DATA OPS

BigQuery row-count anomaly detection with PagerDuty escalation

After each nightly BigQuery load, this compares today's partition row count against the trailing 30-day baseline using a z-score.

CategoryData Ops

Enginesim

Difficultyintermediate

Triggerschedule

Steps5

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerNightly cron after ingestion
ActionQuery today + trailing 30-day row countsBigQuery
LogicCompute z-score and classify anomalies
LogicBranch: escalate only on breach
OutputOpen PagerDuty incident for on-callPagerDuty

What it does

Detects volume anomalies in freshly loaded BigQuery partitions. It pulls today's row count for each monitored table plus the trailing 30-day daily counts, computes a z-score against that baseline, and decides whether the load is suspiciously small (dropped rows), suspiciously large (duplicate load), or normal. Real anomalies escalate to PagerDuty; everything else stays quiet.

When to use it

Use it when a load "succeeds" but quietly writes the wrong amount of data — a truncated upstream extract or a double-run that doubles a fact table. Pure freshness checks miss these because the timestamp looks fine.

How it works

1A nightly cron fires after BigQuery ingestion completes.
2A query returns today's partition count and the trailing 30-day counts per table.
3A logic step computes the z-score and classifies each table as normal, low, or high.
4If any table breaches the threshold, an enriched incident payload is built with the expected range and observed count.
5A PagerDuty incident is opened and routed to the data on-call rotation.

Set it up

What you configure once, before turning it on.

1
Connect BigQueryDatasets, queries, schemas.
2
Connect PagerDutyIncidents, on-call, escalations.
3
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
4
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
5
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Data Ops workflows

BigQuery Per-Team Budget Breach Alert to PagerDuty

Tracks month-to-date BigQuery scheduled-query spend per team and, when a team crosses its monthly budget, pages the team's on-call in PagerDuty and snapshots the spend breakdown…

dbt orphan model detector with Linear cleanup tickets

Scans your dbt manifest for models that no other model, exposure, or BI tool consumes.

Weekly BigQuery Cost Trend Sheet and Exec Digest

Compiles week-over-week BigQuery scheduled-query cost by owner and dataset into a Google Sheet with trend columns.

Backfill Missing Owner Labels on BigQuery Scheduled Queries

Finds scheduled queries with no owner label, infers the likely owner from creator metadata and target-table lineage, proposes a label.

Daily BigQuery Scheduled-Query Cost Attribution to Owners

Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.

dbt source freshness watcher with severity-routed alerts

Checks Snowflake loaded-at timestamps against each dbt source's freshness SLA, then routes warnings to Slack and hard breaches to a PagerDuty incident so stale data never…

Browse all Data Ops →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Finance

Research & Trading Desk

Governance-first research, execution, and risk — every trade on the audit trail.

Operations

Internal Operations

Runbooks, on-call, vendor management — disciplined and audited.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →