New Relic create alert based on custom events

Question

We report custom events to New Relic using their API https://docs.newrelic.com/docs/insights/event-data-sources/custom-events/apm-report-custom-events.

Is there a way to create an alert if there is more than X amount of these custom events in a certain time frame.

SELECT count(*) FROM `event_name` WHERE `field` = 'OFAC' SINCE 30 minutes ago

I am getting an error saying: Invalid clauses in alert conditions: SINCE

Note event_name and field are replaced with the string.

Answer 1

use a nrql alert?

Get your nrql query then remove the Since 30 minutes

SELECT function(attribute) FROM Event WHERE attribute [comparison] [AND|OR ...]

e.g

nrql_query = "FROM K8sVolumeSample SELECT latest(fsUsedPercent) FACET podName, 
volumeName, pvcName WHERE clusterName IN ('cluster-prod') "

https://docs.newrelic.com/docs/alerts-applied-intelligence/new-relic-alerts/alert-conditions/create-nrql-alert-conditions

We use them via terraform. The docs give a good example https://registry.terraform.io/providers/newrelic/newrelic/latest/docs/resources/nrql_alert_condition

The same query you use for a dashboard you can use for an alert. For dashboard SELECT count(*) FROM event_name WHERE field = 'OFAC' TIMESERIES SINCE 30 minutes ago or something similar

e.g For a count example - to get the count for unique k8 objects

SELECT uniqueCount(K8sNodeSample.entityId) AS 'Nodes', 
uniqueCount(K8sNamespaceSample.clusterName) AS 'Clusters', 
uniqueCount(K8sNamespaceSample.entityId) AS 'Namespaces', 
uniqueCount(K8sDeploymentSample.entityId) AS 'Deployments', 
uniqueCount(K8sPodSample.entityId) AS 'Pods', 
uniqueCount(K8sContainerSample.containerID) AS 'Containers' FROM 
K8sNodeSample, K8sNamespaceSample, K8sDeploymentSample, K8sPodSample, 
K8sContainerSample  WHERE clusterName IN ('cluster-prod')