Skip to main content
PUT
/
monitors
/
{id}
cURL
curl --request PUT \
  --url https://api.axiom.co/v2/monitors/{id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data @- <<EOF
{
  "aplQuery": "| where severity = 'error' | count() > 100",
  "name": "Production CPU Monitor",
  "type": "Threshold",
  "alertOnNoData": true,
  "columnName": "cpu_usage",
  "compareDays": 7,
  "createdAt": "2024-03-20T10:00:00Z",
  "createdBy": "usr_789xyz",
  "description": "Monitors CPU usage and alerts when it exceeds 90%",
  "disabled": false,
  "disabledUntil": "2024-04-01T00:00:00Z",
  "intervalMinutes": 5,
  "notifierIds": [
    "notify_slack_prod",
    "notify_email_oncall"
  ],
  "notifyByGroup": false,
  "notifyEveryRun": false,
  "operator": "Above",
  "rangeMinutes": 5,
  "resolvable": true,
  "secondDelay": 300,
  "skipResolved": false,
  "threshold": 90,
  "tolerance": 10,
  "triggerAfterNPositiveResults": 2,
  "triggerFromNRuns": 3
}
EOF
{
  "aplQuery": "| where severity = 'error' | count() > 100",
  "name": "Production CPU Monitor",
  "type": "Threshold",
  "id": "mon_xyz789",
  "alertOnNoData": true,
  "columnName": "cpu_usage",
  "compareDays": 7,
  "createdAt": "2024-03-20T10:00:00Z",
  "createdBy": "usr_789xyz",
  "description": "Monitors CPU usage and alerts when it exceeds 90%",
  "disabled": false,
  "disabledUntil": "2024-04-01T00:00:00Z",
  "intervalMinutes": 5,
  "notifierIds": [
    "notify_slack_prod",
    "notify_email_oncall"
  ],
  "notifyByGroup": false,
  "notifyEveryRun": false,
  "operator": "Above",
  "rangeMinutes": 5,
  "resolvable": true,
  "secondDelay": 300,
  "skipResolved": false,
  "threshold": 90,
  "tolerance": 10,
  "triggerAfterNPositiveResults": 2,
  "triggerFromNRuns": 3
}

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Path Parameters

id
string
required

Body

application/json

Configuration for a monitoring rule. Monitors can be configured to:

  • Check threshold values (e.g., CPU usage > 90%)
  • Match specific events in logs
  • Detect anomalies based on historical patterns Each monitor runs on a specified interval and can trigger notifications through configured notifiers.
aplQuery
string
required

APL (Axiom Processing Language) query string used for monitoring. This query defines what data to analyze and how to process it.

Example:

"| where severity = 'error' | count() > 100"

name
string
required

Name of the monitor

Example:

"Production CPU Monitor"

type
enum<string>
required

Type of monitoring check to perform:

  • Threshold: Compares a numeric value against a threshold
  • MatchEvent: Looks for specific events or patterns
  • AnomalyDetection: Identifies unusual patterns based on historical data
Available options:
Threshold,
MatchEvent,
AnomalyDetection
Example:

"Threshold"

alertOnNoData
boolean

Whether to alert when no data is received

Example:

true

columnName
string

Name of the column to monitor

Example:

"cpu_usage"

compareDays
number<int64>

Number of days to compare for anomaly detection

Required range: x <= 7
Example:

7

createdAt
string<date-time>

Timestamp when the monitor was created

Example:

"2024-03-20T10:00:00Z"

createdBy
string

ID of the user who created the monitor

Example:

"usr_789xyz"

description
string

Detailed description of the monitor's purpose

Example:

"Monitors CPU usage and alerts when it exceeds 90%"

disabled
boolean

Whether the monitor is currently disabled

Example:

false

disabledUntil
string<date-time> | null

Timestamp until when the monitor should remain disabled

Example:

"2024-04-01T00:00:00Z"

intervalMinutes
integer<int64>

How frequently the monitor should run, in minutes. Minimum value is 1 minute.

Required range: x >= 1
Example:

5

notifierIds
string[]

List of notifier IDs that will receive alerts. Notifiers can be email, Slack, webhook endpoints, etc.

