Alerts API v3
Use our Alerts API v3 to define, query, and manage Coralogix Alerts. View this tutorial for v1/v2.
Overview
This tutorial outlines Coralogix's v3 Alerts gRPC API. It is designed to be simpler and more user-friendly. Using protobuf, it supports clients with autocomplete features, such as Postman's gRPC.
Authentication
Authenticate requests
To authenticate requests, create a customized Team API key with the Alerts role preset assigned to it. Alternatively, selectively add any of the following permissions to your key:
Method | Permission |
---|---|
ListAlertDefs | alerts:ReadConfig OR logs.alerts:ReadConfig OR metrics.alerts:ReadConfig OR spans.alerts:ReadConfig |
GetAlertDef | alerts:ReadConfig OR logs.alerts:ReadConfig OR metrics.alerts:ReadConfig OR spans.alerts:ReadConfig |
CreateAlertDef | alerts:UpdateConfig OR logs.alerts:UpdateConfig OR metrics.alerts:UpdateConfig OR spans.alerts:UpdateConfig |
ReplaceAlertDef | alerts:UpdateConfig OR logs.alerts:UpdateConfig OR metrics.alerts:UpdateConfig OR spans.alerts:UpdateConfig |
DeleteAlertDef | alerts:UpdateConfig OR logs.alerts:UpdateConfig OR metrics.alerts:UpdateConfig OR spans.alerts:UpdateConfig |
SetActive | alerts:UpdateConfig OR logs.alerts:UpdateConfig OR metrics.alerts:UpdateConfig OR spans.alerts:UpdateConfig |
Example
Use your customized API key in the Authorization request header to successfully connect.
Then, use one of our designated Management endpoints to structure your header.
Select the endpoint associated with your Coralogix domain.
For the AlertDefs Service API, the service name is AlertDefsService
.
The complete request header should look like this:
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/
API functions
Find details on API functions here.
Sample requests
The following section presents an array of sample requests.
Create a Standard Alert with immediate notifications
Create a Standard Alert with the "notify immediately" condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs-immediate",
"description":"Example of logs-immediate alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_IMMEDIATE_OR_UNSPECIFIED",
"entity_labels": {
"label_key":"label_value"
},
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notification_group": {
"group_by_keys": [],
"webhooks": [{
"minutes":10,
"notify_on":"NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"integration": {
"recipients": {"emails": ["[email protected]"]}
}
}]
},
"logs_immediate": {
"logs_filter": {
"simple_filter": {
"label_filters": {
"application_name": [
{
"operation": "LOG_FILTER_OPERATION_TYPE_ENDS_WITH",
"value": "endsWithThis"
}
],
"severities": [
"LOG_SEVERITY_ERROR",
"LOG_SEVERITY_CRITICAL"
]
},
"lucene_query": "QueryThisLog"
}
}
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs-immediate",
"description": "Example of logs-immediate alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
"webhooks": [
{
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"integration": {
"recipients": {
"emails": [
"[email protected]"
]
}
},
"minutes": 10
}
]
},
"entityLabels": {
"label_key": "label_value"
},
"phantomMode": false,
"deleted": false,
"logsImmediate": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "QueryThisLog",
"labelFilters": {
"applicationName": [
{
"value": "endsWithThis",
"operation": "LOG_FILTER_OPERATION_TYPE_ENDS_WITH"
}
],
"severities": [
"LOG_SEVERITY_ERROR",
"LOG_SEVERITY_CRITICAL"
]
}
}
}
}
},
"id": "737d508f-8961-45bc-941c-356aa112e9bc",
"createdTime": "2024-11-06T08:02:20Z",
"updatedTime": "2024-11-06T08:02:20Z",
"alertVersionId": "737d508f-8961-45bc-941c-356aa112e9bc"
}
}
Create a Standard Alert with a threshold
Create a Standard Alert with the "more than" or "less than" condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs threshold",
"description": "example of logs threshold",
