Skip to content

Immediate notifications

Open in ChatGPT Open in Claude

An immediate log alert notifies you on every log that matches your query, the moment it arrives. There is no aggregation window and no count threshold: each matching log fires the alert on its own. Use this type when a single occurrence already matters, for example a fatal error, a failed deployment, or a security-relevant event.

What you need

  • Access to Coralogix with permission to create alerts
  • Logs ingesting into Coralogix
  • A query that isolates the events worth waking someone for

Create the alert

Go to Alerts, then select Create alert. The alert creation wizard opens on the Query step.

Query step

In the wizard, select the Immediate alert type, then define the log signal Coralogix evaluates.

  • Write a Lucene query that matches only the events you want to be notified about.
  • Narrow the results with filters such as application, subsystem, severity, or tag.

Because the immediate type fires on each matching log as it arrives, the query is the whole definition of the alert: there is no window to aggregate over and no count to reach. Keep the query tight, since every match produces a notification.

Condition step

The Immediate type has no threshold and no evaluation window to configure. Each matching log satisfies the condition on its own, so the Condition step is minimal.

  • Priority: assign P1 through P5. Priority drives routing decisions in the Notification step.
  • Group by (optional): evaluate separately for each combination of label values. Only logs that contain all selected fields are considered. Group by also controls whether matches open a combined or separate case, which you confirm in the Details step.

Set routing and naming

Set routing and naming in the alert creation wizard Notification and Details steps.

When everything is in place, select Create alert. The alert becomes active within 15 minutes.

Limitations

  • Immediate log alerts do not support arrays in queries.
  • New and edited alerts can take up to 15 minutes to become active.
Configure alert definitionNotification CenterCasesIncidents

Next steps

Detect previously unseen values in your logs with New value alerts.

Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.
Previous Dataset alerts
Next New value alerts