New Relic Alerts concepts and workflow

New Relic Alerts lets you create customized alerting solutions for monitoring your system. This document contains:

Introduction to important concepts

New Relic Alerts workflow diagram
To use New Relic Alerts well, it will help you to understand the general flow of how the alert conditions and policies you create lead to violations and notifications.

To use New Relic Alerts well, it will help you to understand some terms we use. For in-depth definitions of these and other Alerts terms, see the glossary.

Alerts terminology Comments
Condition

An alert condition includes: a monitored data source and thresholds that define the behavior that will be considered a violation.

For example, a specific alert condition might be described in this way: "If the response time for any page load in my app goes above 8 seconds and that lasts for more than 5 minutes, that is a violation."

Threshold

A threshold is part of a condition; it defines the behavior considered a violation. When you create a condition, there is a required critical-level threshold. Optionally you can set a secondary warning-level threshold.

Violation

A violation occurs when the value of a data source crosses an alert condition's threshold. A violation does not directly generate a notification. However, violations can lead to incidents, which in turn generate notifications.

Incident

Incidents are what generate notifications. At the alert policy level, you set the incident preference, which determines how violations are handled and combined to generate incidents.

For example, you may want to have every single violation generate an incident (many notifications), or you may want to have only a single incident open at a time across an entire policy (few notifications). Setting the incident preference gives you power over how notifications are created and helps prevent alert fatigue.

Policy

An alert policy is a group of one or more alert conditions. A policy has two settings that apply to all of its conditions: incident preference and notification channels. You must create a policy before you can add conditions to it.

Notification

At the alert policy level, you choose what team members will get notified when an incident occurs, and how they will be notified (notification channels such as webhooks, Slack rooms, email, etc.).

Basic workflow

Now that you understand some basic concepts and terms, let's look at a typical workflow for creating an alert policy and an alert condition attached to that policy:

  1. Create an alert policy. When you create a policy:
    • Give it a meaningful name. For example: the group or team's name, or the set of resources or services the alert policy targets.
    • Set the incident preference, which determines how violations become incidents.
    • Set notification channels.
  2. Create an alert condition that will be attached to that policy. Steps involved in creating a condition include:

    • Choose a data source that will be monitored (for example, an APM metric or a NRQL query).
    • Set the thresholds that define what behavior will produce a violation.
    • Optional: Include a runbook URL, which is used to share standard procedures for how to handle alert notifications.
  3. Optional: Add more conditions to that same policy.

In addition to receiving notifications, you can view the alert incident or event details from the Alerts UI.

What's next?

To learn more about using Alerts:

For more help

Recommendations for learning more: