Alerts as a Notification Source Type
Alerts are one example of a notification source type, a component of the Coralogix infrastructure capable of sending notifications.
Supported alert subtypes
A notification source subtype adds an added layer of granularity to a notification source type. For alerts, a source subtype consists of three elements: an alert type, a condition, and status.
The following alert source subtypes are supported:
| Source | Type | Condition | Status | Description |
|---|---|---|---|---|
| Logs | LOGS_IMMEDIATE |
— | Triggered / Resolved | Alert immediately when a log of interest is detected. Docs |
| Logs | LOGS_THRESHOLD |
More than / Less than | Triggered / Resolved | Alert when the sum of logs crosses a predefined threshold. Docs |
| Logs | LOGS_RATIO_THRESHOLD |
More than / Less than | Triggered / Resolved | Alert when the ratio between two log queries reaches a set threshold. Docs |
| Logs | LOGS_TIME_RELATIVE_THRESHOLD |
More than / Less than | Triggered / Resolved | Alerts when a fixed ratio reaches a set threshold compared to a past time frame. Docs |
| Logs | LOGS_ANOMALY |
More than usual | Triggered / Resolved | Alert when a log crosses an AI-generated baseline. Docs |
| Logs | LOGS_NEW_VALUE |
— | Triggered | Alert on a newly detected value in a time series. Docs |
| Logs | LOGS_UNIQUE_COUNT |
More than | Triggered | Alert based on a unique value count per key. Docs |
| Metrics | METRIC_THRESHOLD |
More than / Less than / More than or equals / Less than or equals | Triggered / Resolved | Alert when a metric crosses a predefined threshold. Docs |
| Metrics | METRIC_ANOMALY |
More than usual / Less than usual/ | Triggered /Resolved | Alert when a metric crosses an AI-generated baseline. Docs |
| Tracing | TRACING_IMMEDIATE |
— | Triggered | Alert immediately when span duration exceeds a set latency. Docs |
| Tracing | TRACING_THRESHOLD |
More than | Triggered | Alert when trace latency crosses a predefined threshold. Docs |
| Flow | FLOW |
— | Triggered / Resolved | Alert when any combination of alerts occur in a specific sequence within a defined timeframe. Docs |
All supported alert notification source subtypes, consisting of EntityType and EntitySubType, can be found in the Alerts API.
Alerts notification source type schema
| Variable | Description |
|---|---|
| _context | Contains metadata about the context of the alert, including entity type, trigger details, and system information. |
| alert | Represents the alert details, including timestamp, ID, status, and group information. |
| alertDef | Defines the alert configuration, including name, description, groupings, incident settings, and priority. |
| alertDef.createdTime | The timestamp when the alert definition was created. |
| alertDef.description | A textual description of the alert definition. |
| alertDef.entityLabels | Labels associated with the alert definition (e.g., host, region). |
| alertDef.groupByKeys | List of keys by which the alert is grouped (e.g., host, region). |
| alertDef.id | The unique identifier of the alert definition. |
| alertDef.incidentSettings | Configuration related to incident settings (e.g., retriggering period). |
| alertDef.name | Name of the alert definition (e.g., "CPU Usage Alert"). |
| alertDef.priority | Priority level of the alert definition (e.g., P1). |
| alertDef.retriggeringPeriod | Time in minutes after which the alert can be retriggered. |
| alertDef.status | Current status of the alert definition. |
| alertDef.type | Type of the alert (e.g., "metricThreshold"). |
| alertDef.updatedTime | The timestamp when the alert definition was last updated. |
| alertDef.alertVersionId | The version ID associated with the alert definition. |
| alert.groups | List of alert groups associated with the alert (including priority and key-values). |
| alert.status | Status of each alert group (e.g., "Triggered"). |
| alert.priority | Priority level of the alert group (e.g., "P1"). |
| alert.groups[n].keyValues | Key-value pairs associated with the alert group; e.g., "team": "{{alert.groups[0].keyValues.resource.attributes.Team}}" or "service":"{{alert.groups[0].keyValues.coralogix.metadata.subsystemName}}" |
| alert.id | Unique identifier of the alert. Use it to create an alert URL in your notification; e.g., "alert_url": "https://teamname-prod.app.eu2.coralogix.com/#/alerts/{{alert.id}}" |
| alert.status | Current status of the alert (e.g., "Triggered"). |
| alert.timestamp | The timestamp indicating when the alert was triggered. |
| alertDef.incidentSettings.notifyOn | Notification setting for the alert definition (e.g., "Triggered"). |
| _context.entityLabels | Entity labels associated with the context (e.g., "host", "region"). |
| _context.entityType | The entity type related to the alert (e.g., "alerts"). |
| _context.entitySubType | The entity subtype, if any. |
| _context.system | Information about the system, including its ID and name. |
| _context.system.id | The system's unique identifier. |
| _context.system.name | The system's name (e.g., "gett-prod"). |
| _context.trigger | The trigger that initiated the alert. |
| _context.trigger.manualTrigger | Manual trigger details (e.g., user email). |
| _context.trigger.automaticTrigger | Automatic trigger details (if applicable). |
| _context.trigger.type | The type of trigger that initiated the alert (e.g., "manual"). |
| _context.trigger.manualTrigger.userEmail | The email address of the user who manually triggered the alert. |
Previous
Define a Destination
Define a Destination
Next
Alert Aggregation
Theme
Light
light
dark
Light
light
dark
User Guides
DataPrime
Integrations
OpenTelemetry
Developer Portal