duration of 2 mins & wants such evaluation to happen at 1 min frequency.

For above mentioned eg: query : SELECT count("code") as occurrence FROM "default" WHERE code=500 condition : occurrence >= 15 duration : 2 mins - signifies data scanned by query is of last 2 mins frequency : 1 mins

In case of scheduled alert user can specify sql which will be evaluated over duration at frequency specified by user.

Scheduled Alert

Real time alerts

Real time alerts are evaluated at ingestion time based on condition specified , they are evaluated per record.

For eg :A user wants to be notified of when API response time is more than 100 ms

Real Time Alert

Please note we only support slack webhook as destination for both kind of alerts.