Skip to content

The system Dataspace

The system dataspace provides powerful visibility into the structure, behavior, and configuration of your organization’s data. You can track how schemas evolve, review alert activity, and inspect audit events — all of which support debugging, auditing, and operational insight.

Overview

The system dataspace contains datasets defined by Coralogix, and is designed to help you understand how your data is structured, how alerts behave over time, and how your environment is changing internally.

You can access this dataspace just like any other in DataPrime using the source keyword:

source system/engine.schema_fields

system

Key datasets within system

DatasetDescription
alerts.historyTracks triggered alerts, including alert IDs, severity, linked dashboards, and responsible teams. Useful for alert triage and historical audit.
engine.queriesCaptures metadata about query executions.
engine.schema_fieldsContains schema snapshots for each dataset. This lets you inspect how the structure of a dataset (e.g., fields and types) has changed over time. Each snapshot includes a timestamp and a map of all fields present at that moment.
notification.deliveriesLogs delivery metadata for notifications (e.g., Slack, email, webhook) including timestamps and status. Helps diagnose why a team may not have received an alert.
notification.requestsEvent schema that captures each incoming notification request, to enable traceability, deduplication, and downstream delivery routing.

Example: Filtering schema changes

Using DataPrime the engine.schema_fields dataset can be queried to find datasets with P1 alerts that have changed structure recently:

source system/engine.schema_fields
| filter alert.priority == "P1"

Query behavior and capabilities

All system datasets support full DataPrime functionality — you can filter, aggregate, group, and visualize them like any other dataset. This makes them suitable for use in:

  • Explore queries
  • Custom Dashboards
  • Automated reports

These datasets are especially valuable when paired with historical analysis tools or anomaly detection logic, such as tracking the rate of schema change or alert frequency over time.


Learn more