Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Back to All Docs

Insights API Insights API

Last Updated: Jun. 22, 2023

This tutorial describes how you can retrieve “New”, “Suspected”, and “Top” errors using the Coralogix Insight API calls.

“New”, “Suspected” and “Top” errors appear in tags, volume, and flow anomalies, as well as in the Coralogix dashboard. These insights help you proactively focus on problematic areas in your applications.

Suspected Errors – Error log types that comply with the query parameters and occur more than normal during the query time.

New errors – Error logs that comply with the query parameters and were not classified prior to the query time

Top errors – Most common error types that comply with the query parameters

Here is a description of the API calls’ structure (make sure to select the correct Route address for your Account region):



Route address
https://api.coralogix.com/api/v1/external/insights
https://api.coralogix.us/api/v1/external/insights
https://api.app.coralogix.in/api/v1/external/insights
https://api.eu2.coralogix.com/api/v1/external/insights
https://api.coralogixsg.com/api/v1/external/insights
HTTP methodPOST
AuthorizationBearer {Alerts & Rules API Key taken from settings}
HeadersContent-Type - application/json
AttributeTypeMandatoryPossible values
applicationNameArray of stringsNoAny string representing one of the account appName
subsystemNameArray of stringsNoAny string representing one of the account subsystemName
tagNameStringCan't be defined together with startDate and endDateAny string representing one of the account tag name
startDateInteger - UNIX time in milliseconds
Only if tagName is no definedMust be later than 1546300800000
Which represents 1/1/2019 00:00:00
endDateInteger - UNIX time in milliseconds
Only if tagName is no definedCan’t be later than the present time
typeStringYesValue must be one of:
[“new”, “top”, “suspected” ]
orderStringNo - The value by default is “desc”
This attribute can be changes only when type is “top”
If given, value has to be one of:
[“asc”, “desc” ]
severityArray of stringsNo - default will be
[“error”, “warning”, “critical”]
Value of th array elements must be one or more of: [“error”, “warning”, “critical”]

Notes:

  1. startDate and endDate have to be defined together.
  2. User cannot send tagName together with dates as the dates associated with the tag will be used
  3. The difference between endDate and startDate cannot be more than 7 Days

In the following example, the request is for the top five errors in descending order:

{
  "startDate": 1594863720000,
  "endDate":1594950068912,
  "type": "top",
  "order":"desc"
}

The result is a structure that starts with:

{
"totalCount": 47042,
and continues with an array that includes the top 5 templates. For each template there will be count, ratio, metadata that was used for classification and a log example with place holder values:
 
"topFiveTemplates": [
   {
     "count": 6780,
     "ratio": "14.41%",
     "metadata": {
         "applicationName": "w3wp",
         "category": "Error",
         "className": "Staging",
         "methodName": "",
         "severity": "ERROR",
         "subsystemName": "LPAPI-Imperial Palace"
        },
    "logExample": {
        "IP": "34.206.252.45",
        "postal_code": "20149",
        "transaction": "123456789",
        "user":"AR23456",
        "duration":25967
    }
}

In a similar fashion, “new” and “suspected” type transaction will return a count and an array of appropriate logs. 

Here is an example of using curl command to call the API. This example retrieves newly introduced errors associated with the tag ‘test”:

curl -H 'Authorization: Bearer 'your-private-key' -H "Content-type: application/json" -d '{"tagName": "test","type": "new"}' https://api.coralogix.com/api/v1/external/insights

On this page