Alert time distribution
This tile shows the ratio of alerts firing outside vs during working hours. A high proportion of out-of-hours alerts indicates alert noise or poor thresholds, often the fastest way to reduce on-call fatigue without increasing risk.
We'll use an SQL Analytics query to categorize each alert as either In hours or Out of hours, based on when it occurred. Then we'll aggregate the data by those two categories and count the number of alerts in each.
The result is a simple breakdown of alerts that occur during working hours versus those that impact on-call engineers outside of them.
Configuring the tile
Configure the following in the tile editor.
- Data source: Select Azure.
- Data stream: Select Alerts.
- Objects: Select the monitored objects you want to track alerts for.
- Parameters:
- Monitor condition: Select Fired.
- Severity: Leave blank to capture every severity level.
- SQL Analytics: Enable the toggle, then configure the following:
- SQL > Query: Enter the following query, then click Execute:
WITH alerts AS ( SELECT CAST("properties.essentials.startDateTime" AS TIMESTAMP) AS alert_ts FROM dataset1 ) SELECT CASE WHEN dayofweek(alert_ts) BETWEEN 1 AND 5 AND alert_ts >= DATE_TRUNC('day', alert_ts) + INTERVAL 9 HOUR AND alert_ts < DATE_TRUNC('day', alert_ts) + INTERVAL 18 HOUR THEN 'In hours' ELSE 'Out of hours' END AS hours_bucket, COUNT(*) AS alert_count FROM alerts GROUP BY hours_bucket ORDER BY alert_count DESC; - SQL > Columns: Click Edit next to the Alert Count column then set the Decimal Places to 0.
- SQL > Query: Enter the following query, then click Execute:
- Visualization: Select Donut.
- Mapping:The Value and Label fields are automatically mapped.
- Legend > Type: Select Table.
- Click Save.