Alerts API v3
Use our Alerts API v3 to define, query, and manage Coralogix Alerts. View this tutorial for v1/v2.
Overview
This tutorial outlines Coralogix's v3 Alerts gRPC API. It is designed to be simpler and more user-friendly. Using protobuf, it supports clients with autocomplete features, such as Kreya's gRPC.
Authentication
Authenticate requests
To authenticate requests, create a customized Team API key with the Alerts role preset assigned to it. Alternatively, selectively add any of the following permissions to your key:
| Method | Permission |
|---|---|
| ListAlertDefs | alerts:ReadConfig OR logs.alerts:ReadConfig OR metrics.alerts:ReadConfig OR spans.alerts:ReadConfig |
| GetAlertDef | alerts:ReadConfig OR logs.alerts:ReadConfig OR metrics.alerts:ReadConfig OR spans.alerts:ReadConfig |
| CreateAlertDef | alerts:UpdateConfig OR logs.alerts:UpdateConfig OR metrics.alerts:UpdateConfig OR spans.alerts:UpdateConfig |
| ReplaceAlertDef | alerts:UpdateConfig OR logs.alerts:UpdateConfig OR metrics.alerts:UpdateConfig OR spans.alerts:UpdateConfig |
| DeleteAlertDef | alerts:UpdateConfig OR logs.alerts:UpdateConfig OR metrics.alerts:UpdateConfig OR spans.alerts:UpdateConfig |
| SetActive | alerts:UpdateConfig OR logs.alerts:UpdateConfig OR metrics.alerts:UpdateConfig OR spans.alerts:UpdateConfig |
Example
Use your customized API key in the Authorization request header to successfully connect.
Then, use one of our designated Management endpoints to structure your header.
Select the endpoint associated with your Coralogix domain.
For the AlertDefs Service API, the service name is AlertDefsService.
The complete request header should look like this:
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/
API functions
Find details on API functions here.
Request structure summary
| Method | Fields | Type | Required | Request Body Format | Notes |
|---|---|---|---|---|---|
| CreateAlertDef | JSON object | varies | Yes | -d '{ ... }' | Structure depends on alert type |
| ListAlertDefs | (none) | – | – | -d '' | Empty request body |
| GetAlertDef | id | string | Yes | -d '{ "id": "<alert_id>" }' | – |
Data sources
Use the optional data_sources field on alert_def_properties to control which log data source an alert is evaluated against.
If you do not specify data_sources, the alert behaves exactly as before and is evaluated against the default log source:
data_space = "default"data_set = "logs"
This ensures full backward compatibility with existing alert definitions.
{
"alert_def_properties": {
"name": "logs threshold",
"type": "ALERT_DEF_TYPE_LOGS_THRESHOLD",
"data_sources": [
{
"data_space": "default",
"data_set": "logs"
}
]
}
}
Field structure
data_sources is an array of data source objects:
| Field | Type | Required | Description |
|---|---|---|---|
data_sources | array | No | The sources from which to sample logs. |
Each data source object has the following fields:
| Field | Type | Required | Description | Notes |
|---|---|---|---|---|
data_space | string | No | Folder name of the data source. | Allowed values: default, system. |
data_set | string | No | File name of the dataset. | Example: logs. |
Note
Although data_sources is an array, currently only one data source is supported. If multiple entries are provided, the request may be rejected.
Behavior and defaults
- If
data_sourcesis not provided, the alert behaves as before and is evaluated from the default/logs data source:data_space = "default"data_set = "logs"
- If
data_sourcesis provided, the alert uses the single data source entry you specify. Providing more than one entry is not supported and may result in a validation error. data_sourcescurrently applies to log-based alert types (for example: immediate, threshold, ratio, time-relative, anomaly, new value, unique count).For other alert types (metrics, tracing, flow), this field is currently ignored.
Note
In the alerts UI, data_sources corresponds to choosing a Dataspace and Dataset in the Datasources section of an alert definition.
For a conceptual overview and step-by-step UI workflow, see Dataset alerts.
Sample requests
The following section presents an array of sample requests.
Get alert
This method expects an id field in the request body. For example: { "id": "<alert_id>"}.
