View violation and event details for incidents

When violations of the threshold set in an alert condition occur, depending on the policy's Incident preference settings, New Relic Alerts may create an incident. You can review information about incidents in several ways:

  • View the incidents index so you can scan for patterns in a list of incidents.
  • View the violations included in a specific incident to examine associated performance details.
  • View the events included in a specific incident to review the timestamps for events, such as a violation opening or closing, notifications, and acknowledgments.
New Relic Alerts incident page > Incidents > (select an incident): Notice that the alert condition's threshold was violated several times (the blue line dips under the red dotted line), but the alert was not triggered until the violation occurred for more than five minutes, as specified in the alert condition.

View the incidents index and violation details

Violations are grouped together into incidents. If you want to change how violations are grouped, open the associated alert policy and change the Incident preference setting.

To view violation details:

  1. Go to > Incidents > Open incidents or All incidents.
  2. Select an incident row.
  3. Select Violations to view a list of the violations included in this incident.
  4. Select one of the violations to see a chart and details for it.

Details for individual violation charts include:

  • Timing information: The shaded red area on the chart shows you the time period when the violation occurred, where the preceding shaded pink area represents the degradation period. If you select a violation that lasted longer than two hours, the timeline on the bottom of the chart will be jagged. To provide context for events in the incident, the chart also shows the time frame surrounding the violation.
  • Chart guidelines: The red dotted line marks the threshold for the alert condition. The blue line depicts performance information.
  • Anomalous behavior: If New Relic detects anomalous behavior near the time of the violation, you will see a notification in the violation details.

From this page, you can take action regarding the incident:

If you want to... Do this
Assume responsibility for the incident Acknowledge the incident by selecting the acknowledge 040815-icon-ack.png icon or button.
View information about events Mouse over any spot on the blue line in the chart to display event information.
Manually close the violation Below the chart, select the Manually close violation link.

Anyone in the account (Owner, Admins, Users, Restricted Users) who can view the violation can also close it.

Edit the alert policy or alert condition Select the Settings gear gear icon or select the name of the alert policy above the chart.

View the events in an incident

If you want to view alerting events across all products, go to > Events > All events. To view the events for just one incident:

  1. Go to > Incidents > Open incidents or All incidents.
  2. Select an incident row.
  3. Select Events (next to Violations) on the incident's page.
  4. Select one of the events to view a chart and details for it.

Time between violation and notification

There may be a difference of up to three minutes between the violation event time and the initial notification time due to variances in data processing time.

  • Notification time: The time in the notification reflects the timestamp of when New Relic received the request to deliver a notification.
  • Violation time: The time you see on the Events page for the violation reflects the timestamp of data collection for the last data point that contributed to opening the violation.

Anomalous behavior detection

Access to this feature depends on your subscription level and will no longer show eight days after the violation opens.

When we detect large changes in key signals in the alerting entity and/or upstream/downstream applications of the alerting entity, an "anomalous behavior detected" notification appears on the violation's page and in notification channels. You can:

  • Expand the notification for details about the detected anomaly (web only).
  • See upstream/downstream anomalies (Slack only).
  • Select a link to go to the relevant product chart for further investigation.
New Relic Alerts notification in Slack
Alerts incident: anomalous behavior (Slack)
Example of a New Relic Alerts "anomalous behavior detected" notification in Slack.
New Relic Alerts notification in PagerDuty
Alerts incident: anomalous behavior (PagerDuty)
Example of a New Relic Alerts "anomalous behavior detected" notification in PagerDuty.
New Relic Alerts Incidents page on web
New Relic Alerts detects anomalous behavior in a related service and shows it alongside the incident. > Incidents > (select an incident): New Relic Alerts automatically shows unusual or anomalous behavior that might be related to an incident.

For more help

Recommendations for learning more: