Change detection monitors allow you to receive alerts when the value of a query changes significantly compared to a previous point in time. This feature is useful for catching unexpected spikes, drops, or shifts in your data trends.

Creating a Change Detection Monitor

To create a change detection monitor:
  1. Navigate to Monitors and select + New Monitor.
  2. Choose Change Detection as the monitor type.
From here, you will configure the data source, query conditions, and alert thresholds.

How Change Detection Works

A change detection monitor compares two queries over time:
  1. The monitor first runs a query for the current evaluation window (e.g. the last 15 minutes).
  2. It then runs the same query offset by a chosen timeframe in the past (e.g. 1 hour ago).
  3. The monitor computes the difference between the two query results.
  4. If the difference exceeds the defined threshold, an alert notification is triggered.

Change Types

When configuring your monitor, you can specify how the change is measured:
  • Change: The raw difference between the current and past values.
aba - b
  • % Change: The percentage difference relative to the past value.
(ab)b×100\frac{(a - b)}{b} \times 100

Alert Conditions

In the Set Alert Conditions step, you define the threshold for triggering an alert. The following operators are supported:
  • Above
  • Below
  • Above or Equal
  • Below or Equal
An alert will be sent if the computed change meets the specified condition. Note: When monitoring for drops (using a below operator), the threshold value should usually be negative. For example, to alert on a 50% drop in volume, set the threshold to -50 rather than 50. This sends an alert notification when the percentage change falls below -50%, in other words, there has been a 50% drop.

Configuration Options

When creating a change detection monitor, you’ll need to configure the following:
  1. Source Dataset – Select the dataset(s) on which the queries will be run.
  2. Filters – (Optional) Narrow down results by applying filters.
  3. Aggregation Function – Define how data points are aggregated (e.g. count, average, max, sum).
  4. Change Type – Choose between Change or % Change.
  5. Evaluation Window – The time period over which the aggregation is calculated (N minutes, hours, days, weeks, up to maximum of 1 month).
  6. Timeframe Offset – How far back in time the comparison query should be run (N minutes, hours, days, weeks, up to maximum of 1 month ago).
This example shows the following conditions: The % change for the count of log events with response_status:200 over the past 1 hour compared to 4 hours ago.

Example Use Cases

  • Detecting unusual traffic spikes compared to the same time yesterday.
  • Monitoring error rates that suddenly increase compared to the previous hour.
  • Tracking a drop in transaction volume relative to the past week.