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/GetAlertDef <<EOF
{ "id": "786cf44e-13a7-475b-b089-d18a68a61236"}
EOF
Alternative syntax:
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d '{ "id": "786cf44e-13a7-475b-b089-d18a68a61236"}' ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/GetAlertDef
Note
The -d flag specifies the request body in JSON format. Use single quotes to wrap the JSON string when passing it inline. To read from standard input, set -d @ and provide the body using heredoc (<<EOF).
Create a standard alert with immediate notifications
Create a Standard Alert with the "notify immediately" condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs-immediate",
"description":"Example of logs-immediate alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_IMMEDIATE_OR_UNSPECIFIED",
"data_sources": [
{
"data_space": "default",
"data_set": "logs"
}
],
"entity_labels": {
"label_key":"label_value"
},
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notification_group": {
"group_by_keys": [],
"webhooks": [{
"minutes":10,
"notify_on":"NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"integration": {
"recipients": {"emails": ["example@coralogix.com"]}
}
}]
},
"logs_immediate": {
"logs_filter": {
"simple_filter": {
"label_filters": {
"application_name": [
{
"operation": "LOG_FILTER_OPERATION_TYPE_ENDS_WITH",
"value": "endsWithThis"
}
],
"severities": [
"LOG_SEVERITY_ERROR",
"LOG_SEVERITY_CRITICAL"
]
},
"lucene_query": "QueryThisLog"
}
}
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs-immediate",
"description": "Example of logs-immediate alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
"webhooks": [
{
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"integration": {
"recipients": {
"emails": [
"example@coralogix.com"
]
}
},
"minutes": 10
}
]
},
"entityLabels": {
"label_key": "label_value"
},
"phantomMode": false,
"deleted": false,
"logsImmediate": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "QueryThisLog",
"labelFilters": {
"applicationName": [
{
"value": "endsWithThis",
"operation": "LOG_FILTER_OPERATION_TYPE_ENDS_WITH"
}
],
"severities": [
"LOG_SEVERITY_ERROR",
"LOG_SEVERITY_CRITICAL"
]
}
}
}
}
},
"id": "737d508f-8961-45bc-941c-356aa112e9bc",
"createdTime": "2024-11-06T08:02:20Z",
"updatedTime": "2024-11-06T08:02:20Z",
"alertVersionId": "737d508f-8961-45bc-941c-356aa112e9bc"
}
}
Create a standard alert with a threshold
Create a Standard Alert with the "more than" or "less than" condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs threshold",
"description": "example of logs threshold",
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": true,
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"entity_labels": {
"key": "value"
},
"type": "ALERT_DEF_TYPE_LOGS_THRESHOLD",
"logs_threshold": {
"logs_filter": {
"simple_filter": {
"lucene_query": "_exists_:field",
"label_filters": {
"application_name": [],
"severities": [],
"subsystem_name": []
}
}
},
"notification_payload_filter": [],
"rules": [
{
"condition": {
"condition_type": "LOGS_THRESHOLD_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"threshold": 1000,
"time_window": {
"logs_time_window_specific_value": "LOGS_TIME_WINDOW_VALUE_HOURS_2"
}
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
]
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs threshold",
"description": "example of logs threshold",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_LOGS_THRESHOLD",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"entityLabels": {
"key": "value"
},
"phantomMode": false,
"deleted": false,
"logsThreshold": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "_exists_:field",
"labelFilters": {
}
}
},
"rules": [
{
"condition": {
"threshold": 1000,
"timeWindow": {
"logsTimeWindowSpecificValue": "LOGS_TIME_WINDOW_VALUE_HOURS_2"
}
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
]
}
},
"id": "cb7e34ab-26a5-426e-b069-272eebc7b2bf",
"createdTime": "2024-11-06T08:15:01Z",
