How do I approach Coding & Algorithms interview questions?

Coding & Algorithms questions require understanding of core concepts and practice. PracHub provides solutions with explanations to help you master coding & algorithms interviews.

What difficulty level is this interview question?

This is a medium difficulty Coding & Algorithms question, commonly asked during Onsite rounds at LinkedIn.

What role is this question designed for?

This question is commonly asked for Machine Learning Engineer candidates at LinkedIn during technical interviews.

Implement alert queries and spike detection | LinkedIn Interview Question

Q: Implement alert queries and spike detection

This question evaluates a candidate's skills in streaming data structures, time-windowed aggregation, in-memory analytics for high-throughput alert ingestion, and array-based algorithmic reasoning for next-higher-element computation.

You are building an in-memory alert analytics component. Each alert has:

timestamp (integer seconds since epoch)
severity (one of a small fixed set, e.g., INFO/WARN/ERROR/CRITICAL )

Implement data structures / APIs to support the following:

Recent alerts (rolling 15 minutes)

countRecent(now) returns the number of alerts with timestamps in $(now-15*60, now]$ .

Severity distribution for the current hour

severityDist(now) returns a map severity -> count for alerts whose timestamps fall within the current hour window $[hourStart(now), now]$ (or $[hourStart, hourStart+3600)$ if you prefer full-hour reporting—state your assumption).
The system may receive many alerts per second; updates and queries should be efficient.

Spike detection on per-minute counts Given an array cnt[0..n-1] where cnt[i] is the number of alerts in minute i , compute an array nextHigher[0..n-1] where:

nextHigher[i] is the smallest index j > i such that cnt[j] > cnt[i]
if no such j exists, nextHigher[i] = -1

Notes

You can treat (1) and (2) as streaming/online; alerts arrive over time.
State any assumptions about out-of-order timestamps, retention limits, and memory.

You are building an in-memory alert analytics component. Each alert has:

timestamp (integer seconds since epoch)
severity (one of a small fixed set, e.g., INFO/WARN/ERROR/CRITICAL )

Implement data structures / APIs to support the following:

Recent alerts (rolling 15 minutes)

countRecent(now) returns the number of alerts with timestamps in $(now-15*60, now]$ .

Severity distribution for the current hour

severityDist(now) returns a map severity -> count for alerts whose timestamps fall within the current hour window $[hourStart(now), now]$ (or $[hourStart, hourStart+3600)$ if you prefer full-hour reporting—state your assumption).
The system may receive many alerts per second; updates and queries should be efficient.

Spike detection on per-minute counts Given an array cnt[0..n-1] where cnt[i] is the number of alerts in minute i , compute an array nextHigher[0..n-1] where:

nextHigher[i] is the smallest index j > i such that cnt[j] > cnt[i]
if no such j exists, nextHigher[i] = -1

Notes

You can treat (1) and (2) as streaming/online; alerts arrive over time.
State any assumptions about out-of-order timestamps, retention limits, and memory.

Implement alert queries and spike detection

Quick Overview

Notes

Comments (0)

Implement alert queries and spike detection

Quick Overview

Notes

Comments (0)