Standard User-Defined Alerts

Use the Coralogix Standard Alerts feature to monitor system performance, get notified when there are changes to your logs, and instantly pinpoint potential causes.

Feature

Standard alerts are alerts that are triggered by changes to your logs. These alerts are useful when trying to measure the number of occurrences of a particular incident – when a user arrives at your website, for example, or when an error occurs.

With the Standard Alerts feature, you can do the following:

• Monitor system performance in real-time. Obtain real-time insights based on the criteria of your choice.
• Construct the perfect query for your specific needs. Define a query, which will capture the logs which you wish to inspect, and make it more specific when you filter by application, subsystem and severity. Then select the range of conditions to trigger an alert. For example, you may set that more than 10 logs over minutes will trigger your alert.
• Enjoy a machine learning-based approach. Using this setting, the Coralogix platform profiles your data and automatically detects abnormal behavior.
• Receive personalized notifications. Receive real-time push notifications to your preferred communication channel.

Standard alerts are the simplest alerts that Coralogix offers. Their simplicity is their strength. We strongly recommend that you cover your most obvious use cases with standard alerting to build a strong foundation in your observability system.

Create Alerts

STEP 1. Perform a query to filter the logs that will be returned as part of the alert.

• Click on Logs in the navigation pane.
• Perform a query to filter the logs that will be returned as part of the alert. Use a combination of the query input or the filters on the left-hand panel.
• Click CREATE ALERT in the upper right-hand corner.

• Note: To create an alert without a predefined query, click on Alerts > Alert Management in the Coralogix toolbar. Click NEW ALERT on the upper right-hand corner of your dashboard.

STEP 2. Define Alert Details.

• Define:
  • Alert Name.
  • Description.
  • Severity. Choose from one of four options: info, warning, error, critical.
  • Labels. Define a new label or choose from an existing one. Nest a label using key:value.

STEP 3. Select STANDARD Alert Type.

STEP 4. Define Query.

• If you created an alert from your Logs screen, your query will appear. Click EDIT to modify.
• If you created from your Alerts screen, input a new query. Using the available RegEx cheat sheet for support.
• Filter by Application, Subsystem and Severity.

STEP 5. Set the Conditions for triggering an alert.

• Alert when. Select whether to trigger the alert immediately, or define a rule based on the number of occurrences within a specified time window or using our Dynamic Alerts anomaly detecting option.
  • Notify Immediately: Immediate notification followed by silence for 1 minute. Hit count will present 1 in immediate alert, as we notify you of the first log that matches.
  • More/Less Than: Alert will trigger when the count of the entries matching the alert definition will be more/less than the chosen threshold. Hit count will present the actual number of entries that matched within the selected time window.
  • More Than Usual. This Dynamic Alerts setting enables you to detect abnormal behavior automatically – without having to set fixed threshold values. Set minimum threshold only. Note: It takes one week for algorithms to learn the traffic pattern
• Time Window Settings – Evaluation Window. The Evaluation Window is the period of time that is periodically queried for the alert query and parameters. When the alert is set to More than for a Standard Alert, you can select the Evaluation Window type from the following options:
  • Rolling Window. This is the default setting for new alerts. The Rolling Window is a fixed period of time (i.e. 10 minutes) and does not change, regardless of matching data and any alerts triggered as a result of the query.
  • Dynamic Duration. The Dynamic Duration evaluation window changes the queried time period when data matching the query triggers an alert.

• Group By. Group your alerts using one or more values that are aggregated into a histogram.
  • An alert is triggered whenever the condition threshold is met for a specific aggregated value within the specified timeframe.
  • New! If using 2 values for Group By, matching logs will first be aggregated by the parent field (ie. region), then by the child field (ie. pod_name). An alert will fire when the threshold meets the unique combination of both parent and child. Only logs that include the Group By fields will be included in the count.

STEP 6. Define Notification settings.

• Aggregated Notification. By default, a single notification, aggregating all values matching an alert query and conditions, will be sent to your Coralogix Insights screen.
• Individual Notification Groups. New! Multiple individual notifications for each of the values of the Group By field may be sent when query conditions are met. Select one or more Keys – consisting of a subset of the fields selected in the alert conditions – in the drop down menu. A separate notification will be sent for each Key selected.
  • Notes:
    • The number of Group By permutations is limited to 1000. If there are more permutations, then only the first 1000 are tracked.
    • Individual notifications for each of the values of the Group By field will not appear on the Insights screen and must be sent directly to notification recipients.
• Both notification types allow you to choose the the parameters of your notification:
  • Notify Every. Sets the alert cadence. After an alert is triggered and a notification is sent, the alert will continue to work, but notifications will be suppressed for the duration of the suppression period.
    • When an alert is triggered, it won’t be triggered again until one of two things happens: either the Notify Every period passes or it is resolved. In the latter case, the Notify Every parameter is reset.
  • Notify when resolved. Activate to receive an automatic update once an alert has ceased.
  • Define additional alert recipient(s) and notification channels by clicking + ADD WEBHOOK.

STEP 7. Set a Schedule.

Limit triggering to specific days and times.

STEP 8. Define Notification Content.

• Choose a specific JSON key or keys to include in the alert notification.
• Leave blank to view the full log text.

STEP 9. Verify your alert.

Click VERIFY to view how many times the alert matched the criteria in the last 24 hours.

STEP 10. View your History.

View which user performed a change in the alert and when.

STEP 11. Create your alert.

Click CREATE ALERT on the upper-right side of the screen.

View Alerts

In your navigation pane, click Insights > Insights.

• Select the Alert logs tab to view the logs which triggered an alert.

• Select the Logs tab to view all the logs prior to, and after, the triggered alert. The triggered alert will be highlighted.

Edit Alerts

Alert Management

• Identify the user that created an alert in the Alerts menu. To view the menu, navigate to Alerts in your Coralogix dashboard navigation panel.
• View the history of editing for specific alert.

Snooze Alerts

Snooze alerts in those cases where an alert was triggered and being, and there is no need for further notifications while you are resolving the issue. Activate or deactivate ****the snooze button next to an alert.

Notes:

• Hover your mouse over the snooze button to view who snoozed the alert and when the snooze period ends.
• In the table view, where all your team’s alerts are displayed, view all snoozes in the Snooze column. The snooze button is interactive, allowing you to switch between Snooze and Active settings as necessary.

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].