Alerts not firing in some cases with Event Flow

Hello!

I have 2 alert conditions against a monitor, one with event flow and one with cadence (or the legacy aggregation method) .
and the event flow one is not raising alerts in some cases where as the cadence is raising those alerts even though both have the same Open violation condition settings.

eg: incident id - 694912189 . This alert was raised by the condition with cadence settings.

Alert policy - https://one.newrelic.com/nrai/alerts-classic/policies?account=3011666&state=cbe9eda1-5971-6855-dd3b-5a9bf7d51029

Both these conditions have the same Open violation condition
image

Why did the alert condition
https://one.newrelic.com/nrai/condition-builder/edit?account=3011666&state=e5e5a9c1-e77d-8139-ae38-3d8253ea0cf0
fail to raise an alert in this case?

1 Like

Hey there @varsha.gopal,

Welcome to the Explorers Hub!

While I am not able to pinpoint exactly why you are only receiving alerts with cadence and not event flow, I am looping in an engineer from the alerts team to help narrow this down further. They will respond here to this post once we have a solution for you. We do appreciate your patience as we work through this.

Please reach out if you have any further questions regarding this or anything else and we will be happy to help!

It looks like you are using the Event Flow aggregations method. Event Flow needs 2 data points before it will aggregate the data. If the ingested data is ‘gappy’ this can cause a long delay in incidents opening up. After 65 minutes, if a second point of data has not been received, the first point of data falls off into a ‘stale’ data category and is no longer considered. What this means is that if your data is not coming in pretty consistently with a data point that is not null or has large window of time where it may not send anything to New Relic then you want to use timer.

Choose your aggregation method
New aggregation methods for NRQL alert conditions
Relic Solution: How Can I Figure Out Which Aggregation Method To Use?

1 Like

Thanks for the response.

If the data were indeed gappy, wouldn’t that affected cadence based alerts too? Since that got raised and the one with EventFlow dint. Both these alert conditions have the same open violation condition.

Also, from the Synthetics monitor result, it looks like there is a datapoint for every minute?

Hi @varsha.gopal

Thanks for the feedback here, I will need to loop in the engineering team here as this is out of my scope.

Please note they will reach out here with their findings, please feel free to reach out with any updates or questions you may have!

@varsha.gopal - That is correct. Cadence aggregation method alert conditions would also be affected by data that is not coming in consistently. As a matter of fact, since this is the legacy aggregation streaming method they are subject to more than data inconsistency and we do not recommend using it. As far as a data point every minute, your Synthetic checks may be happening every minute but your query is using a filter for FAILURE. Your check hopefully isn’t failing every minute so a datapoint will only be evaluated when the monitor fails. Otherwise, it will be a 0 value which would be a NULL since you are using COUNT().