Real-Time Rolling Alerts

This document describes how the real-time rolling evaluation period type works for alerts and how to use it to set up real-time alerts. To detect long-term trends and anomalies, use calendar-based alerts.

Real-Time Rolling Evaluation Period

Real-time rolling allows you to set the evaluation period for smaller time periods like hours and minutes. Moesif evaluates them continuously every minute in overlapping rolling windows. For example, if you select 15 minutes, Moesif aggregates the metric from the last 15 minutes with a series like 12:00 to 12:15, 12:01 to 12:16, 12:02 to 12:17, and so on.

If you want to get real-time alerts for sudden spikes or drop-offs, use real-time rolling alert periods.

Example: Set Dynamic Alert with Real-Time Rolling Window to Monitor Short-Term Anomalies

This example sets up a dynamic alert using Moesif’s anomaly detection system to monitor abrupt increase in 401 Unauthorized errors.

Assume that you have a protected resource that requires valid credentials to access. You want to set up an alert to monitor and identify unauthorized access errors. A sudden spike in 401 errors might indicate configuration and credential issues, or active security threats.

This use case requires a real-time dynamic alert that evaluates your target metric every minute, instead of an alert with calendar-based rolling window for long-term anomalies.

Specify Event Filters

• Select API call event type.
• Select 401 Unauthorized as the HTTP response status code.

Select Group By

Categorize the metric by request URI route in the Group By pane. This helps understand affected endpoints and distribution of the issue across your API surface.

Specify the Metric

Select Event Count as the metric.

Specify Alert Rule Settings

• Enter a name for the alert
• Select 15 min as the evaluation period.
• Turn the alert on by selecting the on-off checkbox.
• Select Dynamic Alert as the alert type.

• Select Increase for the alert trigger direction since we want to detect spikes in 401 errors.

  Tip: For static alerts, you can select the any operator in Threshold to trigger the alert for every evaluation period regardless of any criteria. This is helpful in use cases like when you want to send daily or monthly reports of top customers.

• In metric anomaly detector settings, make sure to set them at a reasonable level that aligns with how often you want to get alerts.
• Select or create a new notification channel where you want Moesif to dispatch alert notifications to.
• Optionally, add a custom message or note to the alert. This shows up in the notification.
• Select Save.

Tip: For static alerts, you can select the any operator in Threshold to trigger the alert for every evaluation period regardless of any criteria. This is helpful in use cases like when you want to send daily or monthly reports of top customers.