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": true,
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"entity_labels": {
"key": "value"
},
"type": "ALERT_DEF_TYPE_LOGS_THRESHOLD",
"logs_threshold": {
"logs_filter": {
"simple_filter": {
"lucene_query": "_exists_:field",
"label_filters": {
"application_name": [],
"severities": [],
"subsystem_name": []
}
}
},
"notification_payload_filter": [],
"rules": [
{
"condition": {
"condition_type": "LOGS_THRESHOLD_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"threshold": 1000,
"time_window": {
"logs_time_window_specific_value": "LOGS_TIME_WINDOW_VALUE_HOURS_2"
}
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
]
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs threshold",
"description": "example of logs threshold",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_LOGS_THRESHOLD",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"entityLabels": {
"key": "value"
},
"phantomMode": false,
"deleted": false,
"logsThreshold": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "_exists_:field",
"labelFilters": {
}
}
},
"rules": [
{
"condition": {
"threshold": 1000,
"timeWindow": {
"logsTimeWindowSpecificValue": "LOGS_TIME_WINDOW_VALUE_HOURS_2"
}
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
]
}
},
"id": "cb7e34ab-26a5-426e-b069-272eebc7b2bf",
"createdTime": "2024-11-06T08:15:01Z",
"updatedTime": "2024-11-06T08:15:01Z",
"alertVersionId": "cb7e34ab-26a5-426e-b069-272eebc7b2bf"
}
}
Create a Ratio Alert
Create a Ratio Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs ratio threshold",
"description": "example of logs ratio threshold",
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": true,
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"group_by_keys": ["application_name"],
"type": "ALERT_DEF_TYPE_LOGS_RATIO_THRESHOLD",
"logs_ratio_threshold": {
"numerator": {
"simple_filter": {
"label_filters": {"application_name": [],"severities": [],"subsystem_name": []},
"lucene_query": "_exists_:field"
}
},
"denominator": {
"simple_filter": {
"label_filters": {"application_name": [],"severities": [],"subsystem_name": []},
"lucene_query": "_exists_:field2"
}
},
"numerator_alias":"First Query",
"denominator_alias":"Second Query",
"notification_payload_filter": [],
"ignore_infinity": false,
"group_by_for": "LOGS_RATIO_GROUP_BY_FOR_NUMERATOR_ONLY",
"rules": [
{
"condition": {
"condition_type": "LOGS_RATIO_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"threshold": 1000,
"time_window": {
"logs_ratio_time_window_specific_value": "LOGS_RATIO_TIME_WINDOW_VALUE_HOURS_2"
}
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
]
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs ratio threshold",
"description": "example of logs ratio threshold",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_LOGS_RATIO_THRESHOLD",
"groupByKeys": [
"application_name"
],
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"phantomMode": false,
"deleted": false,
"logsRatioThreshold": {
"numerator": {
"simpleFilter": {
"luceneQuery": "_exists_:field",
"labelFilters": {
}
}
},
"numeratorAlias": "First Query",
"denominator": {
"simpleFilter": {
"luceneQuery": "_exists_:field2",
"labelFilters": {
}
}
},
"denominatorAlias": "Second Query",
"rules": [
{
"condition": {
"threshold": 1000,
"timeWindow": {
"logsRatioTimeWindowSpecificValue": "LOGS_RATIO_TIME_WINDOW_VALUE_HOURS_2"
}
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
],
"groupByFor": "LOGS_RATIO_GROUP_BY_FOR_NUMERATOR_ONLY",
"ignoreInfinity": false
}
},
"id": "071aeed5-66cd-4218-874d-41eae5ef4140",
"createdTime": "2024-11-06T08:20:52Z",
"updatedTime": "2024-11-06T08:20:52Z",
"alertVersionId": "071aeed5-66cd-4218-874d-41eae5ef4140"
}
}
Create a Time Relative Alert
Create a Time Relative Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs time relative threshold",
