Your data. Anywhere you go.

New Relic for iOS or Android

Download on the App Store    Android App on Google play

New Relic Insights App for iOS

Download on the App Store

Learn more

Close icon

Sending Alerts data to Insights



@NateHeinrich That is fantastic news! I’ll definitely reply to the other thread. Thanks!!


Would have been super helpful to supply that JSON as text in addition to the screen grab!

EDIT: I take that back. When you click “Use Custom Payload” it is automatically populated with most of the JSON.


This is a great solution @philweber As part of this, is it possible to have a widget to show incidents that have been open for 60mins or more …? The widgets in the example are great, but having this extra widget would be good from an OLA/SLA perspective.


Hi, @LAMBERT: I’m not sure how you would do that. Alerts sends one event when an incident opens, and another when it is closed; I don’t know how to write a query that says, “Show me all incidents that were opened more than 60 minutes ago, and for which there is no corresponding close event.”

The closest I can come up with is this:

SELECT latest(timestamp), latest(current_state), 
  latest(account_name), latest(policy_name), 
  latest(condition_name), latest(details) 
FROM Alert 
FACET incident_id SINCE 1 hour ago

This will show you the most recent event for each incident; you may sort the resulting table by current_state to see which ones are still open.

Create a Dashboard for Violations which are open RIGHT NOW which updates as violations are closed

Hi @philweber. That looks like a great insights dashboard to display the alert metrics and details.

Would you be able to provide the insights queries you used to build this dashboard? Have been playing around and can’t get it to work correctly.

Thanks :slight_smile:


Sure, @DBarkho:

Incidents by Policy:
SELECT count(*) FROM Alert FACET policy_name

Incidents by Condition:
SELECT count(*) FROM Alert FACET condition_name

Incident Details:
SELECT timestamp, incident_id, policy_name, condition_name, details, severity FROM Alert

The procedure for adding click-to-filter is described in this post:

Query used for 'Recent alerts' dashboard?
Alerts Policy and Alert configuration


This is something which surely helps us.
However i would like to know if we will be able to display “targets” in the incident details query, when i try it states no value.
Basically along with alert details i would need to capture the target server which raised the raised.



We’re over 1.5 years from the original date of this post. Is there still not an integrated approach to getting Alert data into Insights? Or do we still have to set up each policy to send to a custom webhook? I thought this was on someone’s roadmap? :wink: @NateHeinrich


Hey there @tstansell - Yep. We hear you! This is still the best workaround, though I acknowledge it is not ideal. I know you can understand that we just can’t get every issue addressed all the time. We have to make choices. Sorry this one is impacting you, but hopefully some of our other awesome new Alerts features lessen the pain? :slight_smile:


What is the JSON string to see the application name that violated the threshold?


Hello I am not receiving any data on the Targets field, other customer fields get populated. Would anyone know why ?


The targets field is in an array. You will need a way to flatten them so you can send it to insights.


Hi, @philweber Thank you for your post :slight_smile: I have a question for you:

Scenario: I created one NRQL alert, but the condition was violated and the incident was opened few hours ago, the details of the incident got sent to New Relic Insights.

Question: Is there a way that I can use NRQL to check if the incident current state is still opening now?

Thank you!


Hi, @Yiqian_Qin: If you know the incident ID, you can use this query to retrieve the current state:

SELECT latest(timestamp), latest(current_state), 
  latest(account_name), latest(policy_name), 
  latest(condition_name), latest(details) 
FROM Alert 
WHERE incident_id  = [the id]


Have you implemented this before ? Any suggestions ?


How can I include the ‘opened_at’ and ‘closed_at’ properties of the alert in the custom payload sent to Insights. I tried { “start”: “$OPENED_AT”, “end”: “$CLOSED_AT”} with no luck.


HI, @alex.tulikumwenayo: There are no ‘opened_at’ or ‘closed_at’ properties. New Relic Alerts generates separate events when an incident is opened or closed; the value ‘open’ or ‘closed’ is passed in the $EVENT_STATE attribute.


Thank you @philweber. How can I include the duration of the violation?


I don’t think you can.


Can I send vía payload the affected server of the alert?
I’m using Infrastructure product. I want to facet the chart by affected server.