Watchdog
POST /v1/config/monitoring
Create a watchdog rule that monitors logs and either notifies or auto-analyzes when it trips
Creates a new watchdog rule on the current project. New rules default
to disabled — flip isEnabled to true in the request, or update
the rule later, before checks begin. The project-wide master switch
lives in the dashboard at Project → Watchdog → Settings.
Authentication
API key with config:write permission. Project-scoped or
tenant-scoped (with X-Project-Id).
Endpoint
POST /v1/config/monitoringRequest body
| Field | Type | Required | Notes |
|---|---|---|---|
name | string (1–255 chars) | ✓ | Human-readable name shown in the dashboard and alerts |
ruleType | 'error_count' | 'error_rate' | 'pattern' | 'spike' | ✓ | What the rule watches for — see Rule types |
intervalMode | 'fixed' | 'random' | ✓ | fixed runs at a steady cadence; random spreads checks across the day around an average — see Scheduling |
intervalMinutes | int 1–1440 | — | How often to check, in minutes. Default: 15 |
avgChecksPerDay | int 1–288 | null | — | Used when intervalMode is random to set the average daily check count |
lookbackMinutes | int 1–1440 | — | How far back each check looks. Default: 30 |
errorCountThreshold | int ≥ 1 | null | — | Required when ruleType is error_count. Trips when the lookback window contains at least this many errors |
errorRateThreshold | number 0–1 | null | — | Required when ruleType is error_rate. Fraction of total logs that are errors (e.g. 0.05 = 5%) |
minErrorCount | int ≥ 1 | — | Floor for error_rate and spike rules — prevents alerts on tiny samples. Default: 5 |
patterns | array<{ label, regex }> | — | Required when ruleType is pattern. Each entry's regex is matched against log lines; label shows up in the alert |
spikeMultiplier | number ≥ 1 | — | Used when ruleType is spike. Trips when the current window's error count is at least this multiple of the recent baseline. Default: 3.0 |
action | 'notify_only' | 'auto_analyze' | — | notify_only posts an alert to channels; auto_analyze also kicks off a full analysis. Default: notify_only |
cooldownMinutes | int ≥ 0 | — | Minimum minutes between two firings of this rule. Default: 30 |
dailyAlertCap | int ≥ 0 | — | Max alerts per day across the whole project. Default: 10 |
channelOverrideIds | string[] (UUIDs) | null | — | Notification channels to use for this rule's alerts. null falls back to the project default |
isEnabled | boolean | — | Whether the rule starts running on creation. Default: false |
{
"name": "Checkout error spike",
"ruleType": "spike",
"intervalMode": "fixed",
"intervalMinutes": 15,
"lookbackMinutes": 30,
"minErrorCount": 5,
"spikeMultiplier": 3.0,
"action": "auto_analyze",
"cooldownMinutes": 30,
"dailyAlertCap": 10,
"isEnabled": true
}For a pattern rule:
{
"name": "Database connection errors",
"ruleType": "pattern",
"intervalMode": "fixed",
"intervalMinutes": 5,
"lookbackMinutes": 10,
"patterns": [
{ "label": "pool exhausted", "regex": "connection pool.*exhausted" },
{ "label": "timeout", "regex": "ETIMEDOUT" }
],
"action": "auto_analyze",
"isEnabled": true
}Response
201 Created
{
"success": true,
"data": {
"id": "wdg_a1b2c3..."
}
}| Field | Type | Notes |
|---|---|---|
id | string | The rule id — use it to update, delete, or read activity for this rule |
Error responses
| Status | error.code | When |
|---|---|---|
| 400 | VALIDATION_ERROR | A field failed validation (invalid ruleType, malformed regex in patterns, out-of-range numbers, etc.) |
| 401 | UNAUTHORIZED | Missing or invalid API key |
| 403 | FORBIDDEN | Key lacks config:write |
| 403 | QUOTA_EXCEEDED | Plan's per-project rule quota reached |
Example
curl -X POST https://api.sigsentry.com/v1/config/monitoring \
-H "Authorization: Bearer ss_secret_..." \
-H "Content-Type: application/json" \
-d '{
"name": "Checkout error spike",
"ruleType": "spike",
"intervalMode": "fixed",
"intervalMinutes": 15,
"spikeMultiplier": 3.0,
"action": "auto_analyze",
"isEnabled": true
}'Estimating cost before enabling
A rule with action: auto_analyze consumes an analysis from your
plan quota every time it trips. Use
POST /v1/config/monitoring/dry-run to
replay the same configuration against the last seven days of logs
and see how often it would have fired. The
Cost calculator walks through
sizing.