Multi-Window Burn-Rate Alerts: A Deep Dive
Multi-window burn-rate is the modern SLO alert. Mastering the math takes one afternoon and pays back forever.
The single-window failure
Single-window alerts fire on any blip. Multi-window confirms by requiring both a long window and a short window to cross threshold.
Eliminates flapping; preserves urgency.
Multi-window confirmation
- Long window confirms ‘real, sustained.’ Short window confirms ‘happening now.’
- Both must agree to fire. Either one alone could be transient.
Threshold + window-pair math
14.4 burn rate over 1h means 2% of monthly budget consumed.
6 burn rate over 6h means 5% consumed.
These thresholds match SLO conversation cadence.
PromQL rule template
Prometheus rule ships in 12 lines; we cover the template in the burn-rate-explained article.
Each SLO needs its own pair; do not generalize globally.
Antipatterns
- Single-window forever. Flapping alerts.
- Burn rate without an SLO. The math has no anchor.
- One pair for all SLOs. Precision lost.
What to do this week
Three moves. (1) Apply the pattern to your most-impactful service. (2) Measure adherence for 30 days. (3) Rewrite the policy or the SLO if the gap is durable.