Currently, I can create an alert based on a log query, but I am having trouble finding a good way to link back to the relevant logs from the incident when a violation occurs.
I can go to New Relic Logs and enter a query to show errors from a specific container, like so:
I then use the “Create an alert from this” option to create an alert condition, which converts my log search to the following NRQL query:
SELECT count(*) FROM Log WHERE
container_name= ‘my_container’ AND
I set the other options so that I am alerted and an incident is created each time an error occurs in this container.
When an error occurs, the first thing I want to do is check the logs to see what happened immediately before and after the alert was triggered, and maybe expand the results to see what is going on with other containers around the same time. However, the incident page only provides a “Go to Log query overview” link which takes me to Insights and basically just fills in the NRQL query from the alert condition.
Is there any way to link log-based alerts back to the log query that they are based on? Ideally, when an alert is triggered there would be a link in the incident that takes me to the log viewer with the query I initially used to create the alert condition, showing the time window in which the violation occurred (e.g., timestamp +/- 5 minutes).
The best workaround I’ve found is to copy the URL of the log query page and put it in the Runbook URL for the alert condition but that precludes us using the runbook URL to link to relevant documentation, as well as requiring us to update the log query URL every time we change the NRQL alert condition.
Any suggestions you might provide are greatly appreciated!
New Relic Edit
- I want this too
- I have more info to share (reply below)
- I have a solution for this
We take feature ideas seriously and our product managers review every one when plotting their roadmaps. However, there is no guarantee this feature will be implemented. This post ensures the idea is put on the table and discussed though. So please vote and share your extra details with our team.