agent hive
Join the Waitlist

DATA OPS

Axiom Ingest Spike Attribution to Top Offending Service

When daily Axiom ingestion volume jumps above its rolling baseline, this workflow groups the spike by service label, names the single biggest contributor.

CategoryData Ops
Enginesim
Difficultyintermediate
Triggerschedule
Steps6
Setup~15 min

How it runs

The automated pipeline, trigger to output.

  • TriggerDaily schedule after prior day ingested
  • ActionQuery yesterday's bytes + 7-day averageAxiom
  • LogicSpike exceeds threshold over baseline?
  • ActionGroup spike by service label, rank top offenderAxiom
  • ActionOpen Linear tuning ticket with evidenceLinearLinear
  • OutputPost attribution summary to SlackSlack

What it does

Watches your Axiom ingestion volume and, the moment a day's bytes-ingested crosses a percentage threshold over the trailing 7-day average, breaks the excess down by `service` label so you know exactly which emitter blew up the bill. It then files a Linear ticket pre-loaded with the numbers and pings the on-call data channel.

When to use it

Run it on any Axiom dataset where multiple services share one ingest pipeline and a single chatty deploy can quietly 3x your storage cost before anyone notices on the invoice.

How it works

  1. 1A daily schedule fires after midnight UTC once the prior day is fully ingested.
  2. 2Query Axiom for yesterday's total ingested bytes plus the trailing 7-day average.
  3. 3A logic gate checks whether yesterday exceeds the baseline by more than the configured percentage; if not, the run ends quietly.
  4. 4On a breach, query Axiom again grouped by `service` to rank contributors and isolate the top offender.
  5. 5Open a Linear issue titled with the service name, spike size, and estimated incremental cost.
  6. 6Post a summary with the Linear link to the Slack data-ops channel.

Set it up

What you configure once, before turning it on.

  1. 1
    Connect AxiomLog streams, queries, dashboards.
  2. 2
    Connect LinearIssues, projects, cycles, triage.
  3. 3
    Connect SlackChannels, DMs, threads, mentions.
  4. 4
    Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
  5. 5
    Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
  6. 6
    Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Data Ops workflows

Weekly BigQuery Cost Trend Sheet and Exec Digest

Compiles week-over-week BigQuery scheduled-query cost by owner and dataset into a Google Sheet with trend columns.

Daily BigQuery Scheduled-Query Cost Attribution to Owners

Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.

BigQuery Per-Team Budget Breach Alert to PagerDuty

Tracks month-to-date BigQuery scheduled-query spend per team and, when a team crosses its monthly budget, pages the team's on-call in PagerDuty and snapshots the spend breakdown…

dbt source freshness watcher with severity-routed alerts

Checks Snowflake loaded-at timestamps against each dbt source's freshness SLA, then routes warnings to Slack and hard breaches to a PagerDuty incident so stale data never…

dbt orphan model detector with Linear cleanup tickets

Scans your dbt manifest for models that no other model, exposure, or BI tool consumes.

Raw Sensor Telemetry Archive to BigQuery

Captures every incoming building sensor reading via webhook, normalizes the payload into a consistent schema.

Browse all Data Ops

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the WaitlistBrowse all workflows