Our Incidents Screen displays all of your triggered alert events within the Coralogix platform. View all those events which are currently triggered or those triggered within a specific time frame. With easy-to-use functionalities and the ability to drill-down into events of interest, the feature ensures top-notch monitoring and analysis.
The Coralogix Incidents Screen simplifies your alert response journey from start to finish. Perfect for DevOps teams and SREs looking to eliminate context switching, users can easily identify triggered alert events of interest and drill-down into the underlying logs, metrics, and traces all from within the Coralogix platform. Coralogix uniquely enables users to analyze any relevant archived data alongside events that triggered the current alert. This unified approach brings events and observability together for faster triage, analysis and remediation.
Use the Incidents Screen to:
Triggered alert events, bundled as incidents, are presented in your Incidents Screen according to the Group By Tags and Notification Settings set in your alert definition.
The Incidents Screen presents all of the individual permutations for all key-value tags that are selected in the Group By Conditions defined in your alert.
The Group By feature allows you to group alerts by one or more key-value tags that are aggregated into a histogram. An alert is triggered whenever the condition threshold is met for a specific aggregated key within a specified timeframe.
If using 2 tags for Group By, matching logs, metrics or traces will first be aggregated by the parent tag (ie. applicationName
), then by the child tag (ie. subsystemName
). An alert will fire when the threshold meets the unique combination of both parent and child. Only data that includes the selected Group By tags will be included in the count.
For every alert that is triggered, one or more events form an incident. If the user has defined them in his / her alert setup, specific events within an incident are organized by key-value Group By tags.
Incident events are organized by the Notification Settings defined in your alert.
To view all of your triggered alerts, navigate to Alerts > Incidents in your Coralogix toolbar.
The Triggered tab presents all those alert events which are currently triggered and have yet to be resolved. Events are sorted by ‘Last Triggered’ timestamp.
The All Incidents tab presents all those events triggered within a specific time frame of your choosing, regardless of their current status and duration. Events are sorted by ‘Last Triggered’ timestamp.
Beyond our default time frame selection (QUICK), you have the option of querying incidents for a timeframe relative to the present time (RELATIVE) or within a custom timeframe (CUSTOM). In addition, our Version Benchmarks feature allows you to use tags to compare between timelines (TAG).
For both the Triggered and All Incidents tabs, you may group events by alert definition in the upper right-hand corner of your screen. Doing so will aggregate all alert permutations, consolidating individual incidents under one alert name.
Expand an alert group to view the individual permutations that triggered the alert, with additional information about each permutation. This includes alert status, alert type, permutation details, etc. An alert group can contain up to 1,000 permutations.
Filter incidents using the filters in the left-hand sidebar.
Filter incidents by alert type, alert severity, and state.
Incidents may have one of three statuses: TRIGGERED, ACKNOWLEDGED, or RESOLVED. Statuses change on an automatic or manual basis.
Once a triggered alert is resolved, the status of the original incident automatically changes to RESOLVED. If you have activated the Notify When Resolved settings in your alert, a new resolve event is sent.
Once resolved, an incident is closed. If the alert is then triggered, a new incident appears.
Clicking on a TRIGGERED status will present a drop-down menu in which you can choose to ACKNOWLEDGE or RESOLVE an incident. Doing so automatically defines you as the assignee. You may unassign yourself or replace the assignee.
Modify incident status from your Incidents Screen or Incident Details Screen.
Clicking on left-hand ellipses (…) of any incident permutation opens the Incident Details Screen, which presents the details of the incident from start to finish:
Open an alert definition and edit by clicking on the pen icon.
For single alerts when at least one key-value tag pair combination meets your Group By Conditions, the Group By State grid displays all of the permutations for the key-value tags established.
Click WATCH DATA for any event to see its triggered logs, metrics or traces.
Documentation | Connect S3 Archive Get Started with Coralogix Alerts |
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].