Ingest New Relic alerts into Log Service - - Alibaba Cloud Documentation Center

New Relic is an observability platform that is based on cloud computing and is designed to help you develop applications. You can use New Relic to integrate data, analyze data, and handle events at the earliest opportunity. You need only to configure a notification channel in the New Relic console and configure the webhook URL that is provided by the alert ingestion system of Log Service for the channel. This way, New Relic can send alerts to the alerting system of Log Service. Then, the alerting system processes the alerts, such as denoising the alerts and sending alert notifications.

Configure New Relic

Log on to the New Relic console.

Configure a notification channel.

In the top navigation bar, choose Alerts & AI > Notification channels.
Click New notification channel.

Configure the following parameters.


Parameter	Description
Select a channel type	The type of the notification channel. In this example, select Webhook.
Channel name	The name of the notification channel.
Base Url	In this example, enter the full URL of the webhook URL that is generated after you create an alert ingestion service and an alert ingestion application in the alert ingestion system of Log Service. For more information, see Obtain webhook URLs.
Use Custom Payload	The content of alerts. New Relic generates alerts based on the value of this parameter. For more information about the variables in New Relic alerts, see New Relic documentation. You must configure this parameter based on the following sample code. You must set all fields, except the labels and annotations fields, to the values of the fields in the following sample code. You can add other variables that are provided by New Relic but are not used to the labels or annotations field based on your business requirements. { "alert_instance_id": "$INCIDENT_ID", "alert_name": "$POLICY_NAME", "status": "$EVENT_STATE", "alert_time": "$TIMESTAMP", "fire_time": "$TIMESTAMP", "fire_result": "$TARGETS", "resolve_time": "$TIMESTAMP", "labels": { "metadata": "$METADATA" }, "annotations": { "desc": "$EVENT_DETAILS", "__account_id__": "$ACCOUNT_ID", "__account_name__": "$ACCOUNT_NAME", "__link_incident_acknowledge_url__": "$INCIDENT_ACKNOWLEDGE_URL", "__link_policy_url__": "$POLICY_URL", "__link_runbook_url__": "$RUNBOOK_URL", "__link_violation_callback_url__": "$VIOLATION_CALLBACK_URL", "__link_violation_chart_url__": "$VIOLATION_CHART_URL", "closed_violations_count_critical": "$CLOSED_VIOLATIONS_COUNT_CRITICAL", "closed_violations_count_warning": "$CLOSED_VIOLATIONS_COUNT_WARNING", "condition_description": "$DESCRIPTION", "condition_id": "$CONDITION_ID", "condition_name": "$CONDITION_NAME", "duration": "$DURATION", "event_type": "$EVENT_TYPE", "open_violations_count_critical": "$OPEN_VIOLATIONS_COUNT_CRITICAL", "open_violations_count_warning": "$OPEN_VIOLATIONS_COUNT_WARNING", "owner": "$EVENT_OWNER", "timestamp_utc_string": "$TIMESTAMP_UTC_STRING" }, "severity": "$SEVERITY", "drill_down_query": "$INCIDENT_URL" }

Apply an alert rule to the notification channel.
1. In the top navigation bar, choose Alerts & AI > Policies.
2. In the list of alert rules, find and click the alert rule that you want to use.
3. On the Notification channel tab, click Add notification channels.
4. Select the notification channel that you create.

New Relic alerts

The following sample code provides an example of a New Relic alert:

{
    "alert_instance_id": 123456,
    "alert_name": "wkbTest",
    "alert_time": 1629445629043,
    "fire_time": 1629445629043,
     "fire_results":
    [
        {
            "id": "Metric",
            "name": "cn-hangzhou_ecs.s6-c1m4.xlarge_123456789",
            "link": "https://insights.newrelic.com/accounts/123456/query?query=SELECT%20average%28%60host.diskUsedPercent%60%29%20FROM%20Metric%20FACET%20regionId%2C%20host.instanceType%2C%20%20entity.id%20TIMESERIES%201%20minute%20SINCE%20%272021-08-20%2001%3A48%3A08%27%20UNTIL%20%272021-08-20%2007%3A47%3A08%27",
            "labels":
            {
                "entity.id": "123456789",
                "host.instanceType": "ecs.s6-c1m4.xlarge",
                "regionId": "cn-hangzhou"
            },
            "product": "NRQL",
            "type": "Query"
        }
    ],
    "resolve_time": 1629445629043,
    "status": "open",
    "labels":
    {
        "metadata":
        {
            "evaluation_system_source": "Willamette"
        }
    },
    "annotations":
    {
        "owner": "",
        "open_violations_count_critical": 1,
        "closed_violations_count_critical": 0,
        "__link_policy_url__": "https://alerts.newrelic.com/accounts/123456/policies/123456",
        "__link_violation_chart_url__": "https://gorgon.nr-assets.net/image/1a2b3c4d-1234-abcd-1a2b-1a2b3c4d?config.legend.enabled=false",
        "condition_id": 123456,
        "duration": 476,
        "open_violations_count_warning": 0,
        "__account_name__": "Account 123456",
        "event_type": "INCIDENT",
        "__link_runbook_url__": null,
        "__link_violation_callback_url__": "https://insights.newrelic.com/accounts/123456/query?query=SELECT%20average%28%60host.diskUsedPercent%60%29%20FROM%20Metric%20FACET%20regionId%2C%20host.instanceType%2C%20%20entity.id%20TIMESERIES%201%20minute%20SINCE%20%272021-08-20%2001%3A48%3A08%27%20UNTIL%20%272021-08-20%2007%3A47%3A08%27",
        "timestamp_utc_string": "2021-08-20, 07:47 UTC",
        "__account_id__": 123456,
        "condition_description": "this is cond0",
        "__link_incident_acknowledge_url__": "https://alerts.newrelic.com/accounts/123456/incidents/123456/acknowledge",
        "closed_violations_count_warning": 0,
        "condition_name": "cond0",
        "desc": "Metric query result is > 0.0 on 'cond0'"
    },
    "severity": "CRITICAL",
    "drill_down_query": "https://alerts.newrelic.com/accounts/123456/incidents/123456",
    
}

Field mappings

After a New Relic alert is ingested into Log Service, the alert is converted to a Log Service alert based on field mappings. The following sample code provides an example of a Log Service alert:

{
    "aliuid": "aliuid1",
    "alert_instance_id": "123456",
    "alert_id": "NewRelic_wkbTest",
    "alert_type": "sls_pub",
    "alert_name": "test-alert",
    "region": "{The region of the project to which Alert Center belongs}",
    "project": "{The project to which Alert Center belongs}",
    "project_id": 0,
    "next_eval_interval": 0,
    "alert_time": 1629445629,
    "fire_time": 1629445629,
    "fire_results":
    [
        {
            "id": "Metric",
            "link": "https://insights.newrelic.com/accounts/123456/query?query=SELECT%20average%28%60host.diskUsedPercent%60%29%20FROM%20Metric%20FACET%20regionId%2C%20host.instanceType%2C%20%20entity.id%20TIMESERIES%201%20minute%20SINCE%20%272021-08-20%2001%3A48%3A08%27%20UNTIL%20%272021-08-20%2007%3A47%3A08%27",
            "name": "cn-hangzhou_ecs.s6-c1m4.xlarge_123456789",
            "product": "NRQL",
            "type": "Query"
        }
    ],
    "fire_results_count": 1,
    "resolve_time": 0,
    "status": "firing",
    "results": null,
    "labels":
    {
        "evaluation_system_source": "Willamette"
    },
    "annotations":
    {
        "__account_id__": "123456",
        "__account_name__": "Account 123456",
        "__config_app__": "sls_pub_alert",
        "__link_incident_acknowledge_url__": "https://alerts.newrelic.com/accounts/123456/incidents/123456/acknowledge",
        "__link_policy_url__": "https://alerts.newrelic.com/accounts/123456/policies/123456",
        "__link_violation_callback_url__": "https://insights.newrelic.com/accounts/123456/query?query=SELECT%20average%28%60host.diskUsedPercent%60%29%20FROM%20Metric%20FACET%20regionId%2C%20host.instanceType%2C%20%20entity.id%20TIMESERIES%201%20minute%20SINCE%20%272021-08-20%2001%3A48%3A08%27%20UNTIL%20%272021-08-20%2007%3A47%3A08%27",
        "__link_violation_chart_url__": "https://gorgon.nr-assets.net/image/1a2b3c4d-1234-abcd-1a2b-1a2b3c4d?config.legend.enabled=false",
        "__pub_alert_app__": "{The ID of the alert ingestion application}",
        "__pub_alert_protocol__": "newrelic",
        "__pub_alert_region__": "{The region of the endpoint to which the alert is sent}",
        "__pub_alert_service__": "{The ID of the alert ingestion service}",
        "condition_description": "this is cond0",
        "condition_id": "123456",
        "condition_name": "cond0",
        "desc": "Metric query result is > 0.0 on 'cond0'",
        "duration": "476",
        "event_type": "INCIDENT",
        "open_violations_count_critical": "1",
        "timestamp_utc_string": "2021-08-20, 07:47 UTC"
    },
    "severity": 10,
    "policy":
    {
        "alert_policy_id": "{The ID of the alert policy that is specified for the alert ingestion application}",
        "action_policy_id": "{The ID of the action policy that is specified for the alert ingestion application}",
        "use_default": false,
        "repeat_interval": "{The cycle that is specified for the alert ingestion application}"
    },
    "template": null,
    "drill_down_query": "https://alerts.newrelic.com/accounts/123456/incidents/123456"
}


