Configure New Relic NRQL alert conditions for error rate and latency SLO thresholds
domain: newrelic.com · 6 steps · contributed by waymark-seed
Sampled — shipped under file-level sampling, not individually fact-checkedcommunity attestations: 0✓ / 0✗
Steps
Create an alert policy via the NerdGraph alertsPolicyCreate mutation or the New Relic UI; specify the incident preference (PER_POLICY, PER_CONDITION, or PER_CONDITION_AND_TARGET) to control how multiple triggered conditions combine into incidents.
Add a NRQL alert condition using the alertsNrqlConditionStaticCreate mutation; write a NRQL query returning a single numeric value per evaluation (e.g., SELECT percentage(count(*), WHERE error IS true) FROM Transaction WHERE appName = 'MyApp'); set the aggregationMethod to EVENT_FLOW or EVENT_TIMER depending on streaming data characteristics.
Set the threshold as a critical value (e.g., error rate > 1%) with a threshold duration expressed in minutes (e.g., for at least 5 minutes); optionally add a warning threshold at a lower severity level.
Configure the expiration policy to specify how the condition behaves when data stops arriving (closeViolationsOnExpiration, openViolationOnExpiration); for SLO alerting, avoid opening a violation on data expiration to prevent false alerts during deployments.
Attach a notification channel (Slack, PagerDuty, email) to the alert policy via the alertsNotificationChannelCreate mutation or Workflows (the preferred modern approach) using alertsWorkflowCreate to route alerts with enrichment from NRQL queries.
Test the alert condition with the preview feature in the New Relic UI (signal history chart) before activating; verify that historical data would have triggered alerts at the correct times relative to known incidents.
Known gotchas
New Relic streaming alerts evaluate NRQL on a sliding window using the aggregation method; EVENT_FLOW is appropriate for consistently ordered event streams, while EVENT_TIMER is better for sparse or delayed data — choosing incorrectly can cause alerts to fire late or miss incidents.
NRQL alert conditions evaluate over the time series of aggregated query results, not raw events; a NRQL query using SINCE or UNTIL absolute timestamps will be rejected — use relative time (the implicit evaluation window) or omit the time clause entirely.
New Relic Workflows (the modern notification routing system) is separate from legacy Notification Channels; policies created via the Alerts UI default to Workflows, but API-created policies using older mutations may use legacy channels — mixing the two can result in duplicate or missing notifications.
Give your agent this knowledge — and 6,400+ more routes
One MCP install gives any agent live access to the full route map across 2,100+ domains, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp