Skip to content

The system Dataspace

The system dataspace provides powerful visibility into the structure, behavior, and configuration of your organization’s data. You can track how schemas evolve, review alert activity, and inspect audit events — all of which support debugging, auditing, and operational insight.

Unlike user-defined dataspaces, the system dataspace is maintained by Coralogix and contains internal metadata related to your environment.

Note

Logs generated by Coralogix for the system dataspace count toward your daily quota. However, these datasets typically contain low-volume data, so performance and cost impact should be minimal.

Overview

The system dataspace sits apart from general user-generated dataspaces. It contains datasets defined by Coralogix, and is designed to help you understand how your data is structured, how alerts behave over time, and how your environment is changing internally.

You can access this dataspace just like any other in DataPrime using the source keyword:

source system/engine.schema_fields

Key datasets within system

Example: Filtering schema changes

Using DataPrime the engine.schema_fields dataset can be queried to find datasets with P1 alerts that have changed structure recently:

source system/engine.schema_fields
| filter alert.priority == "P1"

Query behavior and capabilities

All system datasets support full DataPrime functionality — you can filter, aggregate, group, and visualize them like any other dataset. This makes them suitable for use in:

  • Explore queries
  • Custom Dashboards
  • Automated reports

These datasets are especially valuable when paired with historical analysis tools or anomaly detection logic, such as tracking the rate of schema change or alert frequency over time.

Learn more

Previous The Default Dataspace
Next aaa.audit_events