What is an alerting rule, and how does it differ from a recording rule? [Basic]
Answer
An alerting rule evaluates a condition and creates an alert when the condition is true for the configured duration. A recording rule stores a query result for reuse; an alerting rule produces notifications through Alertmanager.
Technical explanation
Recording rules are about performance, standardization, and reusable derived metrics.
Alerting rules are about detecting actionable conditions and attaching labels and annotations.
A good pattern is to use recording rules for SLO math, then alerting rules for burn-rate thresholds.
Hands-on example
Example: record service:http_error_ratio:rate5m. Then alert: if service:http_error_ratio:rate5m > 0.02 for 10m, fire HighErrorRate with labels severity='page' and annotations pointing to the runbook and dashboard.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Observability interview questions
- What is observability, and how is it different from traditional monitoring? [Basic]
- What are the three pillars of observability (metrics, logs, traces)? [Basic]
- What is the difference between monitoring and observability in practice? [Basic]
- What are the four golden signals of monitoring? [Basic]
- What is the difference between the USE method and the RED method? [Basic]
- When would you use the USE method versus the RED method? [Basic]
- What is an SLI, an SLO, and an SLA, and how do they relate? [Basic]
- How do you choose good SLIs for a service? [Basic]