We recently introduced sliding window aggregation, a new method for alerts to aggregate metrics, smooth out visualizations, and alert on erratic or infrequent signals, including latency, traffic, errors, and saturation. This blog post shows you how to use sliding window aggregation to manage alerts more effectively.
First, let’s start with the basics: You create alert conditions in New Relic using NRQL queries. Advanced signal settings for the alert conditions give you options to better handle continuous and streaming data signals that might sometimes be missing.
We’ve expanded this functionality so you can precisely identify the source of an anomaly with minimal distractions. The window duration in the advanced signal settings for alert conditions is how the New Relic platform groups your data into intervals. A longer duration smooths out visualizations of choppy or less frequent signals, so it’s easier to spot trends in the data. You can use the new sliding window aggregation setting to gather data in overlapping time windows to smooth out the chart line.
Set your alert conditions to only find important trends, and let New Relic do the hard work of finding those trends for you. Sliding window aggregation uses faceted baseline conditions so you can:
-
- Create smoother charts through overlapping time-series data windows that are simple to control through an intuitive slide mechanism.
- Specify a time period from 1 to 120 minutes and use a NRQL query alert condition to filter the output based on average, min, max, and other values.
You control how New Relic aggregates the sliding windows in your NRQL query. For example, if you use specify average, you get the average over the sliding window.
Get started: Select your slide by interval
Want to get started with managing alerts more effectively with sliding window aggregation?
1. In one.newrelic.com, start by going to Alert conditions (Policies) under Alerts & AI to view your alerts and either edit an existing condition or set up a new condition.
2. Define your signal.
3. Set your condition thresholds.
4. Then select Fine-tune advanced signal settings > Data aggregation settings > Use sliding window aggregation to turn on sliding window aggregation, and set a slide-by interval.
Watch this video for a quick demo:
As an added benefit for more flexibility, we’ve raised the maximum window duration (the aggregation window) to 120 minutes. This increase in the maximum value is available across all NRQL alert conditions, not only sliding window aggregation.
Reminder: Build a buffer before you evaluate alerts
Keep in mind that since the alerts system only evaluates streaming data, you need to build an aggregation buffer before any violations will open on that condition. This means that if you set X as your aggregation window, for the first X minutes, no violations will trigger alerts.
As an example, imagine that you set up an alert condition using a 1-hour aggregation window and a 1-minute slide-by interval. When you save the condition, the first hour will be spent building an aggregation buffer of streamed data. No violations will trigger alerts in this first hour. After that point, the condition will behave normally. Every minute, it will have a fresh 60m of data to aggregate and evaluate.
