Error Alerting

Configure alert rules to get notified when errors spike, new error types appear, or anomalous patterns are detected. Alerts can be sent via email, webhook, or Slack.

Alert rule types

Gurulu supports five types of alert rules:

  • Threshold -- fires when error count or rate exceeds a fixed value within a time window.
  • Spike -- fires when error rate increases by a percentage compared to the baseline period.
  • Anomaly -- uses z-score analysis against a rolling baseline to detect statistically significant deviations.
  • New error -- fires when an error fingerprint is seen for the first time.
  • Regression -- fires when a previously resolved error group reappears.

Notification channels

Alert notifications can be delivered through multiple channels simultaneously:

  • Email -- sends a formatted report with error details, affected user count, and a direct link to the error group.
  • Webhook -- sends a JSON payload to any endpoint. Useful for integrating with PagerDuty, OpsGenie, or custom systems.
  • Slack -- posts a rich message to a Slack channel with error summary, sparkline chart, and action buttons.

Anomaly-based alerting

Anomaly detection uses z-score analysis against a rolling baseline window. When the current error rate deviates beyond the configured z-score threshold, an alert is triggered.

alert-rule.json
{
  "name": "Error spike detection",
  "type": "anomaly",
  "metric": "error_count",
  "zScoreThreshold": 3.0,
  "baselineWindow": "7d",
  "evaluationWindow": "15m",
  "channels": ["slack", "email"]
}

A z-score of 3.0 means the current value is 3 standard deviations above the mean. Higher values reduce false positives but may miss smaller spikes.

Rule-based alerting

Rule-based alerts use simple threshold comparisons. Configure a metric, operator, value, and time window:

threshold-rule.json
{
  "name": "High error rate",
  "type": "threshold",
  "metric": "error_count",
  "operator": "gt",
  "value": 500,
  "window": "1h",
  "channels": ["webhook"],
  "webhookUrl": "https://hooks.slack.com/services/..."
}

Cooldown periods

Cooldown prevents alert fatigue by suppressing duplicate notifications within a configured window. You can also set a maximum number of alerts per hour.

{
  "cooldownMinutes": 30,
  "muteAfterResolve": true,
  "maxAlertsPerHour": 5
}

CLI management

# List active alert rules
gurulu alerts list --site-id YOUR_SITE_ID

# Create a new rule
gurulu alerts create --config alert-rule.json

# Test a channel
gurulu alerts test --channel slack --site-id YOUR_SITE_ID

For SLO-based alerting, see Error Budgets for burn-rate alerts that track error budget consumption over time.

Edit this page