We just raised $142 million in our Series D Round! Read About Our Plans for the Future

Dynamic Alerts Dynamic Alerts

Last Updated: Mar. 27, 2022

The power and value that are embedded in logs are reflected by the status and behavior of our applications and infrastructure. Many times we would like to be alerted when the application or its components show abnormal behavior. This behavior can be reflected by the application sending some logs at a higher than usual volume.

Figuring out exactly what ‘higher than usual’ means, or in other words, setting the threshold value at which the alert should trigger can be a daunting task. This is especially true regarding highly variable data.

The value of a threshold in certain cases may need to change based on the time of day or day of the week to adjust for “expected” changes. Thresholds may even need to be changed over the course of a longer period of time to accommodate for natural changes to application usage trends.

Coralogix Dynamic Alerts enable you to detect abnormal behavior automatically – without having to set a fixed threshold value. Dynamic Alerts rely on Coralogix ML algorithms to continuously analyze your application’s behavior.

Examples

Use Case 1: Too Many Unsuccessful Logins

Many times the security team would like to know if there were too many unsuccessful logins in a time period. 

Alert Filter: event.action:”user_login” NOT event.outcome:success

Alert Condition:  ‘more than usual’

Use Case 2: Increase in ELB WAF errors

ELB is an AWS load balancer. This alert identifies if a specific ELB generates 403 errors more than usual. A 403 error results from a request that is blocked by AWS WAF, Web Application Firewall. 

Alert Filter:

elb:”app/my-loadbalancer/50dc6c495c0c9188” AND elb_status_code:”403”

Alert Condition: ‘More than usual’

Use Case 3: Long Connection Time

Many times ops would like to be alerted if connection times are unusually long. Here again, the Coralogix ‘more than usual” alert option will be very handy. 

Alert Filter:

connection_time:[2 TO *]

Alert Condition:  ‘more than usual’

Group By

Now you can use up to 2 fields to group by:

Under insight this is what you are going to see based on the data above. Two fields one for Host_name and the other for location with how many times have been seen.

  • Alert Cadence control.

with this option now you can control how many notifications you get for any configured Alert in minutes, hours, or both.

It is most likely that you and/or your application monitoring team will find similar use cases beneficial. If you are already a Coralogix customer please start using this capability, if not go to our website and try this for free. If you have any questions please reach out to us at [email protected]

On this page