Violation event attributes

The violation of a New Relic alert condition generates a violation event, which passes important information downstream.

For more about the definition of violation and other terms, see Alerts concepts.

What is a violation event?

A violation of an alert condition generates a violation event. This event has various attributes (metadata) attached to it, and different attributes can be used by different features.

The violation event is a concept used to determine alerting features. While you can query some of its associated attributes via NerdGraph, you cannot directly query the violation event.

Violation event attributes

This table shows violation event attributes.

All attributes are available for use in a description. The ones available for muting rules are indicated.

Attribute Description Muting rules?
accountId The ID of the account where the violation occurred. [check icon]
conditionId The ID of the alert condition that triggered the violation. [check icon]
conditionName The name of the alert condition that triggered the violation. [check icon]
conditionType The type of alert condition that triggered the violation. Available values: baseline, external service, host not reporting, jvm metric, key transaction metric, location failure, metric, monitor failure, outlier, process running, response time percentile, static. [check icon]
event Available values: Open, Close, Muted, Acknowledge, Sent.
product The New Relic product of the violation’s target. Available values: NRQL, BROWSER, PLUGINS, INFRASTRUCTURE, APM, SYNTHETICS, MOBILE, SERVERS. [check icon]
runbookUrl The runbook URL for the alert condition that triggered the violation. [check icon]
nrqlEventType

The type of data targeted by an alert NRQL condition. In this context, this refers to any NRQL-queryable data type.

[check icon]
nrqlQuery The full string of the NRQL query. Can be used for sub-string matching on attributes in the WHERE clause. [check icon]
policyId The ID of the alert policy that triggered the violation. [check icon]
policyName The name of the alert policy that triggered the violation. [check icon]
tag.* Arbitrary key-value metadata, or tags, associated with the violation. tag. is the prefix and * is the metadata/tag name. For details on how to use this, see the documentation for muting rules or description. [check icon]
targetName The name of the violation’s target. [check icon]
type Possible values: Violation, Incident, Notification.

For more help

Recommendations for learning more: