Prerequisites: Before creating alert rules, you need:
- A connected data source with discovery completed
- At least one alert destination configured (Slack, email, etc.)
Rule Components
Every alert rule has these parts:
Creating a Rule
Select Event Type
Choose what triggers this rule:
| Event Type | Description |
|---|---|
| Schema Change Detected | Column/table added, removed, or modified |
| Freshness Violation | Data not updated within SLA threshold |
| Discovery Failed | Connection or permission error during scan |
| Asset Removed | Table or view no longer exists |
| New Asset Discovered | Previously unknown table/view found |
Schema Change Detected is the most commonly used event type for monitoring production databases.
Define Scope
Filter which events match this rule:Data Source (optional)
- Select specific connections or leave blank for all
- Include only specific schemas (e.g.,
public,analytics) - Exclude schemas (e.g.,
test_*,pg_temp)
- Target specific tables/views
- Use patterns:
orders*,*_staging
Add Conditions
Further filter events (varies by event type):For Schema Changes:
- Change type: Column Added, Column Removed, Type Changed, Table Added, Table Removed
- Affected column pattern:
*_id,created_*
- Minimum delay: Only alert if data is X hours late
- Threshold exceeded by: Alert only after threshold exceeded by Y%
Select Destinations
Choose where alerts are sent:
- Select one or more configured destinations
- Each destination type can be selected multiple times (different channels)
- Slack
#data-alerts - Slack
#data-engineering - PagerDuty (Data On-Call)
- Email (Data Team)
Set Operating Schedule (Optional)
Assign an operating schedule to restrict when this rule fires:
- Select a schedule from the dropdown, or leave as “No schedule” for always-active
- Events outside the schedule’s active hours are suppressed
- Suppressed events still appear in the alert log
Event Types in Detail
Schema Change Detected
Triggers when table or column structure changes:| Change | Description |
|---|---|
| Column Removed | Existing column no longer exists |
| Table Removed | Entire table no longer exists |
| Column Type Changed | Data type modified |
| Column Added | New column appeared |
| Table Added | New table discovered |
| Column Renamed | Name change detected (remove + add) |
- Event: Schema Change
- Scope: Data source = production
- Conditions: Change type = Column Removed OR Table Removed
- Destinations: Slack, PagerDuty
Freshness Violation
Triggers when data isn’t updated within the SLA:| Condition | Description |
|---|---|
| SLA exceeded | Latest timestamp older than threshold |
| Warning threshold | Approaching SLA (e.g., 80% of threshold) |
| Resolved | Data became fresh again |
- Event: Freshness Violation
- Scope: Asset = orders, payments, users
- Conditions: (none - all violations)
- Destinations: Slack
Discovery Failed
Triggers when a discovery job can’t complete:| Failure Type | Description |
|---|---|
| Connection failed | Can’t reach database |
| Authentication failed | Invalid credentials |
| Permission denied | User lacks access |
| Timeout | Discovery took too long |
- Event: Discovery Failed
- Scope: All data sources
- Conditions: (none)
- Destinations: Email, Slack
Asset Removed
Triggers when a previously-known asset no longer exists: Common causes:- Table was intentionally dropped
- Table was renamed
- Permission revoked
- Discovery ran against wrong database
- Event: Asset Removed
- Scope: Data source = production
- Destinations: Slack
Rule Examples
Critical Tables Only
Monitor your most important tables closely:| Field | Value |
|---|---|
| Name | Critical Tables - All Changes |
| Event | Schema Change Detected |
| Data Source | production-postgres |
| Assets | orders, users, payments, products |
| Conditions | All changes |
| Destinations | Slack #critical-data, PagerDuty |
Production Breaking Changes
Alert only on potentially breaking changes:| Field | Value |
|---|---|
| Name | Production - Breaking Changes Only |
| Event | Schema Change Detected |
| Data Source | production-postgres |
| Schema | public, analytics |
| Change Type | Column Removed, Table Removed, Type Changed |
| Destinations | Slack #data-alerts, PagerDuty |
Non-Production Informational
Low-priority notifications for dev/staging:| Field | Value |
|---|---|
| Name | Staging Schema Changes (Info Only) |
| Event | Schema Change Detected |
| Data Source | staging-postgres |
| Conditions | All changes |
| Destinations | Email (daily digest) |
Freshness by Criticality
Different thresholds for different tables: Revenue Tables Freshness| Field | Value |
|---|---|
| Event | Freshness Violation |
| Assets | orders, payments, revenue_* |
| Destinations | Slack, PagerDuty |
| Field | Value |
|---|---|
| Event | Freshness Violation |
| Assets | daily_*, weekly_*, analytics_* |
| Destinations | Slack |
Managing Rules
Enabling/Disabling
Toggle rules on or off without deleting:- Go to Alerts → Rules
- Find the rule
- Click the toggle switch
Editing Rules
Modify existing rules:- Go to Alerts → Rules
- Click the rule name
- Make changes
- Click Save
Changes take effect immediately. Events that already fired won’t re-fire.
Deleting Rules
Remove rules you no longer need:- Go to Alerts → Rules
- Click the rule menu (⋮)
- Select Delete
- Confirm deletion
Advanced Configuration
Multiple Destinations
A single rule can send to multiple places: Rule: “Critical Schema Changes”- Slack
#data-alerts - Slack
#data-engineering - PagerDuty
- Email team@company.com (daily digest)
Pattern Matching
Use patterns in asset filters:| Pattern | Matches |
|---|---|
orders* | orders, orders_2024, orders_archive |
*_staging | orders_staging, users_staging |
analytics.* | All tables in analytics schema |
*.users | users table in any schema |
Troubleshooting
Rule not triggering
Rule not triggering
- Check enabled: Is the toggle ON?
- Check scope: Does the asset match the filter?
- Check conditions: Are conditions too restrictive?
- Check events: Is discovery running and finding changes?
- Check destination: Is it configured correctly?
Rule triggering unexpectedly
Rule triggering unexpectedly
- Review scope: Is it broader than intended?
- Check conditions: Add filters to narrow matches
- Review event type: Correct event selected?
- Check duplicates: Multiple rules for same scope?
Can't save rule
Can't save rule
- Required fields: Ensure name, event type, and destination are set
- Valid scope: Check pattern syntax
- Destination exists: Verify destination is configured
Next Steps
Set Up Slack
Configure Slack as a destination
Best Practices
Reduce alert fatigue