"updatedTime": "2024-11-06T08:15:01Z",
"alertVersionId": "cb7e34ab-26a5-426e-b069-272eebc7b2bf"
}
}
Create a dataset alert with a threshold
Create a logs-based threshold alert evaluated on a specific dataset instead of the default default/logs. This example uses the data_sources field to target the system/notification.deliveries dataset.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ \
ng-api-grpc.us1.coralogix.com:443 \
com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "notification delivery failures",
"description": "Threshold alert on system/notification.deliveries",
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": true,
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"entity_labels": {
"team": "sre"
},
"type": "ALERT_DEF_TYPE_LOGS_THRESHOLD",
"data_sources": [
{
"data_space": "system",
"data_set": "notification.deliveries"
}
],
"logs_threshold": {
"logs_filter": {
"simple_filter": {
"lucene_query": "status:failed AND target_type:slack",
"label_filters": { }
}
},
"rules": [
{
"condition": {
"threshold": 50,
"time_window": {
"logs_time_window_specific_value": "LOGS_TIME_WINDOW_VALUE_MINUTES_15"
}
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P1"
}
}
]
}
}
}
Response
{
"alertDef": {
"alertDefProperties": {
"name": "notification delivery failures",
"description": "Threshold alert on system/notification.deliveries",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P1",
"type": "ALERT_DEF_TYPE_LOGS_THRESHOLD",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {},
"entityLabels": {
"team": "sre"
},
"phantomMode": false,
"deleted": false,
"logsThreshold": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "status:failed AND target_type:slack",
"labelFilters": {}
}
},
"rules": [
{
"condition": {
"threshold": 50,
"timeWindow": {
"logsTimeWindowSpecificValue": "LOGS_TIME_WINDOW_VALUE_MINUTES_15"
}
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P1"
}
}
]
},
"dataSources": [
{
"dataSpace": "system",
"dataSet": "notification.deliveries"
}
]
},
"id": "XXXXXXXXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
"createdTime": "2024-11-06T08:30:00Z",
"updatedTime": "2024-11-06T08:30:00Z",
"alertVersionId": "XXXXXXXXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}
}
Create a ratio alert
Create a Ratio Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs ratio threshold",
"description": "example of logs ratio threshold",
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": true,
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"group_by_keys": ["application_name"],
"type": "ALERT_DEF_TYPE_LOGS_RATIO_THRESHOLD",
"logs_ratio_threshold": {
"numerator": {
"simple_filter": {
"label_filters": {"application_name": [],"severities": [],"subsystem_name": []},
"lucene_query": "_exists_:field"
}
},
"denominator": {
"simple_filter": {
"label_filters": {"application_name": [],"severities": [],"subsystem_name": []},
"lucene_query": "_exists_:field2"
}
},
"numerator_alias":"First Query",
"denominator_alias":"Second Query",
"notification_payload_filter": [],
"ignore_infinity": false,
"group_by_for": "LOGS_RATIO_GROUP_BY_FOR_NUMERATOR_ONLY",
"rules": [
{
"condition": {
"condition_type": "LOGS_RATIO_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"threshold": 1000,
"time_window": {
"logs_ratio_time_window_specific_value": "LOGS_RATIO_TIME_WINDOW_VALUE_HOURS_2"
}
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
]
}
}
}
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs ratio threshold",
"description": "example of logs ratio threshold",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_LOGS_RATIO_THRESHOLD",
"groupByKeys": [
"application_name"
],
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"phantomMode": false,
"deleted": false,
"logsRatioThreshold": {
"numerator": {
"simpleFilter": {
"luceneQuery": "_exists_:field",
"labelFilters": {
}
}
},
"numeratorAlias": "First Query",
"denominator": {
"simpleFilter": {
"luceneQuery": "_exists_:field2",
"labelFilters": {
}
}
},
"denominatorAlias": "Second Query",
"rules": [
{
"condition": {
"threshold": 1000,
"timeWindow": {
"logsRatioTimeWindowSpecificValue": "LOGS_RATIO_TIME_WINDOW_VALUE_HOURS_2"
}
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
],
"groupByFor": "LOGS_RATIO_GROUP_BY_FOR_NUMERATOR_ONLY",
"ignoreInfinity": false
}
},
"id": "071aeed5-66cd-4218-874d-41eae5ef4140",
"createdTime": "2024-11-06T08:20:52Z",
"updatedTime": "2024-11-06T08:20:52Z",
"alertVersionId": "071aeed5-66cd-4218-874d-41eae5ef4140"
}
}
Create a time relative alert
Create a Time Relative Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs time relative threshold",
"description": "example of logs time relative threshold",
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": true,
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"type": "ALERT_DEF_TYPE_LOGS_TIME_RELATIVE_THRESHOLD",
"logs_time_relative_threshold": {
"logs_filter": {
"simple_filter": {
"label_filters": {"application_name": [],"severities": [],"subsystem_name": []},
"lucene_query": "_exists_:field"
}
},
"notification_payload_filter": [],
"ignore_infinity": true,
"rules": [
{
"condition": {
"condition_type": "LOGS_TIME_RELATIVE_CONDITION_TYPE_LESS_THAN",
"compared_to": "LOGS_TIME_RELATIVE_COMPARED_TO_SAME_DAY_LAST_WEEK",
"threshold": 5
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
]
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs time relative threshold",
"description": "example of logs time relative threshold",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_LOGS_TIME_RELATIVE_THRESHOLD",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"phantomMode": false,
"deleted": false,
"logsTimeRelativeThreshold": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "_exists_:field",
"labelFilters": {
}
}
},
"rules": [
{
"condition": {
"threshold": 5,
"comparedTo": "LOGS_TIME_RELATIVE_COMPARED_TO_SAME_DAY_LAST_WEEK",
"conditionType": "LOGS_TIME_RELATIVE_CONDITION_TYPE_LESS_THAN"
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
],
"ignoreInfinity": true,
"undetectedValuesManagement": {
"triggerUndetectedValues": false,
"autoRetireTimeframe": "AUTO_RETIRE_TIMEFRAME_NEVER_OR_UNSPECIFIED"
}
}
},
"id": "a5de559e-b940-4283-8ad6-2ddc77701049",
"createdTime": "2024-11-06T08:22:52Z",
"updatedTime": "2024-11-06T08:22:52Z",
"alertVersionId": "a5de559e-b940-4283-8ad6-2ddc77701049"
}
}
Create a log-based anomaly alert
Create a log-based Anomaly Alert to measure more-than-usual anomalies.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs-anomaly-alert",
"description": "Example of logs-anomaly alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_ANOMALY",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 60
},
"notification_group": {
"group_by_keys": [],
"webhooks": [
{
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"integration": {
"recipients": {"emails": ["example@coralogix.com"]}
},
"minutes": 60
}
]
},
"logs_anomaly": {
"rules": [
{
"condition": {
"minimum_threshold": 1000,
"time_window": {
"logs_time_window_specific_value": "LOGS_TIME_WINDOW_VALUE_HOURS_24"
},
"condition_type": "LOGS_ANOMALY_CONDITION_TYPE_MORE_THAN_USUAL_OR_UNSPECIFIED"
}
}
],
"logs_filter": {
"simple_filter": {
"label_filters": {
"subsystem_name": [
{
"operation": "LOG_FILTER_OPERATION_TYPE_INCLUDES",
"value": "includes"
}
]
},
"lucene_query": "QueryThisLog && This Log"
}
}
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs-anomaly-alert",
"description": "Example of logs-anomaly alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_ANOMALY",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 60
},
"notificationGroup": {
"webhooks": [
{
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"integration": {
"recipients": {
"emails": [
"example@coralogix.com"
]
}
},
"minutes": 60
}
]
},
"phantomMode": false,
"deleted": false,
"logsAnomaly": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "QueryThisLog \u0026\u0026 This Log",
"labelFilters": {
"subsystemName": [
{
"value": "includes",
