Incident BOARD needed - Help requested

Hi New Relic.

I would need some help advice from your team or associates if possible.
We are trying to create a dashboard containing the incidents that appeared within a time interval (24h, 7days, or more if possible).
We have found a solution that seemed to be the right one, but we got stuck in the end.
I have tried several NRQL queries but were not showing the result we needed.

After some research we reached to this link: Sending Alerts data to Insights
We have followed each step of the link above (created the Insert Key, used the link with the ACCOUNT ID, created the WEBHOOK as requested, used the customized JSON payload as described there).
My question would be… Where should I see the desired results more specific? Because in insights I don’t see any dashboard as it should after following the steps from Sending Alerts data to Insights

Thank you in advance.

Pentalog Team

Hi @csamoila - the first step is to double/triple check that you have the alerts data going to insights.

Could you go to the Chart Builder and try to run a query:

SELECT * FROM alert SINCE 1 WEEK AGO

This Query relies on your event name (configured in the webhook JSON) being named ‘alert’, adjust this query to use the event name you chose instead.

If you are getting data in the results of that query, then you can build a dashboard for that. The Dashboard is not automatically created for you.

The dashboard shown in the screenshot of this topic uses queries like below:

SELECT count(*) FROM alert SINCE 1 DAY AGO FACET policy_name
SELECT count(*) FROM alert SINCE 1 DAY AGO FACET condition_name
SELECT timestamp, incident_id, policy_name, condition_name, details, severity FROM alert SINCE 1 DAY AGO

IF you are not getting any data from any of these queries, then you will need to double/triple check the Webhook URL you are using is correct for the Insights Insert API URL. And also that your Insert Key is correct, and is correctly configured as a custom webhook header.

Hi Ryan,

Thank you for your response first of all.
We have tried to run the first query, and the results were not the one that we expected. (SELECT * FROM alert SINCE 1 WEEK AGO - we tried increasing the number of weeks, but same result)
“* No events found – do you have the correct event type and time range?”

We did have incidents in the last days, so the result is not correct.

I have checked the webhook and rechecked each step from … but I couldn’t find anything suspicious.

Do we need to replace any of these variables from the custom payload JSON with some values?
image
Or where are these read from?

Is there someone from the NewRelic support that can have a look and modify if necessary, if we are providing the account ID where we try to get this dashboard?

Thanks,

Pentalog team.

Hi @csamoila

The New Relic Support team can not make any modifications in your account. They can only guide you on the modifications that you can make.

I think I see the issue here though.

In your JSON payload you are using event_type. Instead of that you should use eventType.

You can simply swap out your JSON payload for the Webhook configuration with this:

{
  "eventType": "alert",  
  "account_id": "$ACCOUNT_ID",
  "account_name": "$ACCOUNT_NAME",
  "condition_description": "$DESCRIPTION",
  "condition_family_id": "$CONDITION_FAMILY_ID",
  "condition_name": "$CONDITION_NAME",
  "current_state": "$EVENT_STATE",
  "details": "$EVENT_DETAILS",
  "duration": "$DURATION",
  "incident_acknowledge_url": "$INCIDENT_ACKNOWLEDGE_URL",
  "incident_id": "$INCIDENT_ID",
  "incident_url": "$INCIDENT_URL",
  "owner": "$EVENT_OWNER",
  "policy_name": "$POLICY_NAME",
  "policy_url": "$POLICY_URL",
  "runbook_url": "$RUNBOOK_URL",
  "severity": "$SEVERITY",
  "targets": "$TARGETS",
  "timestamp": "$TIMESTAMP"
}

Following that, once you have active alert incidents, you will see those in the NRQL query bar by searching:

SELECT * FROM alert SINCE 3 DAYS AGO

(Note that these events will populate as they happen. Historic alerting events will not appear in the NRQL results).

Thanks a lot for your help Ryan. The “eventType” typo from the payload was the mistake here.
I will try to create the necessary queries.
Have a great day ahead!

1 Like

Cheers @csamoila

Glad that helped :smiley: