Platform Architecture
New Relic's architecture centers on a single telemetry database — NRDB (New Relic Database) — that ingests metrics, events, logs, and traces (MELT) into one unified store. Every piece of telemetry is queryable via NRQL, and every visualization is backed by a NRQL query you can inspect and modify.
New Relic Platform Architecture
flowchart TD
A[Applications & Services] --> B[New Relic Agents / OTel SDK]
B --> C[New Relic Telemetry Data Platform — NRDB]
C --> D[APM]
C --> E[Infrastructure]
C --> F[Logs]
C --> G[Synthetics]
C --> H[Browser & Mobile]
C --> I[Alerts & AI]
C --> J[Dashboards]
style A fill:#3B9797,color:#fff
style B fill:#132440,color:#fff
style C fill:#BF092F,color:#fff
style D fill:#16476A,color:#fff
style E fill:#16476A,color:#fff
style F fill:#16476A,color:#fff
style G fill:#16476A,color:#fff
style H fill:#16476A,color:#fff
style I fill:#16476A,color:#fff
style J fill:#16476A,color:#fff
The entity-centric model means everything in New Relic — hosts, services, containers, Lambda functions, browser apps — is an "entity" with a unique GUID. Entities have relationships (e.g., service A calls service B), enabling automatic service maps and dependency visualization without manual configuration.
Single Data Store: Unlike platforms that have separate backends for metrics, logs, and traces, New Relic stores all telemetry in NRDB. This means you can correlate a log line with a trace span with a metric — all in a single NRQL query. No context switching between tools.
NRQL — The Query Language
NRQL (New Relic Query Language) is a SQL-like language purpose-built for querying time-series telemetry data. Every chart, alert condition, and dashboard widget in New Relic is powered by NRQL — making it the single most important skill for New Relic users.
Basic Queries
# Average response time for a service
SELECT average(duration) FROM Transaction
WHERE appName = 'checkout-service' SINCE 1 hour ago
# Error rate by endpoint
SELECT percentage(count(*), WHERE error IS true) FROM Transaction
FACET request.uri SINCE 30 minutes ago
# Request throughput over time
SELECT rate(count(*), 1 minute) FROM Transaction
TIMESERIES 1 minute SINCE 1 hour agoAdvanced NRQL Patterns
# Compare current performance with last week
SELECT average(duration) FROM Transaction
WHERE appName = 'checkout-service'
SINCE 1 hour ago COMPARE WITH 1 week ago
# Funnel analysis — conversion tracking
SELECT funnel(session,
WHERE pageUrl LIKE '%/products%' AS 'Browse',
WHERE pageUrl LIKE '%/cart%' AS 'Add to Cart',
WHERE pageUrl LIKE '%/checkout%' AS 'Checkout',
WHERE pageUrl LIKE '%/confirmation%' AS 'Purchase')
FROM PageView SINCE 1 week ago
# Percentile distribution
SELECT percentile(duration, 50, 90, 95, 99) FROM Transaction
WHERE appName = 'api-gateway' SINCE 1 hour ago
# Histogram of response times
SELECT histogram(duration, 10, 20) FROM Transaction
WHERE appName = 'payment-service' SINCE 1 hour ago
# Unique count with filtering
SELECT uniqueCount(userId) FROM Transaction
WHERE httpResponseCode >= 500
FACET appName SINCE 1 day ago LIMIT 20
Everything Is Queryable: In New Relic, every visualization you see is backed by a NRQL query. Click any chart → "View query" to see and modify the underlying NRQL. Alert conditions are NRQL queries. Dashboard widgets are NRQL queries. This consistency means learning one language unlocks the entire platform.
NRQL Key Clauses
| Clause | Purpose | Example |
|---|---|---|
SELECT |
Aggregation or raw attribute selection | SELECT average(duration) |
FROM |
Event type (data source) | FROM Transaction, Log, Metric |
WHERE |
Filter conditions | WHERE error IS true |
FACET |
Group by (like SQL GROUP BY) | FACET host, appName |
TIMESERIES |
Time-bucketed results | TIMESERIES 5 minutes |
SINCE / UNTIL |
Time window | SINCE 1 hour ago UNTIL 30 minutes ago |
COMPARE WITH |
Period-over-period comparison | COMPARE WITH 1 week ago |
LIMIT |
Result count limit | LIMIT 25 |
APM & Distributed Tracing
New Relic APM provides deep application-level visibility with automatic instrumentation for major languages. Once an agent is installed, you immediately get transaction traces, error analytics, service maps, and distributed tracing — all queryable via NRQL.
Supported Languages
| Language | Agent | Auto-Instrumentation | Key Frameworks |
|---|---|---|---|
| Java | newrelic-java | Yes (bytecode) | Spring Boot, Tomcat, gRPC, Kafka |
| .NET | newrelic-dotnet | Yes (CLR profiler) | ASP.NET Core, WCF, Entity Framework |
| Node.js | newrelic (npm) | Yes (module wrapping) | Express, Fastify, Koa, Next.js |
| Python | newrelic (pip) | Yes (monkey-patching) | Django, Flask, FastAPI, Celery |
| Ruby | newrelic_rpm (gem) | Yes | Rails, Sinatra, Sidekiq |
| Go | go-agent | Manual (wrappers) | net/http, gRPC, Gin, Echo |
| PHP | newrelic-php5 | Yes (extension) | Laravel, Symfony, WordPress |
Agent Configuration
# newrelic.yml — Java Agent Configuration
common: &default_settings
license_key: 'YOUR_LICENSE_KEY'
app_name: checkout-service
agent_enabled: true
distributed_tracing:
enabled: true
transaction_tracer:
enabled: true
transaction_threshold: apdex_f
record_sql: obfuscated
explain_enabled: true
explain_threshold: 0.5
error_collector:
enabled: true
ignore_classes:
- 'com.example.ExpectedBusinessException'
ignore_status_codes: '404'
browser_monitoring:
auto_instrument: true
custom_insights_events:
enabled: true
max_samples_stored: 30000
labels:
environment: production
team: payments
region: us-east-1Key APM Features
- Service Maps — Automatically generated topology showing service dependencies, throughput, and error rates between entities
- Transaction Traces — Detailed breakdown of slow transactions showing time spent in each segment (database, external calls, code)
- Error Analytics — Grouped errors with stack traces, occurrence counts, impacted users, and error fingerprinting
- Distributed Tracing — End-to-end trace visualization across services with W3C Trace Context propagation
- Vulnerability Management — Automatic detection of known CVEs in application dependencies
Infrastructure & Logs
New Relic Infrastructure provides host-level metrics, process monitoring, and cloud integration data. The infrastructure agent runs on hosts and forwards system metrics, while cloud integrations pull data from AWS, Azure, and GCP APIs.
Infrastructure Agent Configuration
# /etc/newrelic-infra.yml
license_key: YOUR_LICENSE_KEY
display_name: checkout-prod-01
enable_process_metrics: true
# Custom attributes for filtering
custom_attributes:
environment: production
team: platform
region: us-east-1
cluster: checkout-primary
# Log forwarding configuration
logging:
level: info
forward: true
include_filters:
- name: app-logs
file: /var/log/app/*.log
attributes:
logtype: application
- name: nginx-access
file: /var/log/nginx/access.log
attributes:
logtype: nginx
pattern: '.*"(GET|POST|PUT|DELETE).*'
# Kubernetes integration
integrations:
- name: nri-kubernetes
env:
CLUSTER_NAME: checkout-prod
KUBE_STATE_METRICS_URL: http://kube-state-metrics.kube-system:8080
interval: 15s
Logs in Context: When the APM agent and infrastructure agent are both installed, New Relic automatically correlates log lines with the specific transaction and span that generated them. Click any error in APM → see the exact logs produced during that request. No manual correlation IDs needed — the agent injects
trace.id and span.id into log metadata automatically.
Querying Infrastructure Data
# Top 10 hosts by CPU utilization
SELECT average(cpuPercent) FROM SystemSample
FACET hostname SINCE 30 minutes ago LIMIT 10
# Disk space running low
SELECT latest(diskUsedPercent) FROM StorageSample
WHERE diskUsedPercent > 80
FACET hostname, mountPoint SINCE 5 minutes ago
# Container memory usage in Kubernetes
SELECT average(memoryUsedBytes / memoryLimitBytes * 100)
AS 'Memory %' FROM K8sContainerSample
FACET containerName, podName
WHERE clusterName = 'checkout-prod' SINCE 15 minutes ago
# Log pattern analysis
SELECT count(*) FROM Log
WHERE message LIKE '%ERROR%'
FACET message SINCE 1 hour ago LIMIT 20Synthetic Monitoring
New Relic Synthetics proactively monitors endpoints and user workflows from global locations. Unlike reactive APM monitoring (which waits for real traffic), synthetics continuously validate availability and performance — catching issues before users encounter them.
Monitor Types
| Monitor Type | Use Case | Execution | Example |
|---|---|---|---|
| Ping | Simple availability check | HTTP HEAD/GET request | Verify homepage returns 200 |
| Simple Browser | Page load performance | Real Chrome browser | Measure time-to-interactive for landing page |
| Scripted Browser | Multi-step user workflows | Selenium WebDriver (Node.js) | Login → search → add to cart → checkout |
| Scripted API | API endpoint validation | Node.js with http module | POST /api/auth → GET /api/orders → validate response schema |
| Step Monitor | No-code browser workflows | Point-and-click builder | Visual workflow builder for non-developers |
| Certificate Check | SSL/TLS certificate monitoring | Certificate inspection | Alert 30 days before certificate expiry |
| Broken Links | Link validation | Crawl and verify all links | Find 404s across your marketing site |
Private Locations
For internal services not accessible from the public internet, deploy Synthetics Job Managers (containerized runners) inside your VPC. These execute monitors from within your network, enabling synthetic monitoring of internal APIs, staging environments, and private endpoints.
# Deploy Synthetics Job Manager via Docker
docker run -d \
--name synthetics-job-manager \
-e PRIVATE_LOCATION_KEY="YOUR_PRIVATE_LOCATION_KEY" \
-e MINION_LOG_LEVEL=INFO \
-v /var/run/docker.sock:/var/run/docker.sock \
-p 8080:8080 \
newrelic/synthetics-job-manager:latestAlerting & AI
New Relic's alerting system is built entirely on NRQL — every alert condition is a NRQL query with threshold logic. Combined with AI-powered incident intelligence, it reduces alert noise and accelerates root cause analysis.
Alert Condition Types
| Condition Type | Trigger Logic | Best For |
|---|---|---|
| NRQL Static | Value crosses fixed threshold | Error rate > 5%, latency > 2s |
| NRQL Baseline | Value deviates from learned baseline | Traffic anomalies, unexpected drops |
| NRQL Outlier | One group deviates from peers | One host's CPU spiking while others are normal |
| APM Condition | Apdex, throughput, or error rate | Service health degradation |
| Synthetic Failure | Monitor fails from N locations | Endpoint availability from multiple regions |
| Infrastructure | Host metric crosses threshold | Disk > 90%, host not reporting |
NRQL Alert Example
# Alert: Error rate exceeds 5% for 5 minutes
SELECT percentage(count(*), WHERE error IS true)
FROM Transaction
WHERE appName = 'checkout-service'
# Threshold: Critical > 5, Warning > 2
# Window: 5 minutes
# Evaluation offset: 3 minutes (data lag buffer)
# Alert: P95 latency anomaly (baseline condition)
SELECT percentile(duration, 95) FROM Transaction
WHERE appName = 'api-gateway'
# Baseline direction: Upper only
# Deviation: 3 standard deviations above predicted value
AI-Powered Root Cause Analysis: New Relic's Applied Intelligence automatically correlates related alerts into unified incidents, identifies probable root causes by analyzing entity relationships and temporal proximity, and suggests relevant dashboards. When multiple services alert simultaneously, AI groups them into one incident rather than flooding on-call with dozens of independent pages.
