This tutorial describes how you can retrieve “New”, “Suspected”, and “Top” errors using the Coralogix Insight API calls.
“New”, “Suspected” and “Top” errors appear in tags, volume, and flow anomalies, as well as in the Coralogix dashboard. These insights help you proactively focus on problematic areas in your applications.
Suspected Errors – Error log types that comply with the query parameters and occur more than normal during the query time.
New errors – Error logs that comply with the query parameters and were not classified prior to the query time
Top errors – Most common error types that comply with the query parameters
Here is a description of the API calls’ structure (make sure to select the correct Route address for your Account region):
Route address | https://api.coralogix.com/api/v1/external/insights https://api.coralogix.us/api/v1/external/insights https://api.app.coralogix.in/api/v1/external/insights https://api.eu2.coralogix.com/api/v1/external/insights https://api.coralogixsg.com/api/v1/external/insights |
HTTP method | POST |
Authorization | Bearer {Alerts & Rules API Key taken from settings} |
Headers | Content-Type - application/json |
Attribute | Type | Mandatory | Possible values |
---|---|---|---|
applicationName | Array of strings | No | Any string representing one of the account appName |
subsystemName | Array of strings | No | Any string representing one of the account subsystemName |
tagName | String | Can't be defined together with startDate and endDate | Any string representing one of the account tag name |
startDate | Integer - UNIX time in milliseconds | Only if tagName is no defined | Must be later than 1546300800000 Which represents 1/1/2019 00:00:00 |
endDate | Integer - UNIX time in milliseconds | Only if tagName is no defined | Can’t be later than the present time |
type | String | Yes | Value must be one of: [“new”, “top”, “suspected” ] |
order | String | No - The value by default is “desc” This attribute can be changes only when type is “top” | If given, value has to be one of: [“asc”, “desc” ] |
severity | Array of strings | No - default will be [“error”, “warning”, “critical”] | Value of th array elements must be one or more of: [“error”, “warning”, “critical”] |
Notes:
In the following example, the request is for the top five errors in descending order:
{
"startDate": 1594863720000,
"endDate":1594950068912,
"type": "top",
"order":"desc"
}
The result is a structure that starts with:
{
"totalCount": 47042,
and continues with an array that includes the top 5 templates. For each template there will be count, ratio, metadata that was used for classification and a log example with place holder values:
"topFiveTemplates": [
{
"count": 6780,
"ratio": "14.41%",
"metadata": {
"applicationName": "w3wp",
"category": "Error",
"className": "Staging",
"methodName": "",
"severity": "ERROR",
"subsystemName": "LPAPI-Imperial Palace"
},
"logExample": {
"IP": "34.206.252.45",
"postal_code": "20149",
"transaction": "123456789",
"user":"AR23456",
"duration":25967
}
}
In a similar fashion, “new” and “suspected” type transaction will return a count and an array of appropriate logs.
Here is an example of using curl command to call the API. This example retrieves newly introduced errors associated with the tag ‘test”:
curl -H 'Authorization: Bearer 'your-private-key' -H "Content-type: application/json" -d '{"tagName": "test","type": "new"}' https://api.coralogix.com/api/v1/external/insights