Skip to main content

Alert Rules

Alert rules define the conditions that trigger alerts. Signal supports multiple rule types to handle different monitoring scenarios.

Rule Types

Threshold

Alerts when a value crosses a specified limit: 
{
  "name": "High Error Rate",
  "rule_type": "threshold",
  "source": "reflex",
  "source_name": "error_count",
  "operator": "gt",
  "threshold": 100,
  "window": "5m",
  "severity": "critical"
}
Operators:
  • gt - Greater than
  • gte - Greater than or equal
  • lt - Less than
  • lte - Less than or equal
  • eq - Equal to

Anomaly

Alerts when a value deviates from its historical baseline: 
{
  "name": "Unusual Traffic",
  "rule_type": "anomaly",
  "source": "flux",
  "source_name": "api.requests",
  "deviation": 3.0,
  "window": "1h",
  "comparison_window": "7d",
  "severity": "warning"
}
Parameters:
  • deviation - Standard deviations from baseline (default: 3.0)
  • comparison_window - Historical period for baseline

Absence

Alerts when no data is received within a time window: 
{
  "name": "Service Down",
  "rule_type": "absence",
  "source": "pulse",
  "source_name": "heartbeat",
  "window": "5m",
  "severity": "critical"
}
Use for:
  • Health check monitoring
  • Service availability
  • Data pipeline monitoring

Composite

Combines multiple conditions with logical operators: 
{
  "name": "Critical Situation",
  "rule_type": "composite",
  "conditions": [
    { "rule_id": "high-errors", "status": "firing" },
    { "rule_id": "low-traffic", "status": "firing" }
  ],
  "operator": "and",
  "severity": "critical"
}
Operators:
  • and - All conditions must be true
  • or - Any condition must be true

Creating Rules

Via API

curl -X POST "https://signal.brainzlab.ai/api/v1/rules" \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "rule": {
      "name": "High P95 Latency",
      "source": "pulse",
      "source_name": "response_time.p95",
      "rule_type": "threshold",
      "operator": "gt",
      "threshold": 500,
      "window": "5m",
      "severity": "warning",
      "notify_channels": ["<channel-uuid>"],
      "tags": {
        "team": "backend",
        "service": "api"
      }
    }
  }'

Via Dashboard

  1. Go to Signal > Rules
  2. Click New Rule
  3. Select rule type and data source
  4. Configure conditions
  5. Select notification channels
  6. Save

Rule Configuration

Window

How long the condition must persist:
WindowDescription
1mImmediate alerts, may be noisy
5mBalance of speed and accuracy
15mReduces false positives
1hFor slow-moving metrics

Severity

LevelUse Case
infoInformational, no action needed
warningInvestigate soon
criticalImmediate action required

Tags

Add metadata for filtering and routing: 
{
  "tags": {
    "team": "platform",
    "environment": "production",
    "service": "payments"
  }
}

Managing Rules

List Rules

GET /api/v1/rules
GET /api/v1/rules?source=flux&severity=critical

Update Rule

PATCH /api/v1/rules/:id
{
  "rule": {
    "threshold": 200,
    "severity": "critical"
  }
}

Mute Rule

Temporarily disable a rule: 
POST /api/v1/rules/:id/mute
{
  "duration": "2h",
  "reason": "Deploying new version"
}

Delete Rule

DELETE /api/v1/rules/:id

Best Practices

Start with Warnings

Begin with warning severity, escalate to critical once tuned

Use Meaningful Names

Include service, metric, and condition in rule names

Add Tags

Tag rules by team, service, and environment

Set Appropriate Windows

Longer windows reduce noise but increase detection time