How It Works — Overview

Heartbeet has four distinct layers that work together: ingestion, baseline learning, anomaly detection, and alerting.

Your app
    │  GET/POST /api/v1/beet/:token
    ▼
Ingestion endpoint
    │  records timestamp, stores event
    ▼
beet_events table (partitioned by received_at)
    │
    ├─▶ Baseline engine (cron, hourly)
    │       builds expected ranges per hour × day-of-week
    │
    └─▶ Anomaly detector (cron, hourly)
            compares current hour's count to baseline
            │
            ├─▶ Open alert → email + Slack
            └─▶ Resolve alert → email + Slack

The cron job

The detection engine runs as a cron job via the route /api/cron/analyze. In production this is triggered by Coolify’s built-in cron scheduler.

On each run it:

1. Cleans up old events beyond each org’s retention window
2. For every active beet, fetches the current hour’s event count
3. Fetches the baseline for this hour and day of the week
4. Decides whether to open or resolve an alert
5. Sends notification emails and Slack messages where appropriate

Pages in this section

• Event Ingestion — the ingestion endpoint, token auth, rate limiting
• Baseline Learning — how expected ranges are built and updated
• Anomaly Detection — the decision logic for opening and resolving alerts
• Alerts — alert lifecycle, severity levels, notification channels