POST /v1/config/monitoring/dry-run
Replay a rule configuration against the last 7 days of logs to estimate alert volume before enabling it
Replays a candidate rule configuration against the last seven days of your project's logs and returns how often the rule would have fired, plus a few sample alerts. Use this to size cooldowns, thresholds, and intervals before turning a rule on.
The request body is the same shape as create — send the configuration you're considering, no rule is persisted.
For a conceptual walkthrough including how to read the projection, see Dry-run.
Authentication
API key with config:read permission. Project-scoped or
tenant-scoped (with X-Project-Id).
Endpoint
POST /v1/config/monitoring/dry-runRequest body
Same fields as POST /v1/config/monitoring.
The rule is not saved.
{
"name": "Checkout error spike (proposed)",
"ruleType": "spike",
"intervalMode": "fixed",
"intervalMinutes": 15,
"lookbackMinutes": 30,
"minErrorCount": 5,
"spikeMultiplier": 3.0,
"action": "auto_analyze"
}Response
200 OK
{
"success": true,
"data": {
"estimatedAlertsPerWeek": 4,
"estimatedAlertsPerMonth": 17,
"sampleAlerts": [
{
"date": "2026-04-22",
"errorCount": 142,
"errorRate": 0.038,
"severity": "high",
"summary": "Error count is 4.1× the recent baseline"
}
],
"daysAnalyzed": 7,
"daysWithAlerts": 4
}
}| Field | Type | Notes |
|---|---|---|
estimatedAlertsPerWeek | int | Projected alerts per week at this configuration |
estimatedAlertsPerMonth | int | Projected alerts per month |
sampleAlerts | array (≤ 3) | Example alerts the rule would have fired, with the day, error counts, and severity |
daysAnalyzed | int | Always 7 |
daysWithAlerts | int | Days in the lookback window where the rule would have tripped at least once |
If your project doesn't have seven days of logs yet, the projection returns zeros — give it a few days of log ingest and dry-run again.
Error responses
| Status | error.code | When |
|---|---|---|
| 400 | VALIDATION_ERROR | A field failed validation (same rules as create) |
| 401 | UNAUTHORIZED | Missing or invalid API key |
| 403 | FORBIDDEN | Key lacks config:read |
Example
curl -X POST https://api.sigsentry.com/v1/config/monitoring/dry-run \
-H "Authorization: Bearer ss_secret_..." \
-H "Content-Type: application/json" \
-d '{
"name": "Checkout error spike (proposed)",
"ruleType": "spike",
"intervalMode": "fixed",
"intervalMinutes": 15,
"spikeMultiplier": 3.0,
"action": "auto_analyze"
}'Sizing analyses you'll consume
Each projected alert with action: auto_analyze would consume one
analysis from your plan quota. Multiply the returned
estimatedAlertsPerMonth by your active auto-analyze rules to get
a budget — the Cost calculator
walks through the math.