New terminology coming for Alerts!

Hi folks!

Very soon, we’ll be rolling out an entirely new way to respond to incidents using New Relic’s Applied Intelligence. As part of that change, we’ll be changing up the terminology we use, as well as adding a new concept. I’d like to introduce you to these changes now so that you can immediately start using the new system as soon as it’s released.

There are three terms I’d like to discuss with you today:

  • Incident
  • Issue
  • Event

This will all be in the context of Alerts and Applied Intelligence.

Wait a minute, I thought I knew what an Incident was?

In the past, violations rolled up into incidents, and incidents resulted in notifications. We’re about to change that.

Starting very soon, the smallest granularity for Alerts will be the Incident. This works no differently than a violation used to, but we wanted to align our terminology with the third-party ticketing systems used by a lot of our customers.

So … what we used to call violations will soon be called “incidents.”

OK, well, what’s an Issue, then?

In the past, violations would roll up into incidents.

The next higher granularity for Alerts will be the Issue. While these will behave a bit differently than what we used to call “incidents,” they are more or less the same in terms of the various moving parts in the Alerts system.

So … what we used to call incidents will be called “issues.”

Got it – how do Events fall into this schema?

Since we will now let you send alerting events from third-party tools to New Relic, and New Relic will treat them just like alerts that come from New Relic, we now track the count of “Events” that led to the incident opening.

You can see the Events column above, shown in the Incidents screen.

If an incident is opened from an alert or anomaly found via New Relic, you will see, at most, 2 events – one for the “incident open” event, and eventually one for the “incident closed” event.

However, some third-party tools do not keep track of state – these types of tools will send further “incident open” events as long as the symptom continues (Nagios is a great example of this). If you’ve integrated your third-party tool with New Relic, we will not open a whole bunch of incidents for the same problem; instead, we will check every event that comes in from your ticketing system to see if we already have an incident open for that entity and symptom. If we find a matching incident, we will simply roll up that event into the already-existing incident.

As an example, if you wind up getting 52 “incident open” events from Nagios for some specific symptom on a specific entity, New Relic will only open one incident, but will show 52 events in the “Events” column.

OK, I think I get it, but can you give me a quick summary?

Sure, how about this?

  • Events lead to incidents
  • Incidents detail symptoms
  • Issues are a collection of related symptoms that you respond to when there is a problem

I hope this helps understand the new terminology that we’re about to introduce. However, if you still have questions I encourage you to post them in this thread.

Happy alerting!