I'm recently getting into Flink SQL, which I find great for conducting low-in-code analytics. However, I was just wondering whether it could be a good fit for alerting applications, too. Alerts of the form `cpu.usage > 75% and mem.usage > 75%` would be easy to translate into SQL, for example. For more complicated alerts, there are nice features such as JSON Functions or the MATCH_RECOGNIZE clausule that would come in very handy.
However, in a system where users can define their own alerts, that would mean having one SQL job per alert, meaning that one would end up with many such jobs in production. Would something like this work in practice? Or would it just be too expensive or impractical to manage? The best alerting-related resource that I've found so far is this blog post series: https://flink.apache.org/news/2020/01/15/demo-fraud-detection.html https://flink.apache.org/news/2020/03/24/demo-fraud-detection-2.html but this is based on the DataStream API, maybe confirming my Flink SQL unsuitability for such use cases? Thanks in advance, Salva
