Snowflake Inc.
Alerts based on historical event-occurrence data

Abstract:

Disclosed herein are systems and methods for providing percentile-based alerts from historical event-occurrence data. An embodiment of a method includes identifying a baseline result of an aggregation operation performed with respect to a detection set of attributes of event records. Each baseline result corresponds to a baseline set of one or more event records from a baseline time period within a baseline time window. The method includes determining a subject result of the aggregation operation performed with respect to the detection set of attributes of a subject set of the event records corresponding to a subject time period. The method includes determining, based on the baseline result and the subject result, whether the subject result indicates an alert condition for the detection set for the subject time period, and if so then outputting one or more alerts.