Telemetry
Browse docs
Discussion TopicsUpdated February 27, 2026

Alerts

Telemetry alerts let you monitor query output and get notified by email when a metric crosses a threshold.

How alerts work

Each alert evaluation follows the same flow:

  1. Run the saved query (from Explore or a SQL query).
  2. Order rows by timestamp (newest first).
  3. Optionally ignore the latest row (Ignore the last data point).
  4. Take the last N data points.
  5. Compute an aggregation (avg, sum, p95, etc.).
  6. Compare the value to your threshold.
  7. Send notifications when state changes (triggered or resolved).

Create an alert from Explore

  1. Open /team/{team}/table/{table}?tab=explore.
  2. Set graph type, filters, time range, and metric.
  3. Click Run.
  4. In the results toolbar above the chart, click Create Alert.
  5. Configure condition, interval, and recipients.
  6. Click Create Alert to save.

After you run an Explore query, the alert button appears on the right side of the results toolbar next to Add to Dashboard:

Telemetry Explore view showing the Create Alert button next to Add to Dashboard above the chart.

Use Create Alert from the results toolbar after clicking Run.

After creation, you will land on /team/{team}/alert/{alertSlug} where you can inspect status and event history.

Create an alert from SQL query results

  1. Open a saved query.
  2. Run the query and switch to Results or Chart tab.
  3. Click Create Alert.
  4. Choose aggregation and threshold logic.
  5. Save and verify the alert detail page.

Alert condition fields

Field Meaning
Aggregation How values are reduced (avg, max, p95, etc.)
Last N data points Window size for evaluation
Ignore last data point Skips newest row to avoid incomplete buckets
Comparison >, >=, <, <=
Threshold Numeric target for the comparison
Check interval How often the evaluator runs
Recipients Email addresses for notifications

Interactive inline examples

Example 1: API latency regression (p95)

Open this Explore URL template and replace placeholders:

/team/{team}/table/{table}?tab=explore&graphType=line&agg=p95&metric=latency_ms&time=7d

Then create an alert with:

  1. Aggregation: p95
  2. Last N points: 5
  3. Comparison: Greater than
  4. Threshold: 850
  5. Interval: Every minute
Example 2: Error surge detector

Run this query in your SQL editor:

SELECT
  date_trunc('minute', timestamp_utc) AS time_bucket,
  COUNT(*) AS errors
FROM
  http_logs
WHERE
  status_code >= 500
  AND timestamp_utc >= now() - INTERVAL '2 hours'
GROUP BY
  time_bucket
ORDER BY
  time_bucket DESC;

Create an alert:

  1. Metric: errors
  2. Aggregation: avg
  3. Last N points: 3
  4. Comparison: Greater than
  5. Threshold: 20
Example 3: Missing traffic detector

Use this when event volume unexpectedly drops:

  1. Build a chart or query that returns event counts over time.
  2. Create an alert using sum over the last 10 points.
  3. Set comparison to Less than and threshold to 50.

If triggered, check ingestion services, queues, and cron workers.

Troubleshooting

  1. No notifications: verify recipient emails are valid and alert is enabled.
  2. False positives: increase Last N data points or keep Ignore last data point enabled.
  3. Alert never triggers: lower threshold or confirm the selected metric column is numeric.