ENGINEERING

Real-time BigQuery cost-spike alert to Slack with offending query

Listens for BigQuery audit-log events and, when a single query bills past a hard byte ceiling or runs far longer than its norm, posts an immediate Slack alert with the offending…

CategoryEngineering

Enginesim

Difficultyintermediate

Triggerwebhook

Steps4

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerBigQuery job-complete audit event (webhook)HTTP webhook
LogicCheck bytes/runtime vs ceiling and norm
ActionFetch full query text and job metadataBigQuery
OutputPost Slack alert with offending query and costSlack

What it does

This is the fast-twitch counterpart to the daily hunt: it reacts to an expensive query within minutes of it completing rather than waiting for tomorrow's batch. The Slack message names the user or service account, the bytes billed, the estimated dollar cost, and the offending query so on-call can react before the next one runs.

When to use it

Use when a runaway query or a bad backfill can rack up real money in a single execution and you need a human paged into Slack now. Complements the scheduled regression hunt that catches the slower creep.

How it works

1A BigQuery completion event arrives via webhook from audit-log routing.
2A logic step checks the job's bytes billed and runtime against a hard ceiling and the query's historical norm.
3If it breaches, BigQuery is queried to pull the full query text and job metadata.
4A Slack message is posted to the platform channel with the query, cost, and a job link as the output.

Set it up

What you configure once, before turning it on.

1
Connect HTTP webhookTrigger any URL on agent actions.
2
Connect BigQueryDatasets, queries, schemas.
3
Connect SlackChannels, DMs, threads, mentions.
4
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
5
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
6
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Engineering workflows

Gate breaking API PRs behind downstream consumer acknowledgement

When a PR introduces a breaking contract change, comments the impact summary back on the PR, applies a blocking label.

Publish a versioned API changelog to Confluence on each release tag

On a new semver release tag, gathers the contract changes since the last release and writes a clean.

Agent reviews model-license fit and suggests compliant swaps on the PR

When a PR adds a Hugging Face model, an agent reads the model card and license, judges fit against your commercial-use policy.

Upgrade Impact Router to Module Code Owners

Maps a dependency-bump PR's affected modules to their CODEOWNERS, then DMs each owner on Slack with only the changelog slice that touches code they own.

Re-Voice IVR Prompts on Phone-Tree Config Merge

When a phone-tree config change merges in GitHub, regenerates the ElevenLabs audio for any prompt whose script changed in the diff and opens a follow-up PR adding the new audio…

Upstream Release to Notion Upgrade Brief

When a watched package publishes a new release, fetches the release notes, maps them to the internal modules that depend on it.

Browse all Engineering →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Marketing

Content Marketing Agency

SEO, blogs, social, and reporting on autopilot.

E-commerce

E-commerce Operator

Listings, support, inventory, and ads — running 24/7.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →