Anomaly Detection vs. NRQL Query Differences

I’m trying to create an alert based on NewRelic’s anomaly detection to be sent to Opsgenie, however, the NRQL baseline condition that I have configured alerts more often than NewRelic’s actual detected anomalies for the web throughput.

I used the NRQL that was generated from a similar web throughput, set the alert to be baseline, using a StdDev of 3 over 5 minutes, and an aggregation session of 1 minute.

What is the exact conditions for the anomaly detection, or is there a better way that I can directly alert opsGenie off of an anomaly.

Thank you

Hey there @ekellog,

I hope you are well, welcome to the community and awesome job on your first post!

While your question is a bit out of my scope I am looping in one of our alerts experts to help answer this. Would you be able to provide us with the query you are attempting to utilize for this alert? It will help our engineering team pinpoint what could be giving you trouble.

Our engineers will post here when they have a response ready. Please also let us know if there is anything else we can help with!

Thanks @michaelfrederick!

The NRQL I’m using is:
FROM Metric SELECT rate(count(newrelic.timeslice.value), 1 minute) AS 'Web throughput' WHERE metricTimesliceName = 'HttpDispatcher' WHERE entityGuid = 'myEntityID'

I copied this from what seems to alert for the anomaly detection, but think the differences for my alert are on the StdDev and aggregation sessions.

Hi @ekellog

Thanks for sharing, I can see the engineer team are working on this currently.

They will be sure to reply here with any updates.

Please feel free to reach out with any additional questions or udpates!

Hi @ekellog ! Anomaly detection won’t generate notifications. However, you can configure a NRQL alert condition for the NrAiAnomaly event. Learn more on how to query anomaly data. This is the best way to alert opsGenie of an anomaly.

1 Like