"description": "example of logs time relative threshold",
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": true,
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"type": "ALERT_DEF_TYPE_LOGS_TIME_RELATIVE_THRESHOLD",
"logs_time_relative_threshold": {
"logs_filter": {
"simple_filter": {
"label_filters": {"application_name": [],"severities": [],"subsystem_name": []},
"lucene_query": "_exists_:field"
}
},
"notification_payload_filter": [],
"ignore_infinity": true,
"rules": [
{
"condition": {
"condition_type": "LOGS_TIME_RELATIVE_CONDITION_TYPE_LESS_THAN",
"compared_to": "LOGS_TIME_RELATIVE_COMPARED_TO_SAME_DAY_LAST_WEEK",
"threshold": 5
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
]
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs time relative threshold",
"description": "example of logs time relative threshold",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_LOGS_TIME_RELATIVE_THRESHOLD",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"phantomMode": false,
"deleted": false,
"logsTimeRelativeThreshold": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "_exists_:field",
"labelFilters": {
}
}
},
"rules": [
{
"condition": {
"threshold": 5,
"comparedTo": "LOGS_TIME_RELATIVE_COMPARED_TO_SAME_DAY_LAST_WEEK",
"conditionType": "LOGS_TIME_RELATIVE_CONDITION_TYPE_LESS_THAN"
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
],
"ignoreInfinity": true,
"undetectedValuesManagement": {
"triggerUndetectedValues": false,
"autoRetireTimeframe": "AUTO_RETIRE_TIMEFRAME_NEVER_OR_UNSPECIFIED"
}
}
},
"id": "a5de559e-b940-4283-8ad6-2ddc77701049",
"createdTime": "2024-11-06T08:22:52Z",
"updatedTime": "2024-11-06T08:22:52Z",
"alertVersionId": "a5de559e-b940-4283-8ad6-2ddc77701049"
}
}
Create a log-based Anomaly Alert
Create a log-based Anomaly Alert to measure more-than-usual anomalies.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs-anomaly-alert",
"description": "Example of logs-anomaly alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_ANOMALY",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 60
},
"notification_group": {
"group_by_keys": [],
"webhooks": [
{
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"integration": {
"recipients": {"emails": ["[email protected]"]}
},
"minutes": 60
}
]
},
"logs_anomaly": {
"rules": [
{
"condition": {
"minimum_threshold": 1000,
"time_window": {
"logs_time_window_specific_value": "LOGS_TIME_WINDOW_VALUE_HOURS_24"
},
"condition_type": "LOGS_ANOMALY_CONDITION_TYPE_MORE_THAN_USUAL_OR_UNSPECIFIED"
}
}
],
"logs_filter": {
"simple_filter": {
"label_filters": {
"subsystem_name": [
{
"operation": "LOG_FILTER_OPERATION_TYPE_INCLUDES",
"value": "includes"
}
]
},
"lucene_query": "QueryThisLog && This Log"
}
}
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs-anomaly-alert",
"description": "Example of logs-anomaly alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_ANOMALY",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 60
},
"notificationGroup": {
"webhooks": [
{
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"integration": {
"recipients": {
"emails": [
"[email protected]"
]
}
},
"minutes": 60
}
]
},
"phantomMode": false,
"deleted": false,
"logsAnomaly": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "QueryThisLog \u0026\u0026 This Log",
"labelFilters": {
"subsystemName": [
{
"value": "includes",
"operation": "LOG_FILTER_OPERATION_TYPE_INCLUDES"
}
]
}
}
},
"rules": [
{
"condition": {
"minimumThreshold": 1000,
"timeWindow": {
"logsTimeWindowSpecificValue": "LOGS_TIME_WINDOW_VALUE_HOURS_24"
}
}
}
]
}
},
"id": "5bc8712b-ae0c-4d49-9cd2-1cc374eddfb7",
"createdTime": "2024-11-06T08:46:10Z",
"updatedTime": "2024-11-06T08:46:10Z",
"alertVersionId": "5bc8712b-ae0c-4d49-9cd2-1cc374eddfb7"
}
}
Create a New Value Alert
