# Create Alert

Defining a new alert is carried out through a **4-step wizard** that guides the user step by step. This structure allows both technical teams and first-time users to complete the process with ease.

## Accessing the Wizard

The wizard is launched by clicking the **"Create Alert"** button located in the top-right corner of the Overview Dashboard page.

The wizard consists of the following four steps:

1. **Select Template** — Choosing a template or creating a custom alert from scratch
2. **Configure Rules** — Configuring the alert rule
3. **Destination** — Defining the notification destination
4. **Review** — Reviewing the configuration and creating the alert

<figure><img src="/files/sY5Uc5BnrMtuqPcGtR1r" alt=""><figcaption></figcaption></figure>

The **"Next"** button at the bottom-right of each step proceeds to the next step; the **"Back"** button returns to the previous step.

{% stepper %}
{% step %}

### Select a template or choose Custom Alert

In the first step, two options are presented: selecting one of the pre-configured templates prepared by MN Logz, or creating a fully custom alert from scratch (Custom Alert).

<figure><img src="/files/0x3UMWHd6890AmcqPuIy" alt=""><figcaption></figcaption></figure>

#### **Using a Template**

Templates are pre-configured alert setups for the most common CDN monitoring scenarios. In cases that require rapid deployment, templates enable the definition of production-ready alerts within minutes.Templates are listed in a carousel structure on the screen and can be navigated using the left and right arrows. Each template card displays the template name, description, a list of active features, and a **"Select"** button.

<figure><img src="/files/qVfH8wFwtzRj6BltCCsj" alt=""><figcaption></figcaption></figure>

The selected template is carried over to the next step with pre-filled values. These values can be adjusted as needed or retained in their default form.

{% hint style="info" %}
The full list of available templates can be found on the **Alert Templates** page.
{% endhint %}

#### **Custom Alert**

In cases where the pre-built templates do not meet the requirements, the **Custom Alert** option in the **"Build from scratch"** section at the bottom of the page is used. This option allows the creation of an alert in which the metric, threshold value, filters, detection type, and all other parameters are defined by the user.

<figure><img src="/files/C9LveK9TBx5v2dRy1xD1" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}

### Configure Alert Rules

In this step, the trigger conditions of the alert are defined. The detection type, the metric to be monitored, the threshold value, and additional filters are set at this stage.

If a template was selected in the previous step, the fields are automatically pre-filled and a **"Template configuration applied"** information box is displayed at the top of the screen. The fields can be modified using the **"Edit"** button.

<figure><img src="/files/T3HaPOSnm23OkKxJStT0" alt=""><figcaption></figcaption></figure>

#### **Detection Type**

The detection type is the core selection that determines the operating logic of the alert. Three detection types are available:

<figure><img src="/files/o0PfAtH4gDbPhTbu01sl" alt=""><figcaption></figcaption></figure>

**Threshold** The alert is triggered when the metric exceeds or falls below a fixed value. This type is suitable for fixed success criteria such as SLA thresholds or minimum success rates.

> **Example:** A notification is delivered when the Error Rate exceeds 5%.

**Percentage** The alert is triggered when the metric changes by a defined percentage relative to the previous evaluation window. The direction of change (increase or decrease) can be selected. This type is suitable for monitoring relative changes such as traffic spikes.

> **Example:** A notification is delivered when the Request count in the last 15 minutes increases by more than 50% compared to the previous 15 minutes.

**Trend** The traffic behavior pattern of the last 2 days is used as a baseline, and deviations from this pattern are detected. A custom baseline is built for each CDN traffic, preventing false alerts that fixed thresholds may produce on traffic with natural fluctuations.

> **Example:** A notification is delivered when a significant deviation is detected from the typical traffic behavior at a given time range.

#### **Metric**

The data point to be monitored is selected in this section. Available metrics:

<figure><img src="/files/gHyQGiPqOG5rjfbe3cVK" alt=""><figcaption></figcaption></figure>

The selected metric operates in conjunction with the chosen detection type.

#### **Settings**

The operational parameters of the alert are defined in this section.

<figure><img src="/files/g1YLFjIDmnhCTKWM8TYC" alt=""><figcaption></figcaption></figure>

**Calc Type** Defines how the selected metric is compared against the specified value:

* `Greater than (>)` — When the metric value is above the defined threshold
* `Less than (<)` — When the metric value is below the defined threshold

**Value** The threshold value used for comparison. It is interpreted based on the unit of the selected metric (percentage, seconds, count, etc.).

**Evaluation Window** Determines the time range of data the alert evaluates. For example, when 15 minutes is selected, the alert performs calculations over the last 15 minutes of data.

{% hint style="info" icon="lightbulb" %}
The recommended starting value is 15 minutes. Short windows (e.g., 1 minute) may produce noisy results, while long windows (e.g., 6 hours) may delay the detection of immediate issues.
{% endhint %}

**Check Frequency** Determines how often the alert condition is evaluated. For example, when 5 minutes is selected, the system checks the data within the Evaluation Window every 5 minutes and verifies whether the condition is met.

{% hint style="info" icon="circle-info" %}
Evaluation Window and Check Frequency are distinct concepts. Evaluation Window refers to **the time range being analyzed**, while Check Frequency refers to **how often the analysis is performed**.
{% endhint %}

#### **Filter Options**

Optional filters can be applied to narrow the scope of the alert. The filter area is expanded by clicking the **"Filter Options"** heading.

<figure><img src="/files/V1naBdJqy4hcBcPj53Zs" alt=""><figcaption></figcaption></figure>

**Available Filters:**

* **Server Name:** Enables monitoring of specific servers or server groups. Multiple servers can be selected.
* **HTTP Status Code:** Allows alerts to be defined for specific HTTP status codes. For example, `500, 501, 502, 503, 504` can be selected to monitor only 5xx errors.
* **URI (Coming Soon):** Enables alert definitions for specific endpoints or paths.

When no filter is applied, the alert evaluates the entire traffic.Once the settings are complete, the **"Next"** button proceeds to the notification destination step.
{% endstep %}

{% step %}

### Define Notification Destination

In this step, where and how frequently the notification will be delivered upon alert trigger is defined.

<figure><img src="/files/1lVnNLqsaDZctSny0t7K" alt=""><figcaption></figcaption></figure>

#### **Notification Interval**

Defines the waiting period between repeated notifications while the alert remains triggered and active. For example, when 30 minutes is selected, a reminder notification is delivered every 30 minutes as long as the alert is active. This structure ensures that critical conditions are not overlooked while preventing notification spam.

<figure><img src="/files/jbPuX82QfbJqFNUQWUqh" alt="" width="306"><figcaption></figcaption></figure>

{% hint style="info" %}
**Recommended intervals:**

* Critical alerts: 10–15 minutes
* Medium-priority alerts: 30–60 minutes
* Informational alerts: 2–6 hours
  {% endhint %}

#### **Destination**

The channel through which the alert will be delivered is selected. Three options are available:

<figure><img src="/files/n3Yc8UWDUp7XWQN52k1K" alt=""><figcaption></figcaption></figure>

**Slack** Delivers the alert notification to the specified Slack channel. Suitable for detailed and visually rich notifications.

**Email** Delivers the alert notification to one or multiple email addresses. A traditional and reliable notification method.

**Webhook** Delivers the alert data as an HTTP POST request to the specified URL. Used for third-party integrations such as PagerDuty, Opsgenie, custom Slack bots, or ticketing systems.

<figure><img src="/files/FxfWhLzn2YEdA4s0kNOi" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Each alert delivers notifications to a single destination. For notification delivery to multiple channels, multiple alerts with the same configuration can be defined.
{% endhint %}

#### **Slack Configuration**

When Slack is selected, the channel to which the notification will be delivered must be specified.

<figure><img src="/files/cLzYoL7mYbVAogpeDUyC" alt="" width="375"><figcaption></figcaption></figure>

* **Slack Channel:** An active Slack channel is selected from the dropdown. The selected channel must be integrated with MN Logz. If the relevant MN Logz channel is not visible, please contact the support team.
* **Include Performance Chart:** When checked, a visual chart showing the recent traffic status is attached to the alert message.
* **Include Alert Description:** When checked, the alert description is included in the notification message.
  {% endstep %}

{% step %}

### Review and Create the Alert

In the final step, the complete configuration of the alert is presented in summary form and activated upon confirmation.

#### **Alert Identity**

**Name** A unique name that identifies the alert is entered. This name is displayed in the Alert Rules table and within notification messages.

<figure><img src="/files/7ECaIzhtYXxDf8dHthgJ" alt=""><figcaption></figcaption></figure>

{% hint style="info" icon="lightbulb" %}
Alerts should be given meaningful and distinctive names. For example, "Production 5xx Error Spike" instead of "Test1".
{% endhint %}

**Description** A short note explaining the function and purpose of the alert. Although this field is not mandatory, it is recommended to fill it in for clarity across the team.

> **Example:** *"Delivers a notification to data-report-channel when the 5xx error rate exceeds 1% in the production environment. Monitored by the incident response team."*

#### **Configuration Summary**

The full configuration of the alert is displayed in three columns:

<figure><img src="/files/V9V71q7FUGzpcJqZZLA7" alt=""><figcaption></figcaption></figure>

* **General Info:** Alert Type (template name or "Custom") and Metric.
* **Rule Conditions:** Detection Type, Evaluation Window, Check Frequency, condition (Calc Type + Value), and filters if applicable.
* **Notifications:** Notification Interval, Destination type, and the channel / email / webhook URL.

#### **Editing**

When any field needs to be modified, the **"Back"** button at the bottom-right returns the user to the relevant step for editing.

#### **Creating the Alert**

Once all settings are verified, the **"Create Alert"** button at the bottom-right is clicked.
{% endstep %}
{% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://clients.medianova.com/products/mn-logz/mn-logz-alerts/create-alert.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.