"operation": "LOG_FILTER_OPERATION_TYPE_INCLUDES"
}
]
}
}
},
"rules": [
{
"condition": {
"minimumThreshold": 1000,
"timeWindow": {
"logsTimeWindowSpecificValue": "LOGS_TIME_WINDOW_VALUE_HOURS_24"
}
}
}
]
}
},
"id": "5bc8712b-ae0c-4d49-9cd2-1cc374eddfb7",
"createdTime": "2024-11-06T08:46:10Z",
"updatedTime": "2024-11-06T08:46:10Z",
"alertVersionId": "5bc8712b-ae0c-4d49-9cd2-1cc374eddfb7"
}
}
Create a new value alert
Create a New Value Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs new value",
"description": "example of logs new value",
"priority": "ALERT_DEF_PRIORITY_P3",
"enabled": true,
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"entity_labels": {
"my_key": "my_label"
},
"type": "ALERT_DEF_TYPE_LOGS_NEW_VALUE",
"logs_new_value": {
"logs_filter": {
"simple_filter": {
"label_filters": {
"application_name": [],
"severities": [],
"subsystem_name": []
},
"lucene_query": "_exists_:field"
}
},
"notification_payload_filter": [],
"rules": [
{
"condition": {
"keypath_to_track": "keypath",
"time_window": {
"logs_new_value_time_window_specific_value": "LOGS_NEW_VALUE_TIME_WINDOW_VALUE_HOURS_24"
}
}
}
]
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs new value",
"description": "example of logs new value",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_NEW_VALUE",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"entityLabels": {
"my_key": "my_label"
},
"phantomMode": false,
"deleted": false,
"logsNewValue": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "_exists_:field",
"labelFilters": {
}
}
},
"rules": [
{
"condition": {
"keypathToTrack": "keypath",
"timeWindow": {
"logsNewValueTimeWindowSpecificValue": "LOGS_NEW_VALUE_TIME_WINDOW_VALUE_HOURS_24"
}
}
}
]
}
},
"id": "5722397b-0251-4832-83b7-e8e16dfd7c92",
"createdTime": "2024-11-06T08:48:07Z",
"updatedTime": "2024-11-06T08:48:07Z",
"alertVersionId": "5722397b-0251-4832-83b7-e8e16dfd7c92"
}
}
Create a unique count alert
Create a Unique Count Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs unique count",
"description": "example of logs unique count",
"priority": "ALERT_DEF_PRIORITY_P4",
"enabled": true,
"group_by_keys": ["logobj.path"],
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"type": "ALERT_DEF_TYPE_LOGS_UNIQUE_COUNT",
"logs_unique_count": {
"logs_filter": {
"simple_filter": {
"label_filters": {
"application_name": [],
"severities": [],
"subsystem_name": []
},
"lucene_query": "_exists_:field"
}
},
"notification_payload_filter": [],
"unique_count_keypath": "keypath",
"max_unique_count_per_group_by_key": "100",
"rules": [
{
"condition": {
"max_unique_count": "100",
"time_window": {
"logs_unique_value_time_window_specific_value": "LOGS_UNIQUE_VALUE_TIME_WINDOW_VALUE_HOURS_12"
}
}
}
]
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs unique count",
"description": "example of logs unique count",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_LOGS_UNIQUE_COUNT",
"groupByKeys": [
"logobj.path"
],
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"phantomMode": false,
"deleted": false,
"logsUniqueCount": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "_exists_:field",
"labelFilters": {
}
}
},
"rules": [
{
"condition": {
"maxUniqueCount": "100",
"timeWindow": {
"logsUniqueValueTimeWindowSpecificValue": "LOGS_UNIQUE_VALUE_TIME_WINDOW_VALUE_HOURS_12"
}
}
}
],
"maxUniqueCountPerGroupByKey": "100",
"uniqueCountKeypath": "keypath"
}
},
"id": "1ee21858-a338-4c22-a42c-205c3e76544b",
"createdTime": "2024-11-06T08:50:04Z",
"updatedTime": "2024-11-06T08:50:04Z",
"alertVersionId": "1ee21858-a338-4c22-a42c-205c3e76544b"
}
}
Create a metric alert with a threshold
Create a Metric Alert with a "less than or equals" condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "metrics threshold",
"description": "example of metrics threshold",
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": true,
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"type": "ALERT_DEF_TYPE_METRIC_THRESHOLD",
"metric_threshold": {
"metric_filter": {