Log Service	New Relic	Description
aliuid	None	The ID of the Alibaba Cloud account to which the alert ingestion application belongs.
alert_id	None	The ID of the alert monitoring rule. The value of the alert_id field is in the NewRelic_${alert_name} format. ${alert_name} indicates the name of the alert monitoring rule.
alert_instance_id	alert_instance_id	The ID of the alert.
alert_type	None	The type of the alert. The value is fixed as sls_pub.
alert_name	alert_name	The name of the alert monitoring rule.
status	status	The status of the alert. If the value of the status field in the New Relic alert is open or acknowledged, the value of the status field in the Log Service alert is firing. If the value of the status field in the New Relic alert is resolved, the value of the status field in the Log Service alert is resolved.
next_eval_interval	None	The interval for alert evaluation. The value is fixed as 0.
alert_time	alert_time	The time at which the alert is triggered.
fire_results	fire_results	The query parameters and intermediate results of the alert. The value of this field is of the array type. In the value of the fire_results field in the New Relic alert, if the value of an element is not a string, the key-value pair that corresponds to this element is deleted. Other key-value pairs are added to the fire_results field in the Log Service alert.
fire_results_count	None	The number of elements in the value of the fire_results field.
fire_time	fire_time	The time at which the alert is first triggered.
resolve_time	resolve_time	The time at which the alert is cleared. If the value of the status field is firing, the value of the resolve_time field in the Log Service alert is the same as the value of the resolve_time field in the New Relic alert. If the value of the status field is resolved, the value of the resolve_time field is 0.
labels	labels	The labels of the alert. All the key-value pairs of the metadata field in the New Relic alert are added to the labels field in the Log Service alert. In the New Relic alert, the labels field may contain unused fields whose values are not null. These fields are added to the labels field in the Log Service alert.
annotations	annotations	The annotations of the alert. After the New Relic alert is ingested into Log Service, the following fields are added to the annotations field in the Log Service alert: desc: the description of the alert content. This field corresponds to the desc field in the New Relic alert. In the New Relic alert, the annotations field may contain unused fields whose values are not null. These fields are added to the annotations field in the Log Service alert.
severity	severity	The severity of the alert. The following list describes the severity mappings between New Relic and Log Service alerts: CRITICAL: Critical WARNING: High INFO: Report Note If no severity is specified in the New Relic alert, the severity of the Log Service alert is Medium.
policy	None	The alert policy that is specified for the alert ingestion application. For more information, see Description of the policy variable.
project	None	The project to which Alert Center belongs. For more information, see Project.
drill_down_query	drill_down_query	The URL of the page on which you can manage the New Relic alert.