NRQL not triggering alert

Hello,
Following query does not trigger alert.
SELECT filter(count(*), WHERE status =‘RUNNING’) FROM KafkaConnectStatusEvent
The aggregate window is 15 min and Offset window is 15 min.
The link to the alert policy is
https://one.newrelic.com/-/0DvwBvkPPwp

@swaminathan.rajagop1 It looks like there is an incident open for that policy here https://onenr.io/0YBR6G7p2jO. It has been open for 7 days. Another incident won’t open (which is what will send the notification) until that one is closed.

For an incident to close automatically the opposite of the critical threshold has to be true. Currently the condition shows the data have to be above 0 for 15 min. The data will have to drop to or below 0 for 15 min for the incident to close. Herein lies the problem.

New Relic used to insert synthetic zeroes as a result for some queries, but ever since Streaming Alerts for NRQL conditions was introduced, synthetic zeroes are no longer inserted (the rules for when they were inserted was obtuse and opaque, so now you get exactly what the query returns).

Take a look at this article, that will explain why count() and uniqueCount() will never return a value of 0. The article also goes into a couple of possible solutions depending on your use-case – these are new features which were also released with the Streaming Alerts Platform.

What I would recommend with this condition (and possibly others like it) is to set up a Loss of Signal (LoS) for the same duration as the threshold, and configure it to Close all open violations when met. This will result in violations that close automatically, as you’d expect them to.

2 Likes