Example:
["notify_slack_prod", "notify_email_oncall"]
notifyByGroup
boolean

Whether to group notifications

Example:

false

notifyEveryRun
boolean

Whether to send notifications on every check

Example:

false

operator
enum<string>

Comparison operator for threshold checks:

  • Below: Trigger when value < threshold
  • BelowOrEqual: Trigger when value <= threshold
  • Above: Trigger when value > threshold
  • AboveOrEqual: Trigger when value >= threshold
  • AboveOrBelow: Trigger when value is outside a range
Available options:
Below,
BelowOrEqual,
Above,
AboveOrEqual,
AboveOrBelow
Example:

"Above"

rangeMinutes
integer<int64>

Time window to evaluate in each check, in minutes. For example, "last 5 minutes of data"

Required range: x >= 1
Example:

5

resolvable
boolean

Whether the alert can be manually resolved

Example:

true

secondDelay
number<int64>

Delay in seconds before triggering the alert

Required range: x <= 86400
Example:

300

skipResolved
boolean

Whether to skip resolved alerts

Example:

false

threshold
number<double>

Threshold value for triggering the alert

Example:

90

tolerance
number

Tolerance percentage for anomaly detection

Required range: x <= 100
Example:

10

triggerAfterNPositiveResults
number<int64>

Number of positive results needed before triggering

Example:

2

triggerFromNRuns
number<int64>

Number of consecutive check runs that must fail before triggering an alert. Use this to avoid alerting on temporary spikes.

Example:

3

Response

200 - application/json

Monitor

Monitor configuration with its unique identifier

aplQuery
string
required

APL (Axiom Processing Language) query string used for monitoring. This query defines what data to analyze and how to process it.

Example:

"| where severity = 'error' | count() > 100"

name
string
required

Name of the monitor

Example:

"Production CPU Monitor"

type
enum<string>
required

Type of monitoring check to perform:

  • Threshold: Compares a numeric value against a threshold
  • MatchEvent: Looks for specific events or patterns
  • AnomalyDetection: Identifies unusual patterns based on historical data
Available options:
Threshold,
MatchEvent,
AnomalyDetection
Example:

"Threshold"

id
string
required

Unique identifier for the monitor

Example:

"mon_xyz789"

alertOnNoData
boolean

Whether to alert when no data is received

Example:

true

columnName
string

Name of the column to monitor

Example:

"cpu_usage"

compareDays
number<int64>

Number of days to compare for anomaly detection

Required range: x <= 7
Example:

7

createdAt
string<date-time>

Timestamp when the monitor was created

Example:

"2024-03-20T10:00:00Z"

createdBy
string

ID of the user who created the monitor

Example:

"usr_789xyz"

description
string

Detailed description of the monitor's purpose

Example:

"Monitors CPU usage and alerts when it exceeds 90%"

disabled
boolean

Whether the monitor is currently disabled

Example:

false

disabledUntil
string<date-time> | null

Timestamp until when the monitor should remain disabled

Example:

"2024-04-01T00:00:00Z"

intervalMinutes
integer<int64>

How frequently the monitor should run, in minutes. Minimum value is 1 minute.

Required range: x >= 1
Example:

5

notifierIds
string[]

List of notifier IDs that will receive alerts. Notifiers can be email, Slack, webhook endpoints, etc.

Example:
["notify_slack_prod", "notify_email_oncall"]
notifyByGroup
boolean

Whether to group notifications

Example:

false

notifyEveryRun
boolean

Whether to send notifications on every check

Example:

false

operator
enum<string>

Comparison operator for threshold checks:

  • Below: Trigger when value < threshold
  • BelowOrEqual: Trigger when value <= threshold
  • Above: Trigger when value > threshold
  • AboveOrEqual: Trigger when value >= threshold
  • AboveOrBelow: Trigger when value is outside a range
Available options:
Below,
BelowOrEqual,
Above,
AboveOrEqual,
AboveOrBelow
Example:

"Above"

rangeMinutes
integer<int64>

Time window to evaluate in each check, in minutes. For example, "last 5 minutes of data"

Required range: x >= 1
Example:

5

resolvable
boolean

Whether the alert can be manually resolved

Example:

true

secondDelay
number<int64>

Delay in seconds before triggering the alert

Required range: x <= 86400
Example:

300

skipResolved
boolean

Whether to skip resolved alerts

Example:

false

threshold
number<double>

Threshold value for triggering the alert

Example:

90

tolerance
number

Tolerance percentage for anomaly detection

Required range: x <= 100
Example:

10

triggerAfterNPositiveResults
number<int64>

Number of positive results needed before triggering

Example:

2

triggerFromNRuns
number<int64>

Number of consecutive check runs that must fail before triggering an alert. Use this to avoid alerting on temporary spikes.

Example:

3