Starting in Looker 7.16, you can set alerts to send notifications to Slack when alert conditions are met or exceeded.
You can create an alert to send an email or Slack notification whenever the results from a query-based or Look-linked dashboard tile meet or exceed a specified threshold. Setting an alert based on time series data differs from setting an alert based on other data types. For time series data, the alert condition is based on comparing specific rows in the series rather than on the complete result set. Working this way with time series data allows users to perform additional operations that compare data from two rows in the series using additional alert condition options not available to other data types, such as changes by, increases by, and decreases by. When using these comparison conditions with time series data, the alert query will compare the latest row of data with its previous row.To keep track of where we are in the time series, so that we base our alert condition only on data that wasn't there the previous time the alert-check query was run, Looker must persist the Time Series ID
of the latest time series data every time it runs the alert-check query.
There are two important cases to consider when choosing alert conditions that use time series data. Both cases depend on the relationship between the shortest interval between the time series rows (time series interval) and how often the alert query is run (alert check interval). The time series interval is based on the time dimension in the series that has the smallest granularity. So, if the data is aggregated by the hour, your time series interval is hourly. The alert check interval is the amount of time between scheduled alert-check queries, and is set by the alert creator.
Ideally, the time series interval and alert check interval are the same; however, that is not always the case. If an ETL job is configured to load hourly data every night, or a query fails for some reason, it's important to understand how alert queries work when these intervals are out of sync.
Alert-Checking Approach
Alert queries will check the latest row of time series data for whether either of the following is true:
- Its
Time Series ID
is more recent than the most recentTime Series ID
observed during the previous alert check. - It is the most recent
Time Series ID
in the time series, even if it has the sameTime Series ID
as from the previous check.
When alerts were introduced in Looker 6.16, Looker alert queries observed only value changes between the two most recent rows in the time series.
Starting in Looker 7.18, the first time an alert query is run, Looker will no longer evaluate the entire result set. Instead, Looker will consider those results as historical data, and will only look for changes that occur after the alert is created and the initial alert query is run.
Case: The Time Series Interval Is Shorter than the Alert Check Interval
Example: Check daily whether the hourly sales are greater than the goal.
Time Series Interval = hourly Alert Check Interval = daily
This approach involves checking hourly data with an alert check interval that is greater than an hour. The alert will check every new time series row that wasn't checked in the previous alert interval. In the case where we have hourly data and a daily alert check, the alert would check 24 rows every day. Each row is checked against the specified alert condition, and if any row fulfills the condition, an email will be sent out.
Run 5/25/19 9:00 AM
Time Series ID | Measure | |
5/25/19 8:00 AM | 200 | < alert check |
5/25/19 9:00 AM | 250 | < alert check |
Run 5/25/19 11:00 AM
Time Series ID | Measure | |
5/25/19 8:00 AM | 200 | |
5/25/19 9:00 AM | 250 | < previous alert |
5/25/19 10:00 AM | 300 | < alert check |
5/25/19 11:00 AM | 300 | < alert check |
Run 5/25/19 12:00 PM (no new data)
Time Series ID | Measure | |
5/25/19 8:00 AM | 200 | |
5/25/19 9:00 AM | 250 | |
5/25/19 10:00 AM | 300 | < previous alert |
5/25/19 11:00 AM | 300 | < alert check |
Case: The Time Series Interval Is Longer than the Alert Check Interval
Example: Check hourly whether today's cumulative sales totals are greater than the goal.
Time Series Interval = daily Alert Check Interval = hourly
This approach involves checking data aggregated by date many times throughout the day. Let's say that we've set up an alert to notify us if the daily sales total equals or exceeds 200. The sales total is increasing during each alert check as it accumulates throughout the day, so Looker continually rechecks the latest time series value against the value that triggered the previous alert.
Run 5/25/19 9:00 AM
Time Series ID | Measure | |
5/24/19 | 200 | < previous alert |
5/25/19 | 50 | < alert check (no notification) |
Run 5/25/19 10:00 AM
Time Series ID | Measure | |
5/24/19 | 200 | < previous alert |
5/25/19 | 100 | < alert check (no notification) |
Run 5/25/19 11:00 AM
Time Series ID | Measure | |
5/24/19 | 200 | < previous alert |
5/25/19 | 150 | < alert check (no notification) |