A Rule defines logical conditions used to automatically evaluate telemetry data from one or more Channels during a Run. Built using the Common Expression Language (CEL), Rules can identify behaviors, anomalies, or thresholds in live or historical data streams.Documentation Index
Fetch the complete documentation index at: https://docs.siftstack.com/llms.txt
Use this file to discover all available pages before exploring further.
Capabilities
Rules can be created, previewed, and managed either through the Sift UI or programmatically using the Sift API. The following table describes the key capabilities of Rules:Rules vs Ad Hoc Rules
All Rules in Sift share the same CEL-based evaluation engine and structure. However, the way a Rule is created determines how it is managed, who can see it, and how it integrates into your workflow.Comparison
The following table compares Rules and Ad Hoc Rules:When to use Rules
Use Rules for detection logic that:- Will be reused across multiple Runs.
- Needs to be updated, versioned, or reviewed over time.
- Should be visible and managed by your team in the Sift UI.
- Will be included in a Report Template for standardized reviews.
When to use Ad Hoc Rules
Use Ad Hoc Rules when:- You are running automated evaluations in a CI/CD pipeline.
- The Rule is ad hoc and does not need to persist in the UI.
- You are generating Annotations programmatically via the API.
API reference
The following table lists the API endpoints for working with Ad Hoc Rules. The API uses the termisExternal for legacy reasons. This maps to Ad Hoc Rules in the Sift UI.