Incident Intelligence Workflow
- Signal detection — NRQL conditions evaluate continuously and open violations
- Correlation — AI groups related violations into a single incident based on topology, timing, and historical patterns
- Enrichment — Incident is enriched with recent deployments, related changes, and entity metadata
- Notification — Routed to appropriate team via PagerDuty, Slack, email, or webhook
- Root cause suggestion — AI highlights the most likely causal entity and related anomalies
Pricing & Free Tier
New Relic's pricing model is uniquely simple: you pay for data ingest (per GB) and user seats. There are no per-host, per-container, or per-span charges — making it highly predictable for dynamic, containerized environments.
Pricing Tiers
| Tier | Data Ingest | Full Platform Users | Key Features |
|---|---|---|---|
| Free | 100 GB/month | 1 full user (unlimited basic) | All platform features, no credit card required |
| Standard | 100 GB free + $0.30/GB | $99/user/month | Up to 5 full users, 8-day data retention |
| Pro | 100 GB free + $0.30/GB | $349/user/month | SAML SSO, data retention options, SLA |
| Enterprise | 100 GB free + $0.30/GB | $549/user/month | HIPAA, FedRAMP, vulnerability management, priority support |
Cost Optimization Strategies
- Drop filter rules — Create ingest-time rules that discard known noisy data (health checks, debug logs) before it counts against your GB quota
- Sampling strategies — Use tail-based sampling for distributed traces (keep errors + slow, sample routine); reduces trace data by 80-90%
- Metric aggregation rules — Roll up high-cardinality metrics into lower-cardinality summaries at ingest; original data dropped, aggregates retained
- Basic vs. full users — Assign "basic" (free) user type to team members who only need dashboards and alerts; reserve "full platform" seats for engineers who query and build
- Data Plus add-on evaluation — At $0.50/GB, Data Plus provides 90-day retention, HIPAA compliance, and higher query limits; calculate break-even vs. standard + custom archival
Data Ingest Is the Primary Cost Driver: Unlike Datadog's per-host pricing, New Relic charges purely by data volume. This makes Kubernetes environments cheaper (no per-pod billing) but means verbose logging or high-cardinality metrics can spike costs. Monitor your ingest with:
SELECT rate(sum(GigabytesIngested), 1 day) FROM NrConsumption FACET usageMetric SINCE 7 days ago
When to Choose New Relic
New Relic: Strengths & Limitations
Strengths
- Generous free tier — 100 GB/month with full platform access; enough for small teams or startups to run production observability at zero cost
- NRQL unifies everything — One query language for metrics, logs, traces, events, and custom data; no tool-switching
- Predictable pricing — Per-GB model avoids per-host/per-container surprises in dynamic environments
- Entity-centric model — Automatic relationship mapping between services, hosts, and cloud resources
- OpenTelemetry native — First-class OTel support; ingest OTLP directly without proprietary agents
- Full-stack in one platform — APM, infrastructure, logs, synthetics, browser, mobile, and security in a single UI
Limitations
- User seat costs — Full platform users at $349-549/month can add up for large engineering teams
- Data retention — Standard tier defaults to 8 days; longer retention requires Pro/Enterprise or Data Plus
- Learning curve — NRQL mastery required to unlock full value; basic users may underutilize the platform
- No self-hosted option — All data ingested into New Relic's SaaS; regulated industries may face compliance friction
- Alert UX complexity — Policies, conditions, workflows, and destinations create a multi-layer config that confuses newcomers
Best For
- Teams wanting full-stack observability without per-host billing surprises
- Startups and small teams leveraging the free tier for production monitoring
- Kubernetes-heavy environments where per-container pricing is prohibitive elsewhere
- Organizations standardizing on OpenTelemetry who want a managed backend
- Engineering teams that value query-driven exploration over pre-built dashboards