Skip to main content
Burst protection applies to infrastructure symptoms that can repeat for every affected request when a dependency fails. Examples include database timeouts, connection failures, and TLS failures. These policies guard the log pipeline during failures. Tero excludes business events because user activity bounds their volume.

Signals

SignalDescription
Failure amplificationOne dependency failure can cause many requests to emit the same error.
Infrastructure symptomThe event describes timeout, refused connection, DNS, TLS, or similar infrastructure failure.
Unbounded repeatabilityThe event can repeat as fast as traffic reaches the failing path.
Low per-event uniquenessRepeated events contain the same failure shape with limited distinguishing context.

Example

{
  "severity_text": "ERROR",
  "body": "Connection to postgres failed: timeout",
  "service.name": "order-service",
  "database": "products"
}
id: burst-protection-postgres-timeout-order-service
name: Burst protection for postgres timeout in order-service
description: Rate limit infrastructure errors that flood during outages.
log:
  match:
    - resource_attribute: service.name
      exact: order-service
    - log_field: body
      regex: "^Connection to postgres failed"
  rate_limit: 100/s

Enforce at edge

Rate limit matching infrastructure failures before they leave your infrastructure.
Use edge enforcement: the point is protecting the pipeline during failures.

Detection notes

Tero analyzes each log event for burst risk: whether a failure could cause the event to repeat at high volume. For events at risk of bursting, Tero can generate a scoped rate-limit policy. Tero scopes burst protection to each event shape. It applies circuit breakers to infrastructure symptoms and routes unrelated business events through their normal policy path.