NerdGraph tutorial: NRQL condition alerts

You can manage alerts conditions using our NerdGraph API.

Tip

See the NerdGraph introduction for help getting started with NerdGraph and the NerdGraph explorer.

Steps to create a NRQL condition

Follow these steps:

Decide which condition type you want to create (see NRQL Condition threshold types).
Find your relevant policyID by doing one of the following:
- Use the NerdGraph policies API.
- Go to one.newrelic.com > All capabilities > Alerts > Alert conditions (Policies). Choose a policy. Find the ID under the policy name.
Provide the appropriate mutation for your NRQL condition type and the relevant values.

Tip

The NerdGraph GraphiQL explorer is the best place to find up-to-date documentation about the per-field specifics of the NerdGraph NRQL Conditions API. For example, questions like "What does the valueFunction field accept?" are best answered with the inline NerdGraph documentation.

NRQL static condition

Here's an example of creating a static condition:

mutation {
  alertsNrqlConditionStaticCreate(
    accountId: YOUR_ACCOUNT_ID
    policyId: YOUR_POLICY_ID
    condition: {
      name: "Low Host Count - Catastrophic"
      enabled: true
      nrql: {
        query: "SELECT uniqueCount(host) FROM Transaction WHERE appName='my-app-name'"
      }
      signal: {
        aggregationWindow: 60
        aggregationMethod: EVENT_FLOW
        aggregationDelay: 120
      }
      terms: {
        threshold: 2
        thresholdOccurrences: AT_LEAST_ONCE
        thresholdDuration: 600
        operator: BELOW
        priority: CRITICAL
      }
      valueFunction: SINGLE_VALUE
      violationTimeLimitSeconds: 86400
    }
  ) {
    id
    name
  }
}

NRQL baseline condition

Here's an example of creating a baseline condition:

mutation {
  alertsNrqlConditionBaselineCreate(
    accountId: YOUR_ACCOUNT_ID
    policyId: YOUR_POLICY_ID
    condition: {
      name: "Baseline Condition"
      enabled: true
      baselineDirection: UPPER_ONLY
      nrql: { query: "SELECT average(duration) FROM Transaction" }
      signal: {
        aggregationWindow: 60
        aggregationMethod: EVENT_FLOW
        aggregationDelay: 120
      }
      terms: {
        threshold: 13
        thresholdDuration: 180
        thresholdOccurrences: ALL
        operator: ABOVE
        priority: CRITICAL
      }
      violationTimeLimitSeconds: 86400
    }
  ) {
    id
    name
    baselineDirection
  }
}

Create cross-account alert

Here's an example of creating a static condition:

mutation {
  alertsNrqlConditionStaticCreate(
    accountId: YOUR_ACCOUNT_ID
    policyId: YOUR_POLICY_ID
    condition: {
      name: "Low Host Count - Catastrophic"
      enabled: true
      nrql: {
        query: "SELECT uniqueCount(host) FROM Transaction WHERE appName='my-app-name'"
        dataAccountId: YOUR_DATA_ACCOUNT_ID
      }
      signal: {
        aggregationWindow: 60
        aggregationMethod: EVENT_FLOW
        aggregationDelay: 120
      }
      terms: {
        threshold: 2
        thresholdOccurrences: AT_LEAST_ONCE
        thresholdDuration: 600
        operator: BELOW
        priority: CRITICAL
      }
      violationTimeLimitSeconds: 86400
    }
  ) {
    id
    name
  }
}

Update a condition

Complete the following:

Determine the type of your existing condition by requesting the type field in a nrqlConditionsSearch query like this:
```
{
  actor {
    account(id: YOUR_ACCOUNT_ID) {
      alerts {
        nrqlConditionsSearch {
          nrqlConditions {
            id
            type
          }
        }
      }
    }
  }
}
```
Tip
The type returned is what you use for your update mutation. For example, if the type returned is STATIC, use alertsNrqlConditionStaticUpdate. If the type returned is BASELINE, use alertsNrqlConditionBaselineUpdate.
Provide the id of your condition to your relevant condition type mutation. Note that you can only update conditions of the relevant type.

Only provide update mutations for the fields you want to update. Fields you don't provide in the update are not touched.

Update mutations

Only fields that you provide in the update are changed. In the following example, baselineDirection returns unchanged, but name is updated.

mutation {
  alertsNrqlConditionBaselineUpdate(
    id: YOUR_CONDITION_ID
    accountId: YOUR_ACCOUNT_ID
    condition: { name: "Your updated name" }
  ) {
    id
    name
    baselineDirection
  }
}

List and filter NRQL conditions

To list or filter your NRQL conditions, use the nrqlConditionsSearch query in NerdGraph.

The basic of list functionality for NRQL conditions allows you to paginate through your NRQL conditions as well as request the total count of conditions per account.

The nrqlConditionsSearch query utilizes cursor pagination to paginate through resources. The idea behind cursor pagination is that the client will request a cursor in a programmatic loop until the cursor comes back empty.

An initial list response will look something like this:

{
  actor {
    account(id: YOUR_ACCOUNT_ID) {
      alerts {
        nrqlConditionsSearch {
          nextCursor
          nrqlConditions {
            id
            name
            type
          }
          totalCount
        }
      }
    }
  }
}

This example returns a JSON response like this:

{
  "data": {
    "actor": {
      "account": {
        "alerts": {
          "nrqlConditionsSearch": {
            "nextCursor": "WOwfJ4+TWm9QTFeKMGyg+w==:QqkI8S4+Wwnpno6z+uk8kQ==",
            "nrqlConditions": [
              {
                "id": "4432",
                "name": "Baseline Condition",
                "type": "BASELINE"
              },
              {
                "id": "443",
                "name": "A static condition",
                "type": "STATIC"
              }
              // more conditions here in reality
            ],
            "totalCount": 435
          }
        }
      }
    }
  }
}

In order to paginate through conditions in the response, have the client request the cursor to be returned until the nextCursor returns from the response as null:

{
  actor {
    account(id: YOUR_ACCOUNT_ID) {
      alerts {
        nrqlConditionsSearch(
          cursor: "WOwfJ4+TWm9QTFeKMGyg+w==:QqkI8S4+Wwnpno6z+uk8kQ=="
        ) {
          nextCursor
          nrqlConditions {
            id
            name
            type
          }
          totalCount
        }
      }
    }
  }
}

Certain fields are only available on specific NRQL condition types. The main reason that mutations are split between the different condition types is because they have minor differences between the fields they accept.

For example, valueFunction is only relevant for static NRQL conditions and baselineDirection is only relevant on baseline NRQL conditions.

But if these fields are only available on these certain condition types, how do we return them in a list of all of our condition types? The answer is a GraphQL convention known as inline fragments. Inline fragments allow you to access the data on a specific type of NRQL condition:

{
  actor {
    account(id: YOUR_ACCOUNT_ID) {
      alerts {
        nrqlConditionsSearch {
          nrqlConditions {
            id
            name
            type
            ... on AlertsNrqlStaticCondition {
              valueFunction
            }
            ... on AlertsNrqlBaselineCondition {
              baselineDirection
            }
          }
        }
      }
    }
  }
}

In the previous example query, we are asking GraphQL to do the hard work for us to determine which NRQL conditions are the correct type.

So, when the returned type is a static condition, it will return the valueFunction in the object, and when the returned type is an baseline condition, it will return baselineDirection instead. Here is an example response:

{
  "data": {
    "actor": {
      "account": {
        "alerts": {
          "nrqlConditionsSearch": {
            "nrqlConditions": [
              {
                "baselineDirection": "UPPER_ONLY",
                "id": "342",
                "name": "My baseline condition",
                "type": "BASELINE"
              },
              {
                "id": "553",
                "name": "My static condition",
                "type": "STATIC",
                "valueFunction": "SINGLE_VALUE"
              }
            ]
          }
        }
      }
    }
  }
}

You can filter NRQL conditions with the searchCriteria argument of the nrqlConditionsSearch query:

Here's an example of filtering NRQL conditions with matching by name. This query returns NRQL conditions that match the provided name. Note that this match is case insensitive.

{
  actor {
    account(id: YOUR_ACCOUNT_ID) {
      alerts {
        nrqlConditionsSearch(searchCriteria: { name: "Baseline Condition" }) {
          nrqlConditions {
            id
            name
            type
          }
        }
      }
    }
  }
}

Singular NRQL condition queries

You can use the NRQL condition API to query for a singular condition. Run the nrqlCondition query in the alerts namespace.

