Your data. Anywhere you go.

New Relic for iOS or Android


Download on the App Store    Android App on Google play


New Relic Insights App for iOS


Download on the App Store


Learn more

Close icon

Relic Solution: How to Use the Infrastructure Alerts REST API to Its Maximum Potential - Part 3: FACET More Than 500 Entities

facet
restapi
newrelic-infra
api
infra
rest
alerts
levelup
infrastructure

#1

In a continuation of our series about using the Infrastructure Alerts REST API to do things which cannot be done in the UI, I will be now be describing the ability to overcome the limit in NRQL alerts in which only up to 500 FACETs can be returned by a query. This is referenced in the documentation:

Use the FACET clause to separate your results by attribute and alert on each attribute independently. Faceted queries can return a maximum of 500 values.

What is a FACET anyway? It is the same as GROUP BY in standard SQL. The following blog post by Periscope Data has an excellent description under ’ A Brief Tutorial’:

Here is an example of FACETed data in New Relic:

The NRQL Alerts UI requires you to specify your FACET but the REST API will automatically FACET by the primary entity within the domain of the "event_type" you specify. In this case, SystemSample will automatically FACET by hostname.

In other posts in this series I have demonstrated REST API POST calls that create
alert conditions using a "where_clause" which contains a NRQL query. They look like this:

curl -X POST 'https://infra-api.newrelic.com/v2/alerts/conditions' \
     -H 'X-Api-Key:{admin_api_key}' -i \
     -H 'Content-Type: application/json' \
     -d \
'{
   "data":{
      "type":"infra_metric",
      "name":"Non-DB Memory Usage Percent",
      "enabled":true,
      "policy_id":{policy_id},
      "event_type":"SystemSample",
      "select_value":"(memoryUsedBytes/memoryTotalBytes*100)",
      "where_clause":"(`environment` = '\''prod'\'' AND `hostname` NOT LIKE '\''%DB%'\'')",
      "comparison":"above",
      "critical_threshold":{
         "value":95,
         "duration_minutes":10,
         "time_function":"all"
      },
      "warning_threshold":{
         "value":90,
         "duration_minutes":20,
         "time_function":"all"
      }
   }
}'

To verify that the call has worked, first observe the successful messaging returned by the API call and then visit the Infrastructure Alert condition you just created in the UI and observe the "where_clause" you used represented by a filter with the rest of the thresholds under it.

The great thing about using an API call like this is that if your "where_clause" returns more than 500 entities then there will be no problem. This is not the case if you create a NRQL alert so you will want to get comfortable with the REST API if this applies to you. Happy FACETing!

Here are the other workaround posts:

Part 1: Exclusion Filtering
Part 2: Composite Alert Conditions
Part 4: Cloud Integration Metrics & Evaluation Offset


Relic Solution: How to Use the Infrastructure Alerts REST API to Its Maximum Potential - Part 1: Exclusion Filtering
Relic Solution: How to Use the Infrastructure Alerts REST API to Its Maximum Potential - Part 2: Compound Alert Conditions
Relic Solution: How To Use The Infrastructure Alerts REST API to Its Maximum Potential - Part 4: Cloud Integration Metrics & Evaluation Offset