Modern companies manage dozens, if not hundreds, of domains, origins, and microservices across global infrastructure. When something breaks, locating the source is the first challenge, and without proactive alerting, teams are stuck in reactive mode: clicking through dashboards, checking services one by one, and waiting for customers to report problems. This increases Mean Time to Detect and Resolve (MTTD/MTTR), leading to lost revenue, burned-out engineers, and frustrated users. Alerts solve this by acting as an early warning system at the edge, catching anomalies before they escalate and telling you exactly what went wrong and where. With the right setup, those alerts integrate directly into your existing workflows (Slack, PagerDuty, Teams), notifying the right people instantly.
We're excited to announce a significant improvement to how alerts and notifications are surfaced in the Fastly control panel. Previously, customers had to navigate between multiple locations, check one place for support and maintenance notices, another for observability alerts, and then into billing settings for spend alerts. Today, we're bringing all of these alerts together into a centralized experience where you can access notifications with complete situational awareness.
The new notification drawer consolidates observability alerts, Fastly Service Advisories, and spend alerts into a single global side panel, accessible via one bell icon in the top navigation bar of every Fastly Control Panel page. Only active alerts are displayed, ensuring the panel remains actionable rather than cluttered with historical noise. Each alert surfaces key attributes such as timestamp, alert title, metric, and service name to give you immediate context without overwhelming detail. When you need to dig deeper, a single click takes you directly to the relevant source page: alert details for observability, message details for platform notices, or plan usage for spend alerts.
So, which alerts should you prioritize? Based on what the most operationally mature teams are tracking, here are the five essential alerts every engineering team should configure for performance today.
Total Traffic Volume
A sudden spike in requests could signal a viral moment, a bot attack, or a misconfigured client hammering your API. A sudden drop in requests is often the first sign of a major outage. Your site might be down, but if no one is requesting it, your origin won't even know. Tracking request volume gives you a baseline so you can detect anomalies. A 50% traffic drop on your checkout subdomain at 10 AM on Black Friday? That's not users taking a break. It's likely a DNS issue or a broken deployment, and you want to know immediately.
Total Bandwidth & Changes
Bandwidth is a direct indicator of both user engagement and cost. Unexpected spikes can signal unexpected bandwidth consumption from misconfigurations, abuse, or malicious traffic. On the other hand, unexpected drops often mirror request drops and can indicate availability issues, origin failures, or misconfigurations preventing content from being delivered. For teams focused on cost optimization, bandwidth alerts are critical for two reasons: catching inefficiencies that inflate your bill before month-end, and identifying drops that may point to lost traffic and revenue.
4xx Client Side Errors
Your service may be showing 4xx errors, which indicate problems with how users are accessing your service. A sudden increase in 404 Not Found errors could mean a broken link or a larger infrastructure problem. Your customers are being led to a sad and empty 404 page. A spike in 403s, where a request is denied access, could indicate an overly aggressive WAF rule blocking legitimate users. If you see an uptick in 429 error codes, that could mean you're unintentionally throttling real customers.
5xx Server Side Errors
If you find 5xx errors, those indicate a server-side issue where your origin is failing. For those managing multiple origins, 502 and 504 errors often mean that your origin is unreachable or timing out. These backend errors have the potential to cascade into system-wide outages. Even a small percentage of 5xx errors can erode user trust and impact SEO rankings. For example, your primary origin in the Eastern US starts throwing 503s, and your European users are the first affected. An alert tells you which origin and which region in seconds. You can locate these errors before another tool does, because the edge is closer to the user.
DDoS Attacks
DDoS attacks don't announce themselves politely. They overwhelm your infrastructure with illegitimate traffic, crowding out real users. By the time your origin notices, it may already be buckling under load. The Fastly platform detects those attacks and mitigates them before you are affected, but DDoS detection alerts still give you the earliest possible warning, as well as historical stats to understand or detect trends. Tracking DDoS attempts over time also helps you understand your threat landscape and justify security investments.
Spend Alerts
While tracking traffic and bandwidth helps you prevent issues for your users, Spend Alerts help you avoid "bill shock" and financial surprises. By setting granular thresholds, you transform your billing from a month-end surprise into a proactive diagnostic tool. Seeing your daily burn rate double by lunchtime isn't just an accounting quirk; it’s an early warning that your infrastructure is scaling inefficiently or your resources are being mismanaged.
Correlation accelerates root cause analysis
Each alert on its own is valuable, but the real power emerges when you deploy them together as an interconnected early-warning system. When an incident occurs, it rarely presents itself cleanly. Instead of a single flashing red light, you get a cascade of symptoms. Real efficiency happens when you can correlate signals:
Traffic spike + 5xx spike + bandwidth spike = Likely an event overwhelming your origin, or a DDoS attack. Respond by trying to scale origin capacity or activate mitigation rules.
Traffic drop + 4xx spike (404s) = A broken deployment might have removed a critical route, or a DNS misconfiguration is sending users to the wrong place. Rolling back the deployment or checking DNS propagation can help mitigate the issue.
DDoS alert + 5xx spike + no bandwidth increase = An application-layer attack may be exhausting your origin's resources without consuming much bandwidth. You can activate rate limiting or block malicious IPs.
Your Edge Sees Everything First – Let It Tell You What Matters
In complex, distributed environments, the edge is your best vantage point. Without alerts surfacing signals in real time, your team is left piecing together the puzzle manually, jumping between dashboards, querying logs, and burning precious minutes while users churn. Proactive alerting reduces this cognitive load by telling you exactly what's wrong and where, transforming hours (or days) of firefighting into minutes of focused response.
The business case is simple: faster incident detection leads to higher availability, which drives better user experiences and ultimately protects revenue. Configuring these alerts takes minutes, but the payoff lasts as long as your infrastructure runs. You can configure most of these alerts by navigating to Observability > Alert definitions. For Spend alerts, navigate to Account > Billing > Spend Alerts.
Get Started: Configure Your Essential Fastly Alerts Today
Get started by configuring your first alert today, and access all of your notifications from anywhere in the control panel by clicking the bell icon on the right-hand side of each page.