Skip to content

Introduction to alerts

Coralogix alerts detect anomalies, notify teams of potential problems, and correlate incidents across logs, metrics, and traces. Powered by machine learning, alerts adapt to your system's behavior and proactively identify deviations from the norm.

Note

New to Coralogix? Get started by sending your data and setting up your first alert.

Why use alerting

Set up automated notifications that trigger when predefined conditions or thresholds are met across your systems, applications, or infrastructure:

  • Detect anomalies early --- identify issues in real time before they impact users
  • Reduce mean time to resolution --- respond faster with immediate, actionable notifications
  • Automate monitoring --- replace manual checks with condition-based alerts
  • Customize thresholds --- define conditions based on your system's specific behavior

How alerts are processed

Coralogix alerts are powered by Streama technology, which triggers alerts as part of the streaming process without prior indexing. This means alerts evaluate your data before storage decisions are made, giving you alerting value without the cost of frequent search indexing.

1.

Define alert rules. Specify conditions that trigger an alert---CPU thresholds, error patterns, latency spikes, or any metric deviation.

2.

Data is evaluated continuously. Coralogix processes incoming logs, metrics, and traces against your alert rules in real time.

3.

Alerts trigger and aggregate. When conditions are met, alerts fire. Similar alerts are aggregated and deduplicated to reduce noise.

4.

Notifications are sent. Alerts route to the Notification Center---Slack, PagerDuty, email, or custom webhooks. Unresolved alerts can escalate automatically.

5.

Incidents are tracked. Triggered alerts appear on the Incidents screen. Acknowledge, investigate, and resolve from one place.

Alert types

  • Threshold --- trigger when log volume crosses a set quantity threshold
  • Anomaly detection --- detect unusual patterns using machine learning
  • Immediate --- notify on every matching log event
  • Time relative --- compare current volume against a past time frame
  • Ratio --- alert when the ratio between two log queries crosses a threshold
  • Unique count --- trigger when distinct values in a field exceed a threshold
  • New value --- alert on the first occurrence of a previously unseen value
  • Dataset --- monitor specific datasets for threshold conditions
  • Threshold --- trigger when metric values exceed or fall below a threshold
  • Anomaly detection --- predict expected behavior and alert on deviations
  • Immediate --- notify on every matching metric event
  • Tracing alert --- alert on specific tags, services, or latency thresholds in traces
  • Flow alert --- trigger when a combination of alert events occurs in a specific sequence within a defined timeframe

Get started

1.

Sign up for a Coralogix account.

2.

Send your data using integration packages or browse all integrations. Deploy extension packages for predefined alerts, dashboards, and parsing rules.

3.

Configure an alert definition or use predefined alerts from extension packages.

4.

Monitor triggered alerts on the Incidents screen, route notifications through the Notification Center, or visualize alerts using the cx_alerts metric on a custom dashboard.

Automate with APIs

Manage alerts programmatically using the Alerts API. Create, query, update, and delete alert definitions through the API for dynamic alerting workflows.

Configure an alert definitionIncidentsCasesNotification Center

Support

Reach our customer success team 24/7 via the in-app chat or by email at [email protected].

Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.
Previous Knowledge Assistance
Next Configuring an Alert Definition