When a policy condition violates a Critical (red) threshold, it can create an incident record with detailed information to help you respond efficiently. An incident is a collection of one or more violations. It includes all of the open and close timestamps for each violation. The incident record will include any Warning (yellow) violations which occurred after the opening Critical (red) threshold violation.
Notifications are sent to every notification channel on the policy when an incident opens, if and when an incident is acknowledged, and when an incident closes.
To select when alerts create incidents and how violations are grouped, use the Incident preference setting inside your policy. Then, to view the alerts policy violations (incident records), select the Incidents indexes.
Incident preference options
Each option for incident preference has its own advantages. You can select any option for any policy.
|By policy (default)||
Only one incident will be open at a time for the entire policy.
One incident will be open at a time for each condition in your policy.
|By condition and entity||
An incident will be created for every violation in your policy.
Select your incident preference
By default, a single incident record will be created for each policy.
To change the incident preference for the selected policy:
- In the one.newrelic.com top nav, click Alerts & AI, then click Policies, and then (select a policy).
- Click Incident preference, select your choice of available options, and then save.
Repeat these steps for each policy as needed.
Example: By policy (default)
By default, a single incident record will be created for each alert policy. If additional conditions are violated by any target after the incident opens, the violations are added to the same incident. Only one incident appears on your Incidents indexes for the selected policy.
Selecting the By policy preference is the most general option. All condition violations for every target will be accumulated into a single incident record.
Example: By condition
Selecting the By condition option is useful, for example, when you want an individual incident record to focus on a specific condition. If the policy has multiple conditions, separate incident records for each condition will appear on your Incidents indexes.
- If a target violates a condition for the alert policy, an incident record will be created.
- If the same target violates another condition for the alert policy, another incident record will be created.
- If additional targets violate the same condition after the incident opens, these violations will be added to the incident record already open for that condition.
Example: By condition and entity
Selecting the By condition and entity option is the most granular level for creating incident records. This is useful, for example, when you want to closely monitor anything that is occurring anywhere across your infrastructure. An incident will appear on your Incidents indexes for every violation that occurs within your policy.
For more help
Additional documentation resources include: