Alerting concepts and terms

To make the best use of New Relic alerting and applied intelligence features, it will help you to understand some basic terms and concepts.

A diagram showing how violations of alert conditions result in incidents, how incidents result in issues, and how the logic in workflows results in notifications.

You set up alerts for your telemetry data by configuring alert conditions, which define what will constitute a violation and trigger an incident. For example, you might want to create an alert condition that opens an incident if a host's CPU goes above 80%. Incidents result in an issue, which is the thing that actually results in notifications. Issues are groups of incidents that describe the underlying problem of your symptoms. When a new incident is created, an issue is created. Incidents are groups of events that describe the "symptoms" of your system over time. These symptoms are detected by your New Relic alert conditions, or your external monitoring tools. Events indicate a state change or trigger defined by your New Relic alerts conditions or external monitoring systems. An event contains information about the affected entity.

Conditions live inside an alert policy. The policy contains higher-level settings that govern all the conditions in that policy. One setting is issue creation preference, which governs how multiple incidents can get grouped into a single issue. For example, you might decide that every incident gets its own issue, or you might group them by condition, or you might group them by policy. We have built-in decisions, which are logical operations that group issues into larger issues (you can also create your own custom decisions). If you have enabled decisions, other issues will be evaluated to see if they can be correlated with the newly created issue. If so, the correlated issues will be merged together to reduce noise, and facilitate root cause analysis.

Issues in turn can trigger workflows, which are what give you control over how issues are turned into notifications. Destinations are the services by which you get notified. We support common services like Slack, PagerDuty, ServiceNow, and also simple web hooks. It's good practice to carefully manage the setup of destinations so that users aren't creating redundant destinations.

Want to get started making your first alert? See Your first alert.