"promql": "sum(http_requests_total{job=\"api-server\"}) by (job)"
},
"missing_values": {"replace_with_zero": true},
"rules": [{
"condition": {
"condition_type": "METRIC_THRESHOLD_CONDITION_TYPE_LESS_THAN_OR_EQUALS",
"for_over_pct": 80,
"of_the_last": {"metric_time_window_specific_value": "METRIC_TIME_WINDOW_VALUE_HOUR_1"},
"threshold": 5000
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}],
"undetected_values_management": {
"trigger_undetected_values": true,
"auto_retire_timeframe": "AUTO_RETIRE_TIMEFRAME_HOURS_24"
}
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "metrics threshold",
"description": "example of metrics threshold",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_METRIC_THRESHOLD",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"phantomMode": false,
"deleted": false,
"metricThreshold": {
"metricFilter": {
"promql": "sum(http_requests_total{job=\"api-server\"}) by (job)"
},
"rules": [
{
"condition": {
"threshold": 5000,
"forOverPct": 80,
"ofTheLast": {
"metricTimeWindowSpecificValue": "METRIC_TIME_WINDOW_VALUE_HOUR_1"
},
"conditionType": "METRIC_THRESHOLD_CONDITION_TYPE_LESS_THAN_OR_EQUALS"
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
],
"undetectedValuesManagement": {
"triggerUndetectedValues": true,
"autoRetireTimeframe": "AUTO_RETIRE_TIMEFRAME_HOURS_24"
},
"missingValues": {
"replaceWithZero": true
}
}
},
"id": "bb835aa2-7462-4d39-903b-9eab7dbaf1ca",
"createdTime": "2024-11-06T09:01:12Z",
"updatedTime": "2024-11-06T09:01:12Z",
"alertVersionId": "bb835aa2-7462-4d39-903b-9eab7dbaf1ca"
}
}
Create a metric-based anomaly alert
Create a metric-based Anomaly Alert to measure more-than-usual anomalies.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "metrics-anomaly alert",
"description": "Example of metrics-anomaly alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_METRIC_ANOMALY",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 5
},
"notification_group": {
"group_by_keys": [],
"webhooks": [
{
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"integration": {
"recipients": {
"emails": [ "example@coralogix.com"]
}
},
"minutes": 5
}
]
},
"metric_anomaly": {
"rules": [
{
"condition": {
"for_over_pct": 5,
"of_the_last": {
"metric_time_window_specific_value": "METRIC_TIME_WINDOW_VALUE_HOURS_24"
},
"threshold": 100,
"min_non_null_values_pct": 50,
"condition_type": "METRIC_ANOMALY_CONDITION_TYPE_MORE_THAN_USUAL_OR_UNSPECIFIED"
}
}
],
"metric_filter": {
"promql": "sum(cpu) by (pod)"
}
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "metrics-anomaly alert",
"description": "Example of metrics-anomaly alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_METRIC_ANOMALY",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 5
},
"notificationGroup": {
"webhooks": [
{
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"integration": {
"recipients": {
"emails": [
"example@coralogix.com"
]
}
},
"minutes": 5
}
]
},
"phantomMode": false,
"deleted": false,
"metricAnomaly": {
"metricFilter": {
"promql": "sum(cpu) by (pod)"
},
"rules": [
{
"condition": {
"threshold": 100,
"forOverPct": 5,
"ofTheLast": {
"metricTimeWindowSpecificValue": "METRIC_TIME_WINDOW_VALUE_HOURS_24"
},
"minNonNullValuesPct": 50
}
}
]
}
},
"id": "42391e48-7996-4f7c-b7ca-8b359a012d7f",
"createdTime": "2024-11-06T09:04:43Z",
"updatedTime": "2024-11-06T09:04:43Z",
"alertVersionId": "42391e48-7996-4f7c-b7ca-8b359a012d7f"
}
}
Create a tracing alert with immediate notifications
Create a Tracing Alert with the "notify immediately" condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name":"tracing immediate alert",
"description": "Example of tracing immediate alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_TRACING_IMMEDIATE",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"tracing_immediate": {
"tracing_filter": {
"simple_filter": {
"latency_threshold_ms": 3000,
"tracing_label_filters": {
"application_name": [{
"operation": "TRACING_FILTER_OPERATION_TYPE_INCLUDES",
"values": ["test"]