Create a New Value Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs new value",
"description": "example of logs new value",
"priority": "ALERT_DEF_PRIORITY_P3",
"enabled": true,
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"entity_labels": {
"my_key": "my_label"
},
"type": "ALERT_DEF_TYPE_LOGS_NEW_VALUE",
"logs_new_value": {
"logs_filter": {
"simple_filter": {
"label_filters": {
"application_name": [],
"severities": [],
"subsystem_name": []
},
"lucene_query": "_exists_:field"
}
},
"notification_payload_filter": [],
"rules": [
{
"condition": {
"keypath_to_track": "keypath",
"time_window": {
"logs_new_value_time_window_specific_value": "LOGS_NEW_VALUE_TIME_WINDOW_VALUE_HOURS_24"
}
}
}
]
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs new value",
"description": "example of logs new value",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_NEW_VALUE",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"entityLabels": {
"my_key": "my_label"
},
"phantomMode": false,
"deleted": false,
"logsNewValue": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "_exists_:field",
"labelFilters": {
}
}
},
"rules": [
{
"condition": {
"keypathToTrack": "keypath",
"timeWindow": {
"logsNewValueTimeWindowSpecificValue": "LOGS_NEW_VALUE_TIME_WINDOW_VALUE_HOURS_24"
}
}
}
]
}
},
"id": "5722397b-0251-4832-83b7-e8e16dfd7c92",
"createdTime": "2024-11-06T08:48:07Z",
"updatedTime": "2024-11-06T08:48:07Z",
"alertVersionId": "5722397b-0251-4832-83b7-e8e16dfd7c92"
}
}
Create a Unique Count Alert
Create a Unique Count Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "logs unique count",
"description": "example of logs unique count",
"priority": "ALERT_DEF_PRIORITY_P4",
"enabled": true,
"group_by_keys": ["logobj.path"],
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"type": "ALERT_DEF_TYPE_LOGS_UNIQUE_COUNT",
"logs_unique_count": {
"logs_filter": {
"simple_filter": {
"label_filters": {
"application_name": [],
"severities": [],
"subsystem_name": []
},
"lucene_query": "_exists_:field"
}
},
"notification_payload_filter": [],
"unique_count_keypath": "keypath",
"max_unique_count_per_group_by_key": "100",
"rules": [
{
"condition": {
"max_unique_count": "100",
"time_window": {
"logs_unique_value_time_window_specific_value": "LOGS_UNIQUE_VALUE_TIME_WINDOW_VALUE_HOURS_12"
}
}
}
]
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "logs unique count",
"description": "example of logs unique count",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_LOGS_UNIQUE_COUNT",
"groupByKeys": [
"logobj.path"
],
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"phantomMode": false,
"deleted": false,
"logsUniqueCount": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "_exists_:field",
"labelFilters": {
}
}
},
"rules": [
{
"condition": {
"maxUniqueCount": "100",
"timeWindow": {
"logsUniqueValueTimeWindowSpecificValue": "LOGS_UNIQUE_VALUE_TIME_WINDOW_VALUE_HOURS_12"
}
}
}
],
"maxUniqueCountPerGroupByKey": "100",
"uniqueCountKeypath": "keypath"
}
},
"id": "1ee21858-a338-4c22-a42c-205c3e76544b",
"createdTime": "2024-11-06T08:50:04Z",
"updatedTime": "2024-11-06T08:50:04Z",
"alertVersionId": "1ee21858-a338-4c22-a42c-205c3e76544b"
}
}
Create a Metric Alert with a threshold
Create a Metric Alert with a "less than or equals" condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "metrics threshold",
"description": "example of metrics threshold",
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": true,
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"type": "ALERT_DEF_TYPE_METRIC_THRESHOLD",
"metric_threshold": {
"metric_filter": {
"promql": "sum(http_requests_total{job=\"api-server\"}) by (job)"
},
"missing_values": {"replace_with_zero": true},
"rules": [{
"condition": {
"condition_type": "METRIC_THRESHOLD_CONDITION_TYPE_LESS_THAN_OR_EQUALS",
"for_over_pct": 80,
"of_the_last": {"metric_time_window_specific_value": "METRIC_TIME_WINDOW_VALUE_HOUR_1"},
"threshold": 5000
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}],
"undetected_values_management": {
"trigger_undetected_values": true,
"auto_retire_timeframe": "AUTO_RETIRE_TIMEFRAME_HOURS_24"
}
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "metrics threshold",
"description": "example of metrics threshold",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_METRIC_THRESHOLD",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"phantomMode": false,
"deleted": false,
"metricThreshold": {
"metricFilter": {
"promql": "sum(http_requests_total{job=\"api-server\"}) by (job)"
},
"rules": [
{
"condition": {
"threshold": 5000,
"forOverPct": 80,
"ofTheLast": {
"metricTimeWindowSpecificValue": "METRIC_TIME_WINDOW_VALUE_HOUR_1"
},
"conditionType": "METRIC_THRESHOLD_CONDITION_TYPE_LESS_THAN_OR_EQUALS"
},
"override": {
"priority": "ALERT_DEF_PRIORITY_P2"
}
}
],
"undetectedValuesManagement": {
"triggerUndetectedValues": true,
"autoRetireTimeframe": "AUTO_RETIRE_TIMEFRAME_HOURS_24"
},
"missingValues": {
"replaceWithZero": true
}
}
},
"id": "bb835aa2-7462-4d39-903b-9eab7dbaf1ca",
"createdTime": "2024-11-06T09:01:12Z",
"updatedTime": "2024-11-06T09:01:12Z",
"alertVersionId": "bb835aa2-7462-4d39-903b-9eab7dbaf1ca"
}
}
Create a metric-based Anomaly Alert
Create a metric-based Anomaly Alert to measure more-than-usual anomalies.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "metrics-anomaly alert",
"description": "Example of metrics-anomaly alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_METRIC_ANOMALY",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 5
},
"notification_group": {
"group_by_keys": [],
"webhooks": [
{
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"integration": {
"recipients": {
"emails": [ "[email protected]"]
}
},
"minutes": 5
}
]
},
"metric_anomaly": {
"rules": [
{
"condition": {
"for_over_pct": 5,
"of_the_last": {
"metric_time_window_specific_value": "METRIC_TIME_WINDOW_VALUE_HOURS_24"
},
"threshold": 100,
"min_non_null_values_pct": 50,
"condition_type": "METRIC_ANOMALY_CONDITION_TYPE_MORE_THAN_USUAL_OR_UNSPECIFIED"
}
}
],
"metric_filter": {
"promql": "sum(cpu) by (pod)"
}
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "metrics-anomaly alert",
"description": "Example of metrics-anomaly alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_METRIC_ANOMALY",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 5
},
"notificationGroup": {
"webhooks": [
{
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"integration": {
"recipients": {
"emails": [
"[email protected]"
]
}
},
"minutes": 5
}
]
},
"phantomMode": false,
"deleted": false,
"metricAnomaly": {
"metricFilter": {
"promql": "sum(cpu) by (pod)"
},
"rules": [
{
"condition": {
"threshold": 100,
"forOverPct": 5,
"ofTheLast": {
"metricTimeWindowSpecificValue": "METRIC_TIME_WINDOW_VALUE_HOURS_24"
},
"minNonNullValuesPct": 50
}
}
]
}
},
"id": "42391e48-7996-4f7c-b7ca-8b359a012d7f",
"createdTime": "2024-11-06T09:04:43Z",
"updatedTime": "2024-11-06T09:04:43Z",
"alertVersionId": "42391e48-7996-4f7c-b7ca-8b359a012d7f"
}
}
Create a Tracing Alert with immediate notifications
Create a Tracing Alert with the “notify immediately” condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name":"tracing immediate alert",
"description": "Example of tracing immediate alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_TRACING_IMMEDIATE",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"tracing_immediate": {
"tracing_filter": {
"simple_filter": {
"latency_threshold_ms": 3000,
"tracing_label_filters": {
"application_name": [{
"operation": "TRACING_FILTER_OPERATION_TYPE_INCLUDES",
"values": ["test"]
}]
}
}
}
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "tracing immediate alert",
