Canary Time Window

How long to bake the canary.

Why time matters in canary

Some bugs only appear under specific traffic patterns. Peak hour, business-hour batch jobs, end-of-month reports.

A canary that runs for 10 minutes during a quiet window catches nothing.

Pick the canary window to cover the relevant traffic shape.

Canary duration guidance

Low blast radius: 10-15 minutes is enough.

Medium: 30-60 minutes, covers a typical workload spike.

High blast radius: 2-24 hours, includes a peak traffic window. Database migrations may need 7+ days of canary.

When to run the canary

Avoid Friday afternoon canaries. If they fail at 5pm, the team is gone.

Avoid weekend canaries unless you have weekend on-call. Bug discovery time matters.

Match the canary window to the workload's peak. E-commerce during evening; banking during business hours.

Rollback timing

Auto-rollback on SLO regression should fire within 5 minutes of detection.

Slow rollback (over 15 minutes) is itself a sign of trouble. Practice rollback drills.

Don't extend the canary window when results are ambiguous. Either promote or roll back.

How to set windows by deploy type

Hot config change: 15 minutes minimum, includes one cycle of the metrics you care about.

Code deploy: 1-4 hours covering peak.

Data migration: 24-48 hours. Replication lag, read paths, write paths each need observation.