Skip to content

Cases

Coralogix Cases is a unified incident management solution that transforms how teams detect, triage, and resolve both performance and security issues. While traditional incidents in Coralogix surface individual alert triggers, Cases go further by grouping related alerts into meaningful incidents, adding rich context, and streamlining response across your stack.

With Cases, you don't just see triggered alert events, you see the full picture. Every Case is built from related logs, metrics, traces, and security signals. Instead of jumping between dashboards, you get a curated triage view that helps teams understand and act quickly.

How is it different from Incidents?

The Incidents feature in Coralogix shows alerts as they come in, grouped by alert definition or time. It’s reactive and often noisy. Cases takes this to the next level with:

  • Alert aggregation: Related alerts are automatically grouped into a single Case based on service, time window, topology, or tags.
  • Curated triage dashboards: Every Case comes with a pre-built view showing logs, traces, metrics, and security alerts in one place.
  • Smart Routing: Case notification are routed to the right team based on ownership labels like service, environment, or group.
  • ITSM Integration: Cases sync bi-directionally with tools like ServiceNow and Jira Service Management, so updates happen in both systems.
  • AI Insights: In supported environments, AI Assistant can suggest likely root cause, remediation steps, etc. to help teams investigate faster.

In short, Cases are not just grouped alerts, they’re intelligent, contextual incidents built to reduce noise, speed up resolution, and drive accountability.

Why use Cases?

Many teams today struggle with alert fatigue and the use of fragmented tools. You may be seeing dozens of alerts for the same underlying issue, routing noise to multiple teams, or bouncing between dashboards to find answers.

Cases solves that. Here's how:

  • Fewer, more meaningful alerts: Instead of 20 alerts for one outage, you get one Case that captures the whole issue.
  • Faster triage: Get all relevant telemetry in one view, no more pivoting between tools.
  • Team accountability: Cases route directly to the right owner, based on service or team metadata.
  • Smarter response: Integrated runbooks, comments, timelines, and resolution tracking make it easy to collaborate and resolve quickly.
  • ITSM alignment: Cases stay in sync with ServiceNow or Jira so your tickets reflect the real state of the issue.

Cases provide immediate noise reduction and operational clarity, while working with your existing alert rules. You gain a consolidated, contextual view of alerts without needing to redesign your entire alerting setup.

How to get started with Cases

Enable Cases

If you're an existing Coralogix customer, Cases may already be enabled on your account. If not, reach out to your Coralogix representative to turn it on.

Cases work alongside your existing alerts and Notification Center setup, so you don’t have to change everything at once.

Set up Case rules

Each Case is created from one or more alert rules using a Case rule.

You can map a single alert rule to a Case, or combine multiple rules into one Case based on:

  • Time windows
  • Service or team tags
  • Alert entity labels (like severity or component)

You can define these mappings in the UI or via API.

Route by ownership

Use metadata in your alert rules (like team, service, or env) to ensure Cases are delivered to the right team automatically.

Routing can be configured in the Notification Center, using Slack, PagerDutyd, or webhooks.

Connect with your ITSM system (optional)

Cases integrate bi-directionally with:

  • ServiceNow
  • PagerDuty (coming soon)

That means updates in Coralogix show up in your ITSM and vice versa. A Case resolved in ServiceNow is resolved in Coralogix too.

Tune and optimize

As you use Cases, you’ll notice patterns:

  • Which alerts tend to group together
  • Which tags help route most effectively
  • Which services generate noise

You can adjust your rules, filters, or thresholds to improve over time. The goal is fewer alerts, more clarity, and faster fixes.

What does a typical workflow look like?

Let’s say your database goes down.

  1. Multiple alert rules fire, service latency, pod crash, HTTP errors.
  2. Coralogix automatically groups them into a single Case: Database Outage.
  3. The Cases dashboard shows the logs and traces from the affected service, plus recent deployments.
  4. The Case notification is routed to the backend team on Slack and creates a Jira incident.
  5. The team investigates using the triage dashboard, adds comments, and resolves the issue.
  6. Resolution is synced across Coralogix and Jira, and the Case is closed.

Instead of managing 10 alerts and 2 tickets, you manage one Case with everything you need.

Who should use Cases?

  • SREs and platform engineers looking to reduce alert fatigue
  • Security teams who want consolidated threat views
  • DevOps teams needing faster incident triage
  • IT and support teams integrating with ServiceNow or Jira
  • Engineering leaders tracking MTTR, recurring issues, and reliability KPIs

Coralogix Cases gives your team a smarter way to handle incidents. With fewer alerts, better context, and automated workflows, you spend less time chasing noise and more time fixing what matters.

Home
User Guides
DataPrime
Integrations
OpenTelemetry
Developer Portal