Create Alert

Select a template or choose Custom Alert

In the first step, two options are presented: selecting one of the pre-configured templates prepared by MN Logz, or creating a fully custom alert from scratch (Custom Alert).

Using a Template

Templates are pre-configured alert setups for the most common CDN monitoring scenarios. In cases that require rapid deployment, templates enable the definition of production-ready alerts within minutes.Templates are listed in a carousel structure on the screen and can be navigated using the left and right arrows. Each template card displays the template name, description, a list of active features, and a "Select" button.

The selected template is carried over to the next step with pre-filled values. These values can be adjusted as needed or retained in their default form.

Custom Alert

In cases where the pre-built templates do not meet the requirements, the Custom Alert option in the "Build from scratch" section at the bottom of the page is used. This option allows the creation of an alert in which the metric, threshold value, filters, detection type, and all other parameters are defined by the user.

Configure Alert Rules

In this step, the trigger conditions of the alert are defined. The detection type, the metric to be monitored, the threshold value, and additional filters are set at this stage.

If a template was selected in the previous step, the fields are automatically pre-filled and a "Template configuration applied" information box is displayed at the top of the screen. The fields can be modified using the "Edit" button.

Detection Type

The detection type is the core selection that determines the operating logic of the alert. Three detection types are available:

Threshold The alert is triggered when the metric exceeds or falls below a fixed value. This type is suitable for fixed success criteria such as SLA thresholds or minimum success rates.

Example: A notification is delivered when the Error Rate exceeds 5%.

Percentage The alert is triggered when the metric changes by a defined percentage relative to the previous evaluation window. The direction of change (increase or decrease) can be selected. This type is suitable for monitoring relative changes such as traffic spikes.

Example: A notification is delivered when the Request count in the last 15 minutes increases by more than 50% compared to the previous 15 minutes.

Trend The traffic behavior pattern of the last 2 days is used as a baseline, and deviations from this pattern are detected. A custom baseline is built for each CDN traffic, preventing false alerts that fixed thresholds may produce on traffic with natural fluctuations.

Example: A notification is delivered when a significant deviation is detected from the typical traffic behavior at a given time range.

Metric

The data point to be monitored is selected in this section. Available metrics:

The selected metric operates in conjunction with the chosen detection type.

Settings

The operational parameters of the alert are defined in this section.

Calc Type Defines how the selected metric is compared against the specified value:

• Greater than (>) — When the metric value is above the defined threshold

• Less than (<) — When the metric value is below the defined threshold

Value The threshold value used for comparison. It is interpreted based on the unit of the selected metric (percentage, seconds, count, etc.).

Evaluation Window Determines the time range of data the alert evaluates. For example, when 15 minutes is selected, the alert performs calculations over the last 15 minutes of data.

Check Frequency Determines how often the alert condition is evaluated. For example, when 5 minutes is selected, the system checks the data within the Evaluation Window every 5 minutes and verifies whether the condition is met.

Filter Options

Optional filters can be applied to narrow the scope of the alert. The filter area is expanded by clicking the "Filter Options" heading.

Available Filters:

• Server Name: Enables monitoring of specific servers or server groups. Multiple servers can be selected.

• HTTP Status Code: Allows alerts to be defined for specific HTTP status codes. For example, 500, 501, 502, 503, 504 can be selected to monitor only 5xx errors.

• URI (Coming Soon): Enables alert definitions for specific endpoints or paths.

When no filter is applied, the alert evaluates the entire traffic.Once the settings are complete, the "Next" button proceeds to the notification destination step.

Define Notification Destination

In this step, where and how frequently the notification will be delivered upon alert trigger is defined.

Notification Interval

Defines the waiting period between repeated notifications while the alert remains triggered and active. For example, when 30 minutes is selected, a reminder notification is delivered every 30 minutes as long as the alert is active. This structure ensures that critical conditions are not overlooked while preventing notification spam.

Destination

The channel through which the alert will be delivered is selected. Three options are available:

Slack Delivers the alert notification to the specified Slack channel. Suitable for detailed and visually rich notifications.

Email Delivers the alert notification to one or multiple email addresses. A traditional and reliable notification method.

Webhook Delivers the alert data as an HTTP POST request to the specified URL. Used for third-party integrations such as PagerDuty, Opsgenie, custom Slack bots, or ticketing systems.

Slack Configuration

When Slack is selected, the channel to which the notification will be delivered must be specified.

• Slack Channel: An active Slack channel is selected from the dropdown. The selected channel must be integrated with MN Logz. If the relevant MN Logz channel is not visible, please contact the support team.

• Include Performance Chart: When checked, a visual chart showing the recent traffic status is attached to the alert message.

• Include Alert Description: When checked, the alert description is included in the notification message.

Review and Create the Alert

In the final step, the complete configuration of the alert is presented in summary form and activated upon confirmation.

Alert Identity

Name A unique name that identifies the alert is entered. This name is displayed in the Alert Rules table and within notification messages.

Description A short note explaining the function and purpose of the alert. Although this field is not mandatory, it is recommended to fill it in for clarity across the team.

Example: "Delivers a notification to data-report-channel when the 5xx error rate exceeds 1% in the production environment. Monitored by the incident response team."

Configuration Summary

The full configuration of the alert is displayed in three columns:

• General Info: Alert Type (template name or "Custom") and Metric.

• Rule Conditions: Detection Type, Evaluation Window, Check Frequency, condition (Calc Type + Value), and filters if applicable.

• Notifications: Notification Interval, Destination type, and the channel / email / webhook URL.

Editing

When any field needs to be modified, the "Back" button at the bottom-right returns the user to the relevant step for editing.

Creating the Alert

Once all settings are verified, the "Create Alert" button at the bottom-right is clicked.