Coralogix Reporter

Coralogix reporter allows you to automate the generation of a periodic report that includes the formatted results of a predefined query. This report can be distributed automatically to a mailing list.

To define and set up a report go to AWS’s Serverless Application Repository and search for ‘Coralogix’. Click on the link to ‘Coralogix-Elasticsearch-Reporter’.

The application requires the following parameters:

• Verified AWS SES email/domain.
• CoralogixRegion – possible values are `Europe` or `India`. Choose Europe if your Coralogix account URL ends with .com` and India if it ends with `.in`
• Enabled – `true` when the report is active and `false` when it is inactive
• PrivateKey – can be found in your Coralogix account under `Settings` -> `Account` -> `API Access` -> `Elasticsearch API key`
• Query – Elasticsearch query
• Recipient – a list of comma-separated e-mails
• RequestTimeout – the Elasticsearch query timeout
• Schedule – CloudWatch rules schedule expression
• Subject – report email subject line
• Template – JMESPath expression to structure the Elasticsearch response

Don’t change the memory size and function timeout parameters. You can adjust the query timeout based on your needs.

Report example:

Queries the account every day at 08:00 to find mapping exceptions:

Elasticsearch query:

{"size":0,"query":{"bool":{"filter":[{"query_string":{"query":"_exists_:coralogix.failed_reason"}},{"range":{"coralogix.timestamp":{"gte":"now-24h","lt":"now"}}}]}},"aggs":{"exceptions":{"terms":{"field":"coralogix.failed_reason","size":20}}}}

Schedule:

cron(0 0 */8 ? * *)

Template:

aggregations.exceptions.buckets[*].{"Exception":key,"Count":doc_count}