Similar to type specific fields on the nrqlConditionSearch query, you can also use these inline fragments to request fields that are restricted to a NRQL condition type.

{
  actor {
    account(id: YOUR_ACCOUNT_ID) {
      alerts {
        nrqlCondition(id: YOUR_CONDITION_ID) {
          id
          name
          ... on AlertsNrqlStaticCondition {
            valueFunction
          }
        }
      }
    }
  }
}

Update the description

This will walk you through the procedure to create a description for a NRQL alert condition.

Get all the conditions for a policy:

{
  actor {
    account(id: YOUR_ACCOUNT_ID) {
      alerts {
        nrqlConditionsSearch(searchCriteria: { policyId: YOUR_POLICY_ID }) {
          nrqlConditions {
            id
            name
            description
            enabled
            nrql {
              query
            }
            signal {
              aggregationWindow
              aggregationMethod
              aggregationDelay
              aggregationTimer
            }
            policyId
            runbookUrl
            terms {
              operator
              thresholdDuration
              threshold
              priority
              thresholdOccurrences
            }
            type
            violationTimeLimitSeconds
          }
        }
      }
    }
  }
}

Get the details for a single condition:

{
  actor {
    account(id: YOUR_ACCOUNT_ID) {
      alerts {
        nrqlCondition(id: "YOUR_CONDITION_ID") {
          description
          id
          enabled
          name
          nrql {
            query
          }
          signal {
            aggregationWindow
            aggregationMethod
            aggregationDelay
            aggregationTimer
          }
          policyId
          runbookUrl
          terms {
            operator
            priority
            threshold
            thresholdDuration
            thresholdOccurrences
          }
          type
          violationTimeLimitSeconds
        }
      }
    }
  }
}

Create a mutation with the description.

Here's an empty mutation template:

mutation {
  alertsNrqlConditionStaticUpdate(
    accountId: YOUR_ACCOUNT_ID
    id: "YOUR_CONDITION_ID"
    condition: { description: "" }
  ) {
    description
  }
}

Here's an example mutation with an included example description:

mutation {
  alertsNrqlConditionStaticUpdate(
    accountId: 123456
    id: "123456"
    condition: {
      description: "timestamp : {{timestamp}} \n accountId : {{accountId}} \n type : {{type}} \n event : {{event}} \n description : {{description}} \n policyId : {{policyId}} \n policyName: {{policyName}} \n conditionName : {{conditionName}} \n conditionId : {{conditionId}} \n product : {{product}} \n conditionType : {{conditionType}} \n RunbookUrl : {{runbookUrl}} \n nrqlQuery : {{nrqlQuery}} \n nrqlEventType : {{nrqlEventType}} \n targetID : {{targetId}} \n targetName : {{targetName}} \n commandLine : {{tag.commandLine}} \n entityGuid : {{tag.entityGuid}} \n entityName : {{tag.entityName}} \n fullHostname : {{tag.fullHostname}} \n instanceType : {{tag.instanceType}} \n processDisplayName : {{tag.processDisplayName}}"
    }
  ) {
    description
  }
}

Delete conditions

You can use the alertsConditionDelete mutation to delete any type of condition. You can only request the id field on a delete mutation; for example:

mutation {
  alertsConditionDelete(accountId: YOUR_ACCOUNT_ID, id: YOUR_CONDITION_ID) {
    id
  }
}

NerdGraph tutorial: NRQL condition alerts

Tip

Steps to create a NRQL condition

Tip

NRQL static condition

NRQL baseline condition

Create cross-account alert

Update a condition

Tip

Update mutations

List and filter NRQL conditions

Request type-specific fields

Filter NRQL conditions

Singular NRQL condition queries

Update the description

Delete conditions

NerdGraph tutorial: NRQL condition alerts

Tip

Steps to create a NRQL condition .css-21sua1{background:none;border:none;width:0;padding:0;}

Tip

NRQL static condition

NRQL baseline condition

Create cross-account alert

Update a condition

Tip

Update mutations

List and filter NRQL conditions

Request type-specific fields

Filter NRQL conditions

Singular NRQL condition queries

Update the description

Delete conditions

Steps to create a NRQL condition