NRQL alert conditions set for cloud integrations causing delayed/ false violations
- NRQL Alerts
- Alerts for cloud integration
- The best way to set alerts on cloud integration data is by using Infrastructure alerts: Create alert conditions for Infrastructure integrations
- The general practice is to actually set the evaluation offset to at least 15 minutes on a NRQL alert condition that queries cloud integration data. This is to account for the delay in the AWS integration data.
NRQL alert conditions will evaluate the results of your query in one-minute slices, and by default, we look at data that's three minutes old. That three-minute offset is a safeguard to account for most instances of data latency. However, if some data from your integration takes more than 3 minutes to reach your account, that data is subsequently "missed" by our alerts evaluation system, as it will have a timestamp matching a point in time that's already been evaluated.