Docs » Configure detectors and alerts in Splunk APM » Use built-in alert conditions in Splunk APM

Use built-in alert conditions in Splunk APM 🔗

When creating rules in detectors to specify conditions that will trigger alerts, Splunk APM provides built-in conditions that detect common problem scenarios. Many of these alert conditions provide more powerful ways of monitoring signals than the standard practice of comparing a signal to a static threshold.

Note

This table lists built-in conditions that are available when you are creating a Splunk APM detector for latency or error rate. If you are creating an Infrastructure or Custom Metrics detector, see Built-in alert conditions.

The following table summarizes the available built-in alert conditions for latency detectors in Splunk APM.

Condition

Description

Example

Static Threshold

Alerts when latency goes above a static threshold, relative to a specified percentile, for a specified period of time.

The 90th percentile of latency is above 500ms for 100% of 5 seconds.

Sudden Change

Alerts when latency during a recent time window anomalously spikes compared to the preceding time window. Anomaly can be defined through number of deviations from norm or percentage change of signal.

Latency in the last 10 minutes is more than 5 deviations above the norm established in the preceding 1 hour; The 50th percentile of latency in the last 10 minutes is more than 30% above latency of the preceding 1 hour.

Historical Anomaly

Alerts when latency anomalously spikes compared to the same periods in the past (for cyclical or seasonal data). Anomaly can be defined through number of deviations from historical norm or percentage change compared to historical norm.

Latency in the last 10 minutes is more than 5 deviations above its historical norm, cyclical over 1‑week periods; The 90th percentile of latency in the last 10 minutes is more than 30% above its historical norm, cyclical over 1‑week periods.

The following table summarizes the available built-in alert conditions for error rate detectors in Splunk APM.

Condition

Description

Example

Static Threshold

Alerts when the error rate goes above a specified percentage for a minimum number of requests.

The error rate over the last 10 minutes is above 10% across at least 50 requests.

Sudden Change

Alerts when there is a sudden increase in error rate.

The error rate over the last 5 minutes is over 5% larger than the error rate of the preceding 1 hour across at least 100 requests.