Alert Rule | Atatus Docs

An alert rule defines what to monitor and when to alert. Each rule specifies a product, metric, threshold, evaluation window, and operator. When the metric breaches the threshold for the configured duration, Atatus creates an issue and groups it into an incident.

Every rule belongs to exactly one alert policy. A policy can have multiple rules.

Rule configuration

When creating a rule, you configure the following fields:

Field	Description
Product	The monitoring product (Browser, APM, Infrastructure, Kubernetes, Logs, Analytics, etc.)
Metric	The specific metric to monitor (e.g., Web Response Time, CPU Used Percentage)
Operator	How to compare the metric value against the threshold — above, below, or equal
Critical threshold	The value that triggers a Critical severity issue
Warning threshold	(Optional) The value that triggers a Warning severity issue
Duration	The evaluation window — 5, 10, 15, 30, or 60 minutes
Time function	`all` (every minute must breach) or `any` (at least one minute must breach)
Targets	(Optional) Specific applications, hosts, or entities to monitor
Filters	(Optional) Narrow the scope to specific pages, transactions, or labels
Rule name	A descriptive name for the rule

Creating a new alert rule

Go to Alerting > Alert Policies and click on an existing policy, or create a new policy first.
Click Create a new rule.
Select the product (Browser, APM, Infrastructure, etc.). The available metrics change based on the product you select.
Choose the metric you want to monitor.
Set the operator (above, below, or equal) and the Critical threshold value. Optionally add a Warning threshold.
Set the duration and time function. See Thresholds for guidance on choosing these values.
(Optional) Select specific targets to limit evaluation to certain applications or hosts.
(Optional) Add filters to narrow the scope further.
Enter a rule name that describes what this rule monitors.
Click Create rule.

Managing rules

Edit — Click on a rule to modify its metric, thresholds, or filters. Changes take effect on the next evaluation cycle.
Delete — Remove a rule from the policy. Open issues from this rule are closed automatically.
Enable / Disable — Rules inherit the enabled state from their parent policy. To stop evaluating a single rule, you can delete it or disable the entire policy.

Alert rule types

Alert rules are available for the following products. Each product has its own set of metrics and filters:

Browser Alerts — Page load, Web Vitals, AJAX, transactions, JS errors
APM Alerts — Response time, throughput, error rate, Apdex, database, external services
Infrastructure Alerts — CPU, memory, disk, network, host not reporting, checks failing
Kubernetes Alerts — Pod, container, node, deployment, replica metrics
Logs Alerts — Log event count, log volume
Analytics Alerts — API request duration, throughput, failure counts
Baseline Alerts — Moving average deviation detection for Browser and APM metrics

For Database Monitoring, Network Device Monitoring, SIEM, and Custom Metric alerts, refer to the product-specific documentation.

Filter conditions

Rules support filter conditions to narrow the scope of evaluation. Each filter has a field, operator, and value. Available operators:

Operator	Description
is	Exact match
is not	Exclusion
contains	Substring match
not contains	Negative substring
less than	Numeric comparison
greater than	Numeric comparison

All filters are AND-combined — a data point must match every filter to be included.

Example

Rule: Alert when Web Response Time exceeds 2 seconds for 5 consecutive minutes on the checkout service.

Setting	Value
Product	APM
Metric	Web Response Time
Operator	above
Critical threshold	2 seconds
Warning threshold	1 seconds
Duration	5 minutes
Time function	all
Target	checkout-service
Rule name	Checkout response time

With this rule, if every 1-minute evaluation bucket within a 5-minute window shows the average response time above 2 seconds, a Critical issue is created. If it exceeds 1 second but stays below 2 seconds for the full window, a Warning issue is created instead.