Returning attributes in NRQL alert queries

Hi all,

I’m currently working on an NRQL alert query to notify us whenever our logs pick up a 502 response. I’ve currently got the following query working as expected but I’m hoping to also pull out some attribute data so that I can better define which application the alert has come and by putting that information in the description.

SELECT count(*) FROM Log WHERE response = 502

Ideally I would be using a wildcard to select all available fields but I’m unable to get that working with the query. Is this possible or can I only return the count value?

Thanks in advanced for your help.

Hi, @sami1: NRQL alert conditions must return a single numeric result (otherwise, how can you set a threshold to trigger a violation)? You may, however, include one or more FACETs, which you may then pass to a custom violation description.

1 Like

That’s perfect! Thanks for your help Phil.