Monitors

A monitor is the configuration that observes a metric at regular intervals and issues alerts when detection rules are triggered.

While a metric transforms events into time series, a monitor is the mechanism that tracks those series and signals behaviors outside the expected range — such as an abnormal increase in declines, a sharp drop in transaction volume, or the crossing of a manually defined threshold.

Monitor components

What is being monitored

Defines the source of the analyzed data:

  • Metric: which metric will be observed. Cannot be changed after creation.
  • Aggregation: which calculation of the metric will be analyzed (count, sum, rate, etc.).
  • Filters (optional): restricts the monitoring scope to a subset of events, based on the metric’s dimensions.

How often

The interval defines how frequently the analysis runs. At each cycle, the platform evaluates the most recent aggregation value and checks whether the detection rules are triggered.

Detection rules

The rules determine when an alert should be opened. At least one of the two methods must be configured:

Anomaly detection

Anomaly detection uses machine learning to identify behaviors outside the historical pattern of the metric. The model considers the seasonality and trend of the series to determine what is expected for each period.

When enabling anomaly detection, you can configure the direction:

  • High: alerts only when the value rises beyond expected.
  • Low: alerts only when the value falls below expected.
  • Both: alerts on any significant deviation.

Conditions

Conditions are manual rules that compare the current value of an aggregation against a defined threshold. When the value exceeds the configured limit, the alert is opened.

Multiple conditions can be configured in the same monitor.

Notifications

When a notification channel is configured, the platform sends a notification whenever an alert is opened. If no channel is configured, alerts are only available in the panel.

Alerts

Each time a detection rule is triggered, an alert is opened. The alert remains open until the behavior returns to normal or the monitor is deactivated.

When a monitor is deactivated, all open alerts are automatically closed. The same occurs when the monitor is removed.

Status

A monitor can be active or inactive. When inactive, analysis is suspended and open alerts are closed.

Limits

  • Maximum of 20 monitors per event type.
  • A monitor depends on an active metric — it is not possible to remove a metric while it is in use by one or more monitors.