What’s New With Mezmo: In-stream Alerting
5.7.24
Here at Mezmo, we see the purpose of a telemetry pipeline is to help ingest, profile, transform, and route data to control costs and drive actionability. There are many ways to do that as we’ve previously discussed in our blogs, but today I’m going to talk about in-stream alerting, yes - on data while it's in motion, before it reaches its destination.
You’re probably going like, this is nothing new, I get alerts all the time from my destination tools like observability or SIEM tools, so why should I care? The reality is that those destination tools charge you for indexing and computing and sometimes, can take longer to get notified that something is wrong, or completely miss a signal that something has occurred. This can lead to unexpected headaches, and sometimes even privacy and compliance violations if sensitive data reaches destination tools.
In addition, to save costs, you may not send all your logs and events to your SIEM or Observability tools like Splunk or Datadog. You send a sample, let’s say 30%, and send the rest to the long-term, low-cost storage. If there is an aberration in the data sent to storage, you may miss critical signals. If we have alerting in the pipeline, on data-in-motion, then you can rest assured that even if the data is sent to storage and not to analytics, you can get the alerts and take corrective actions.
So what does the new Mezmo Telemetry Pipeline do for you?
- It helps you detect data aberrations before they make it to your analytics systems, saving you time and money
- It detects data aberrations in the data not sent to the analytics systems but to storage.
- It improves cross-functional collaboration by enabling sending alerts to key members who may not be a part of a particular security or observability platform.
But we took things a step further and can give you aggregated alerts based on your specific configurations - like thresholds, no data, change in terms of absolute or percentage, etc. - over a rolling period of time. Note how I said rolling period, meaning not a sample set, but rather based on your data and use case, the time window for aggregation and alerting can be a few seconds to 24 hours.
The current version of the Mezmo Telemetry Pipeline supports three types of alerts on any Log or Metric event fields:
- Threshold: Alert on any field value, or rollup of the field value over a time window based on user-defined thresholds
- Change: compares the absolute or relative (%) change in aggregated value between the current interval and prior interval
- Absence: An Absence threshold alert is based on a lack of data for the specified time range.
You can learn more about our latest capability in our press release.
If you want to learn more about Mezmo Telemetry Pipeline contact us to Request a Demo.
SHARE ARTICLE
RELATED ARTICLES