Elgato_dark/hyperdx
1
0
Fork 0
mirror of https://github.com/hyperdxio/hyperdx synced 2026-04-21 13:37:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
hyperdx/.changeset/short-badgers-applaud.md
Drew Davis 085f30743e
feat: Implement alerting for Raw SQL-based dashboard tiles (#2073) 
## Summary

This PR implements alerting on Raw SQL-based line/bar charts.

- This is only available for line/bar charts with this change. Number charts will be added in a future PR.
- The threshold is compared to the _last_ numeric column in each result.
- The interval parameter must be used. This is required for line charts to function, and is used for zero-fill and other functionality within the alerts task. This limitation will be removed for Number chart alerts when those are implemented.
- Start and and end date should be used, but are not required because there are some potential use-cases where they may not be desirable.

### Screenshots or video

https://github.com/user-attachments/assets/e2d0cd6c-b040-4490-89af-6a51a7380647

Logs from Check-Alerts evaluating a raw-sql alert

<img width="1241" height="908" alt="Screenshot 2026-04-09 at 3 01 14 PM" src="https://github.com/user-attachments/assets/dbed4e5f-bf27-4179-b8e0-897cc19f3d3a" />

### How to test locally or on Vercel

This must be tested locally, as alerts are not enabled in the preview environment.

<details>
<summary>Query for the "anomaly detection" example</summary>

```sql
WITH buckets AS (
  SELECT
    $__timeInterval(Timestamp) AS ts,
    count() AS bucket_count
  FROM $__sourceTable
  WHERE TimestampTime >= fromUnixTimestamp64Milli({startDateMilliseconds:Int64}) - toIntervalSecond($__interval_s * 30) -- Fetch 30 intervals back
    AND TimestampTime < fromUnixTimestamp64Milli({endDateMilliseconds:Int64})
    AND SeverityText = 'error'
  GROUP BY ts
  ORDER BY ts
  WITH FILL STEP toIntervalSecond($__interval_s)
),

anomaly_detection as (
  SELECT
    ts,
    bucket_count,
    avg(bucket_count) OVER (ORDER BY ts ROWS BETWEEN 30 PRECEDING AND 1 PRECEDING) as previous_30_avg, -- avg of previous 30 intervals
    stddevPop(bucket_count) OVER (ORDER BY ts ROWS BETWEEN 30 PRECEDING AND 1 PRECEDING) as previous_30_stddev, -- standard deviation of previous 30 intervals
    greatest(bucket_count - (previous_30_avg + 2 * previous_30_stddev), 0) as excess_over_2std -- compare bucket to avg + 2 stddev. clamp at 0.
  FROM buckets
)

SELECT ts, excess_over_2std 
FROM anomaly_detection
WHERE ts >= fromUnixTimestamp64Milli({startDateMilliseconds:Int64}) AND ts < fromUnixTimestamp64Milli({endDateMilliseconds:Int64})
```

</details>

### References



- Linear Issue: HDX-1605
- Related PRs:
2026-04-13 17:58:22 +00:00

143 B
Raw Blame History

@hyperdx/common-utils @hyperdx/api @hyperdx/app
patch patch patch

feat: Implement alerting for Raw SQL-based dashboard tiles