WebMonitoring
Alert Rules
Alert rules define the conditions that trigger alerts. When a rule's condition is met during a scheduled evaluation cycle, an Alert instance is created and the configured escalation policy begins. Rules can be toggled active or inactive without being deleted.
Rule List
The alert rules list at /monitoring/alert-rules shows all configured rules with:
- Rule name and description
- Metric being monitored with current value
- Active / Inactive toggle — disabling a rule halts evaluation without deleting it
- Severity badge (info / warning / critical)
- Last triggered timestamp
- Associated escalation policy name
Rule Configuration Fields
| Field | Options / Format | Description |
|---|---|---|
| Name | string | Human-readable rule identifier shown in alert notifications |
| Metric | dropdown | The metric to monitor. Populated from a catalog of available FinOps and Redshift metrics. |
| Condition | >, <, ==, != | The comparison operator applied between the metric value and threshold |
| Threshold | number | The value the metric is compared against to determine if the condition is met |
| Evaluation Window | 5 / 15 / 30 / 60 min | The time window over which the metric is aggregated before comparison |
| Severity | info / warning / critical | Determines the urgency level used in notification messages and escalation priority |
| Notification Channel | dropdown (multi-select) | Channels notified at the first escalation level when the rule fires |
| Escalation Policy | dropdown | The escalation policy that governs notification progression if the alert is not acknowledged |
Available Metrics
| Metric | Source | Typical Threshold |
|---|---|---|
| avg_query_duration_seconds | stv_wlm_query_state | 300s (5 minutes) |
| disk_spill_gb | sys_query_detail | 10 GB |
| daily_cost_usd | CID cost views | Tenant-specific |
| unsorted_pct | svv_table_info | 20% |
| ghost_rows_pct | svv_table_info | 30% |
Evaluation Cycle
Rule evaluation runs on a scheduled background job. Each evaluation cycle:
- Fetches the current metric value from the appropriate data source
- Compares the value against the threshold using the configured condition
- If the condition is met, creates an Alert instance with
status: firing - Triggers the first level of the configured escalation policy
- If the condition is no longer met in a subsequent cycle, the alert is auto-resolved
Duplicate Prevention
If an alert rule fires and an active Alert instance already exists for that rule (status:
firing or acknowledged), no duplicate alert is created. A new alert is only created after the previous one is resolved.