• /
  • EnglishEspañolFrançais日本語한국어Português
  • Log inStart now

Incident event attributes

A condition opening an incident generates an event, which passes important information downstream.

For more about the definition of incidents and other terms, see our glossary.

What is an incident event?

An incident event is an event where a condition threshold defined in a an alert policy is breached. This event has various attributes (metadata) attached to it and different attributes can be used by different features.

Important

The incident event is a concept used to determine alerting features. While you can query some of its associated attributes via NerdGraph, you cannot directly query the incident event.

NrAiIncident event attributes

This table shows incident event attributes. The incident event data type is collected in NrAiIncident.

You may be wondering why we're using NrAiIncident as the name for the incident event data type. Although sometime you can see these events as "violations," they are called "incidents" in our UI.

All attributes are available for use in a description. Read about attributes available for muting rules.

Attribute

Description

accountId

The ID of the account where the incident occurred.

Available for muting rules.

aggregationDuration

The active condition's aggregation window.

closeCause

If applicable, what caused the incident to close.

Available values:

CONDITION_DELETED: Condition deleted.

CONDITION_DISABLED: Condition disabled.

CONDITION_MODIFIED: Condition edited.

EVALUATOR: Natural close because the metric has ceased to breach the threshold.

EXPIRED: Incident closed due to TTL.

INCIDENT_WORKFLOW_INTEGRATION: A third party closed the issue or incident through an API call.

LABEL_BINDINGS_CHANGED: The label was removed from the target, causing it to no longer be covered by the condition. This only applies to APM/Mobile/Browser/Infrastructure conditions.

LOSS_OF_SIGNAL: Signal was lost, and incident was closed based on loss of signal settings.

MAINTENACE: New Relic was performing maintenance and we closed the incident as part of it.

POLICY_DELETED: Policy was deleted.

TARGET_REMOVED: The target was removed from the condition.

USER: Closed manually by a user.

closeTime

If applicable, the timestamp when the incident was closed.

closeViolationsOnExpiration

If true, open incidents on the signal are closed if the signal is lost. Default is false. To use this field, an expirationDuration must be specified.

conditionId

The ID of the condition that triggered the incident.

Available for muting rules.

conditionName

The name of the condition that triggered the incident.

Available for muting rules.

degradationTime

The timestamp when the targeted metric started to breach the active condition's threshold.

description

The contents of the active condition's Violation Description field.

NRQL or infrastructure conditions only. Not available for use with alert condition title or description templates.

entity.guid

The targeted entity's globally unique identifier, if available.

Available for muting rules.

entity.name

The targeted entity's name, if available.

entity.type

The targeted entity's type, if available.

evaluationOffsetSeconds

The active condition's evaluation offset. A time delay (in seconds) to ensure data points are placed in the correct aggregation window.

If you use the Delay/timer setting in the UI, it clears evaluationOffsetSeconds and uses Delay/timer instead.

evaluationType

The reason the incident was opened. Available values:

  • Threshold (the condition threshold was breached)
  • Expiration (the entity's signal was lost)

event

The record's event type.

Available values: Open and Close.

expirationDuration

The active condition's signal loss time window.

incidentId

The unique identifier of the incident. Not available for use with alert condition title or description templates.

muted

Shows whether the active condition was muted at the time of the incident event.

mutingRuleId

The unique identifier of the muting rule that caused the incident to be muted.

nrqlEventType

The type of data targeted by a NRQL condition. In this context, this refers to any NRQL-queryable data type.

Available for muting rules.

nrqlQuery

The full string of the NRQL query. Can be used for sub-string matching on attributes in the WHERE clause.

Available for muting rules.

openTime

The timestamp when the incident was opened.

operator

The incident threshold's operator, such as =, <, or >.

For signal loss incidents, this is an empty string.

policyId

The ID of the policy that triggered the incident.

Available for muting rules.

policyName

The name of the policy that triggered the incident.

Available for muting rules.

priority

The level of the incident: warning or critical.

recoveryTime

The timestamp when the active condition's targeted metric stops breaching the threshold.

runbookUrl

The runbook URL for the condition that triggered the incident.

Available for muting rules.

tags.*

Arbitrary key-value metadata, or tags, associated with the incident. tags. is the prefix and * is the metadata/tag name. For details on how to use this, see the documentation for muting rules or description.

Available for muting rules.

targetName

The name of the incident's target. This can be an entity or a query.

Available for muting rules.

threshold

The active condition's threshold value.

thresholdDuration

The active condition's threshold time window.

thresholdOccurrences

Shows whether for at least or at least once in occurrence values are being used in the active condition's threshold. Available values: all or any.

timestamp

The event's wall clock time using an epoch timestamp.

title

The incident's title.

type

The incident's type.

Available value: Incident.

valueFunction

The active condition's aggregation function.

Used in APM, browser, and mobile alert condition types.

violationTimeLimitSeconds

The active condition's incident time limit setting.

violationUuId

Deprecated. Do not use.

Copyright © 2025 New Relic Inc.
CareersTerms of ServiceDMCA PolicyPrivacy NoticeCookie PolicyUK Slavery Act

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.