Moesif will monitor your API to detect anomalies using both your current and historical data to notify you if something is wrong.
To set up alerts, login to your Moesif account -> Settings -> Alert Settings
Alerts settings are specific to the org/app regardless of who is signed in from your team.
If you have multiple orgs or apps like a Development and a Production app, each can have their own alert settings.
There are two parts to alerts Alert Channels and Alert Rules
A channel is the medium you would like the alert to be sent to. At the moment, Moesif supports Slack, SMS, and Email as a channel. You can add many channels even for the same alert (i.e. you can send both a SMS and a Slack notification for the same alert).
API Alert Rules specify what you get notified on, when you get notified, and how often.
Think of alert rules as a router or handler for new incoming alerts to outgoing channels.
Every organization already has a default alert rule called
[Default] which cannot be deleted.
The default rule is the fallback rule if the URI Route of an error alert doesn’t match any
user defined alert rules.
Alert rules are specific to a route like
POST /payout/:id enabling
handling of separate services differently. You can find a list of autodetected URI routes by going
to API Search and selecting the URI Route filter.
The route field supports regex, so you can enter
/api/.* as an alert rule’s route.
You can also specify multiple channels for the same alert rule (i.e. to notify multiple teammates) or if
you want both email and Slack notifications.
Adding an alert rule
There are a few settings available when creating a new alert rule:
|Route||The route is the path part of the HTTP request’s URL starting with / to match against. Do not include the host or query string parts. The route can take in a regex expression such as
|Verb||The verb of the HTTP request to match against||POST|
|Tracking Metrics||The rule will be triggered when anomalies are detected on these metrics||count(distinct(errors))|
|Channels||List of channels to send the alerts to||Slack, Email|
|Minimal Interval Between Alerts||While Moesif tries to minimize alert fatigue, you can control this further by specifying the min interval between alerts. If set to 15 mins, then if an alert was sent at 2:45PM, Moesif won’t send a second alert for this same rule until 3:00PM at the earliest.||15 minutes|
Maintenance window can be defined which is a quiet period where alerts will not be sent. For example, if you have a cron job that performs some maintenance that brings down a service from 5AM to 6AM UTC everyday, you can set this schedule to avoid receiving false alerts.
|Timezone||The timezone to use for the start and end time||UTC|
|Start Time||The start time for maintenance window in 24 hour clock time||5:00|
|End Time||The end time for maintenance window in 24 hour clock time||6:00|
Anomaly Detection Sensitivity
If you feel that you’re receiving too few or too many false alerts, you can adjust the sensitivity. To avoid sending too many alerts, Moesif doesn’t use fixed rules like send alert when errors/min > 2%.
Instead, anomaly detection looks at historical data to learn what are acceptable error rates and only alert when there is a change. Because each application and environment is different Moesif still provides a way to change the detection sensitivities similar to modifying fixed rules.
First, click the switch Adjust Anomaly Detection Sensitivity to bring up the sliders.
Moesif has slow, medium, and fast detectors. If you’re receiving too many false alerts, drag slider right. If you want to be notified of every minor issue, drag the slider right.
|Detector||Alert Name||When to decrease sensitivity|
|Short duration spike detection||SPIKE||Your API receives a low volume of traffic so small fluctuations in error rates throws off the spike detector|
|Normal level change detection||RISE/FALL|
|Slow positive trend detection||POSITIVE TREND||Your API has seasonal patterns (such as an API only used during working hours which naturally has an increase in error rates at 9am)|
Each notification has a thumbs up and thumbs down rating. If the alert is uninteresting to you, you can downvote it. Moesif continuously adapts to send less alerts that are similar to the ones you downvote such as in the below Slack alert.
I am not receiving any alerts
A: Moesif looks at both current and historical data when deciding to send alerts. If you deployed a new endpoint, there may not be enough historical data to make a decision. Give it a day running in production first. If you still are having issues, feel free to email us or adjust the detection sensitivity. Also, ensure you have an active channel under Alert Settings.
I am receiving too many alerts
A: If a particular endpoint like
GET /probe is noisy and generates many false alerts, you can add an explicit
alert rule with 24 hrs as the maintenance window (i.e. always quiet) or increase the alert interval
which will silence the route completely. If you just want to reduce the amount of alerts,
take a look at adjusting the detection sensitivity.