As data volumes grow and the number of alerts generated by logs, metrics, and security systems exponentially increase, one of the most powerful indicators of alert importance is the number of elements affected by it. Whether it’s the number of users who have encountered a 5XX error when calling an API, the number of Kafka consumer groups that returned errors, the number of CDN locations that are currently loading your site at more than 3 seconds, or the number of different passwords that a single user attempts to log in with to your cloud service console.
The problem with most alerts is that they describe the problem, though, in order to understand the severity or broadness of the issue, users need to drill into the data or rely on dashboards.
Unique Count Alert, alerts on the number of unique values inside a selected key that match a specific search criterion (AKA – The Cardinality of a specific key matched to a search).
Choose “Unique Count Alert” in the Coralogix alerts creation panel:
Define your alert search criteria:
Define the key to match to track its unique count. You can also choose to group by a specific log field to receive an alert if the unique count threshold was crossed per specific value of the group by field. This is very useful with security use cases, E.g. send an alert if a specific user (group by key) logged in to my system from more than 1 country (Unique count key) at the same time.
Note: The total amount of permutations for the unique count by key and group by key should not exceed 10k for the alert timeframe.
Once triggered, the alert will display the behavior of unique count per the selected key that matches search criteria, and list all the unique values that were discovered within the tracked key.
Like all alerts in Coralogix, Unique Value Alerts work without you having to store or index any of your logs, data is tracked and analyzed before stored. This allows you to get real-time and smart alerting without the costs of storage and reduce your observability costs by 70%.
Chat with us for any question, we answer in less than 2 minutes.