Monitoring Anti-patterns

Monitors are powerful tools for alerting users about problem conditions. Extension of the system into other use cases is possible, but not always recommended.

Reporting

On a regular basis, push a bundle of data to a destination. It is possible to do this with a monitor, but a monitor is not the best tool for the job. Instead, consider an API call to pull the data where you want it. Monitors are low latency transforms designed to work with continually updating datasets. Using them as reports is more costly than necessary.

Needle in a Haystack

Continually search a high velocity, variability, and volume dataset for individual events that may be infrequent. Searching a raw log of all Internet traffic for IOCs is an example. To increase the efficiency of this search, use intermediate datasets to reduce the amount of data that is being tested by a monitor.