Specify when alerts create incidents

When a policy condition violates a Critical (red) threshold, it can create an incident record with detailed information to help you respond efficiently. An incident is a collection of one or more violations. It includes all of the open and close timestamps for each violation. The incident record will include any Warning (yellow) violations which occurred after the opening Critical (red) threshold violation.

Notifications are sent to every notification channel on the policy when an incident opens, if and when an incident is acknowledged, and when an incident closes.

To select when alerts create incidents and how violations are grouped, use the Incident preference setting inside your policy. Then, to view the alerts policy violations (incident records), select the Incidents indexes.

Incident preference options

Each option for incident preference has its own advantages. You can select any option for any policy.

Incident preference Comments
By policy (default)

Only one incident will be open at a time for the entire policy.

  • Fewest number of notifications
  • Requires immediate action and closing the incidents to be effective
By condition

One incident will be open at a time for each condition in your policy.

  • More notifications
  • Useful for policies containing conditions that focus on entities that perform the same job; for example, hosts that all serve the same application(s)
By condition and entity

An incident will be created for every violation in your policy.

  • The most notifications
  • Useful if you need to be notified of every violation or if you have an external system where you want to send alert notifications

Select your incident preference

By default, a single incident record will be created for each policy.

040315incident-pref.png
one.newrelic.com > Alert & AI > Policies > (select a policy): The selected policy page shows how alerts rolls up incidents for alert notifications and UI details. (Default is By policy). To choose a different option for this policy, click Incident preference.

To change the incident preference for the selected policy:

  1. In the one.newrelic.com top nav, click Alerts & AI, then click Policies, and then (select a policy).
  2. Click Incident preference, select your choice of available options, and then save.

Repeat these steps for each policy as needed.

Example: By policy (default)

Alert policy incident preferences
When you select the default (By policy) as your incident preference, it will group all condition violations into the same incident.

By default, a single incident record will be created for each alert policy. If additional conditions are violated by any target after the incident opens, the violations are added to the same incident. Only one incident appears on your Incidents indexes for the selected policy.

Selecting the By policy preference is the most general option. All condition violations for every target will be accumulated into a single incident record.

Example: By condition

Alert policy incident preferences
When you select By condition as your incident preference, it will group all violations by any target for a specific condition into separate incidents.

Selecting the By condition option is useful, for example, when you want an individual incident record to focus on a specific condition. If the policy has multiple conditions, separate incident records for each condition will appear on your Incidents indexes.

  • If a target violates a condition for the alert policy, an incident record will be created.
  • If the same target violates another condition for the alert policy, another incident record will be created.
  • If additional targets violate the same condition after the incident opens, these violations will be added to the incident record already open for that condition.

Example: By condition and entity

Alert policy incident preferences
When you select By condition and entity as your incident preference, it will not group violations at all. A new incident will be created for every violation that occurs in your policy.

Selecting the By condition and entity option is the most granular level for creating incident records. This is useful, for example, when you want to closely monitor anything that is occurring anywhere across your infrastructure. An incident will appear on your Incidents indexes for every violation that occurs within your policy.

For more help

Additional documentation resources include:

If you need more help, check out these support and learning resources: