Comparison of static and anomaly alerts

Created:

March 25, 2025

Updated:

March 25, 2025



FireTail provides Static and Anomaly alerts for monitoring API activity. Each alert type works differently to identify issues based on distinct criteria.

Static alerts

Static alerts trigger when a predefined threshold is met for a selected metric. You can track various metrics like payload size, header size and so on, and apply statistical operations like sum, min, max, or average.

Example:

Trigger an alert if the average payload size exceeds 1000 bytes in the last day.

Anomaly alerts

Anomaly alerts use historical data to detect unexpected deviations in request volume. Instead of a fixed threshold, they adapt based on past patterns and sensitivity settings.

Example:

Trigger an alert if the request volume spikes beyond the expected range. Example, if your API typically receives 1,000 requests per hour, but suddenly receives 10,000 requests within the same period, an anomaly alert would trigger if the spike falls outside the expected range.

‍

Key differences

Feature	Static Alert	Anomaly Alert
Threshold Type	Fixed threshold value	Responsive (based on a historical band of expected values)
Metric Options	Can track various metrics (e.g., log count, payload size, response time)	Based only on the sum of requests
Statistical Operations	Supports multiple operations (e.g., average, sum)	Not applicable
Historical Data Usage	Not required	Requires historical data (minimum 13 days)
Sensitivity Adjustment	Not applicable	Can be adjusted for stricter or looser detection
Example	Track average payload size exceeding a set limit	Detect sudden spikes in request volume

‍

Choose an alert type

Use a Static Alert if you want to track a specific metric against a fixed threshold.
‍Use an Anomaly Alert if you need to monitor unusual activity that deviates from historical patterns, such as unexpected traffic spikes or drops.