"description": "Example of tracing immediate alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_TRACING_IMMEDIATE",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"phantomMode": false,
"deleted": false,
"tracingImmediate": {
"tracingFilter": {
"simpleFilter": {
"tracingLabelFilters": {
"applicationName": [
{
"values": [
"test"
],
"operation": "TRACING_FILTER_OPERATION_TYPE_INCLUDES"
}
]
},
"latencyThresholdMs": 3000
}
}
}
},
"id": "c71915ba-0854-4b8f-8522-885063b500d5",
"createdTime": "2024-11-06T09:06:34Z",
"updatedTime": "2024-11-06T09:06:34Z",
"alertVersionId": "c71915ba-0854-4b8f-8522-885063b500d5"
}
}
Create a Tracing Alert with a threshold
Create a Tracing Alert with a “more than” condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "tracing threshold alert",
"description": "Example of tracing threshold alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_TRACING_THRESHOLD",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"entity_labels": {
"key1": "value1"
},
"tracing_threshold": {
"rules": [{
"condition": {
"condition_type": "TRACING_THRESHOLD_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"span_amount": 20,
"time_window": {"tracing_time_window_value": "TRACING_TIME_WINDOW_VALUE_HOUR_1"}
}
}],
"tracing_filter": {
"simple_filter": {
"latency_threshold_ms": 3000,
"tracing_label_filters": {
"application_name": [{
"operation": "TRACING_FILTER_OPERATION_TYPE_INCLUDES",
"values": ["test"]
}]
}
}
}
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "tracing threshold alert",
"description": "Example of tracing threshold alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_TRACING_THRESHOLD",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"entityLabels": {
"key1": "value1"
},
"phantomMode": false,
"deleted": false,
"tracingThreshold": {
"tracingFilter": {
"simpleFilter": {
"tracingLabelFilters": {
"applicationName": [
{
"values": [
"test"
],
"operation": "TRACING_FILTER_OPERATION_TYPE_INCLUDES"
}
]
},
"latencyThresholdMs": 3000
}
},
"rules": [
{
"condition": {
"spanAmount": 20,
"timeWindow": {
"tracingTimeWindowValue": "TRACING_TIME_WINDOW_VALUE_HOUR_1"
}
}
}
]
}
},
"id": "321b4997-e07d-4132-8da2-82e320f03ad6",
"createdTime": "2024-11-06T09:09:23Z",
"updatedTime": "2024-11-06T09:09:23Z",
"alertVersionId": "321b4997-e07d-4132-8da2-82e320f03ad6"
}
}
Create a Flow Alert
Create a Flow Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ ng-api-grpc.coralogix.com:443 com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": "flow alert",
"description": "Example of flow alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_FLOW",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"flow": {
"stages": [
{
"timeframe_ms": "3000",
"timeframe_type": "TIMEFRAME_TYPE_UP_TO",
"flow_stages_groups": {
"groups": [
{
"alert_defs": [
{
"id": "id_of_alert"
}
],
"alerts_op": "ALERTS_OP_OR",
"next_op": "NEXT_OP_AND_OR_UNSPECIFIED"
}
]
}
}
]
}
}
}
EOF
Response
{
"alertDef": {
"alertDefProperties": {
"name": "flow alert",
"description": "Example of flow alert",
"enabled": true,
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_FLOW",
"incidentsSettings": {
"notifyOn": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": 10
},
"notificationGroup": {
},
"phantomMode": false,
"deleted": false,
"flow": {
"stages": [
{
"timeframeMs": "3000",
"timeframeType": "TIMEFRAME_TYPE_UP_TO",
"flowStagesGroups": {
"groups": [
{
"alertDefs": [
{
"id": "id_of_alert",
"not": false
}
],
"alertsOp": "ALERTS_OP_OR"
}
]
}
}
],
"enforceSuppression": false
}
},
"id": "b2e54052-7614-4354-83ca-9b33f6b3e208",
"createdTime": "2024-11-06T09:10:33Z",
"updatedTime": "2024-11-06T09:10:33Z",
"alertVersionId": "b2e54052-7614-4354-83ca-9b33f6b3e208"
}
}
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Contact us via our in-app chat or by emailing [email protected].