Alert Rules

Operational thresholds

Rules define when backup, storage, SQL Agent, query, concurrency and data-quality signals should become visible operational work.

Read-only demo
Coverage19/19 active
Critical active4
Categories11
Suppression15-1440 min
Activation19 / 19 active
19 enabled 0 disabled
Severity policyactive rules
Critical
4
High
11
Watch
4
Disabled
0
Category coverage11 categories
Backup
3
Performance
3
Concurrency
2
Data Quality
2
Security
2
Storage
2
Notification loadchannels
Action Center
13
AI Incidents
4
Monthly review
1
Server Detail
1
Owner policywho receives work
DBA
12
DBA + Platform
2
DBA + Security
2
DBA + Infrastructure
1
DBA + Developer
1
Rule lifecyclesignal to runbook
Threshold Evidence Owner Suppression Runbook
Rules 19 configured
Backup Full backup age

Database has no full backup inside the allowed window.

ScopeDatabase Evidencemsdb backup history Idbackup-full
Backup Log backup age

FULL/BULK_LOGGED database has no recent log backup.

ScopeFULL/BULK_LOGGED database Evidencemsdb backup history Idbackup-log
Backup Restore test evidence

A restore test should be documented for production databases.

ScopeProduction database EvidenceOperational process Idrestore-test-overdue
Capacity Forecast breach

Forecast indicates a database file or volume can breach capacity soon.

ScopeForecasted database or volume EvidenceAI Forecast Idforecast-critical
Concurrency Blocking chain

Blocking has lasted long enough to be operationally relevant.

ScopeLive request EvidenceDMV blocking collector Idblocking
Concurrency Deadlock count

Deadlock event was detected in the lookback window.

ScopeDatabase workload EvidenceDeadlock collector Iddeadlock
Connectivity Server offline or unverified

Registered SQL Server has no current successful connection check.

ScopeRegistered server EvidenceRepository connectivity state Idconnectivity-offline
Data Quality Collector stale

Collector has not produced fresh data inside the expected collection cadence.

ScopeCollector job EvidenceStatus and source health Idcollector-stale
Data Quality Telemetry gap

Missing source data should be visible as an operational risk.

ScopeTelemetry source EvidenceData Quality Idtelemetry-gap
Performance tempdb pressure

tempdb space or workload pressure can affect all databases on the instance.

ScopeServer EvidenceHealth and file telemetry Idtempdb-pressure
Performance CPU warning burst

CPU warning events indicate sustained workload pressure.

ScopeServer EvidenceRuntime health telemetry Idcpu-warning
Performance Memory grant pressure

Repeated memory grant pressure can indicate poor estimates or insufficient memory.

ScopeServer EvidenceRuntime health telemetry Idmemory-grants
Queries Long running query

Live request has exceeded normal runtime.

ScopeLive request EvidenceDMV request collector Idlong-query
Runtime Error pulse

Repeated errors, timeouts, login failures or CPU warnings in the lookback window.

ScopeServer EvidenceEventLog and runtime collectors Iderror-pulse
Security Login failure burst

Repeated login failures can indicate password drift, service account issues or unauthorized access attempts.

ScopeServer EvidenceEventLog security/runtime signal Idlogin-failures
Security Security review signal

Security-related signals require review even when application impact is not visible.

ScopeServer EvidenceEventLog and operational audit Idaudit-security
SQL Agent Job failures

SQL Agent job failure should enter the Action Center.

ScopeEnabled SQL Agent job Evidencemsdb job history Idjob-failure
Storage Volume free space

Volume free percentage is below the operational reserve.

ScopeSQL data/log/backup volume EvidenceVolume telemetry Iddisk-percent
Storage Volume free capacity

Volume free GB is below the operational reserve.

ScopeSQL data/log/backup volume EvidenceVolume telemetry Iddisk-gb
Action CenterUses severity, owner and SLA to turn raw signals into work that can be assigned and followed up.
Data QualityTelemetry gaps are rule-worthy because missing evidence can hide real incidents and create false green dashboards.
Backup ReadinessBackup thresholds should match RPO/RTO policy, restore-test cadence and msdb evidence, not only SQL defaults.
SuppressionUse suppression to reduce repeated noise after a known alert is accepted, without hiding the source rule.