}]
}
}
}
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "tracing immediate alert",
"description": "Example of tracing immediate alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_TRACING_IMMEDIATE",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"phantomMode": false,
"deleted": false,
"tracingImmediate": {
"tracingFilter": {
"simpleFilter": {
"tracingLabelFilters": {
"applicationName": [
{
"values": [
"test"
],
"operation": "TRACING_FILTER_OPERATION_TYPE_INCLUDES"
}
]
},
"latencyThresholdMs": 3000
}
}
}
},
"id": "c71915ba-0854-4b8f-8522-885063b500d5",
"createdTime": "2024-11-06T09:06:34Z",
"updatedTime": "2024-11-06T09:06:34Z",
"alertVersionId": "c71915ba-0854-4b8f-8522-885063b500d5"
}
}
Create a tracing alert with a threshold
Create a Tracing Alert with a "more than" condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "tracing threshold alert",
"description": "Example of tracing threshold alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_TRACING_THRESHOLD",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"entity_labels": {
"key1": "value1"
},
"tracing_threshold": {
"rules": [{
"condition": {
"condition_type": "TRACING_THRESHOLD_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"span_amount": 20,
"time_window": {"tracing_time_window_value": "TRACING_TIME_WINDOW_VALUE_HOUR_1"}
}
}],
"tracing_filter": {
"simple_filter": {
"latency_threshold_ms": 3000,
"tracing_label_filters": {
"application_name": [{
"operation": "TRACING_FILTER_OPERATION_TYPE_INCLUDES",
"values": ["test"]
}]
}
}
}
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "tracing threshold alert",
"description": "Example of tracing threshold alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_TRACING_THRESHOLD",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"entityLabels": {
"key1": "value1"
},
"phantomMode": false,
"deleted": false,
"tracingThreshold": {
"tracingFilter": {
"simpleFilter": {
"tracingLabelFilters": {
"applicationName": [
{
"values": [
"test"
],
"operation": "TRACING_FILTER_OPERATION_TYPE_INCLUDES"
}
]
},
"latencyThresholdMs": 3000
}
},
"rules": [
{
"condition": {
"spanAmount": 20,
"timeWindow": {
"tracingTimeWindowValue": "TRACING_TIME_WINDOW_VALUE_HOUR_1"
}
}
}
]
}
},
"id": "321b4997-e07d-4132-8da2-82e320f03ad6",
"createdTime": "2024-11-06T09:09:23Z",
"updatedTime": "2024-11-06T09:09:23Z",
"alertVersionId": "321b4997-e07d-4132-8da2-82e320f03ad6"
}
}
Create a flow alert
Create a Flow Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "flow alert",
"description": "Example of flow alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_FLOW",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"flow": {
"stages": [
{
"timeframe_ms": "3000",
"timeframe_type": "TIMEFRAME_TYPE_UP_TO",
"flow_stages_groups": {
"groups": [
{
"alert_defs": [
{
"id": "id_of_alert"
}
],
"alerts_op": "ALERTS_OP_OR",
"next_op": "NEXT_OP_AND_OR_UNSPECIFIED"
}
]
}
}
]
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "flow alert",
"description": "Example of flow alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_FLOW",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"phantomMode": false,
"deleted": false,
"flow": {
"stages": [
{
"timeframeMs": "3000",
"timeframeType": "TIMEFRAME_TYPE_UP_TO",
"flowStagesGroups": {
"groups": [
{
"alertDefs": [
{
"id": "id_of_alert",
"not": false
}
],
"alertsOp": "ALERTS_OP_OR"
}
]
}
}
],
"enforceSuppression": false
}
},
"id": "b2e54052-7614-4354-83ca-9b33f6b3e208",
"createdTime": "2024-11-06T09:10:33Z",
"updatedTime": "2024-11-06T09:10:33Z",
"alertVersionId": "b2e54052-7614-4354-83ca-9b33f6b3e208"
}
}
List alerts
This method does not require any arguments; provide an empty request body.
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d '' ng-api-grpc.:443 com.coralogixapis.alerts.v3.AlertDefsService/ListAlertDefs
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Contact us via our in-app chat or by emailing support@coralogix.com.
Thank you for your feedback!
Theme
Light