There has been growing interest in large-scale distributed monitoring systems. A recent short paper posited that these infrastructures lack a critical component, namely distributed triggers that fire when an aggregate of remote-site behavior exceeds some threshold. A significant challenge is to reduce the substantial aggregate network bandwidth required to detect such threshold violations. We designed a system consisting of distributed monitors (that produce time series data from ongoing tracking) and a centralized coordinator responsible for firing the triggers. Our system supports general aggregate trigger conditions (based on instantaneous, fixed-window, or varying-window violations of a specified threshold value), while meeting target-false alarm and missed-detection rates, and simultaneously minimizing the communication overhead. To reduce overhead, our algorithms adaptively optimize for the goal of firing the trigger accurately, and not for estimating the aggregate time series signal itself. Moreover, filtering at remote monitors is guided by the coordinator that leverages its summary view to inform each monitor about the level of accuracy it needs to report. We evaluated our system using time series data generated from SNORT logs on PlanetLab nodes and show that even with these highly variable data streams, we can achieve high detection accuracy with very little communications overhead.