`alerts.history`

Purpose

The alerts.history dataset serves to track the complete history of alert events. It records the lifecycle of alerts, including when they are triggered, their status, priority, and other related metadata. This dataset is vital for monitoring, auditing, and analyzing alert patterns across your environment. It enables users to track alert activity over time, review historical alerts, and ensure that alerts are being managed effectively.

Schema description

Full JSON path	Field data type	Field data example	description
`alert.alertDataUrl`	String (URL)	`"https://coralogix.com/#/insights?id=76c411be-gg4d-4fb1-a987-5fce042deaaf"`	Link to the incident page for this alert.
`alert.groupingKey`	String	`"cpu.usage[host=db-01]"`	Used as the deduplication key.
`alert.groups`	Array/Object	`[{"keyValues":{"resource":{"attributes":{"Team":"SRE"}},"coralogix":{"metadata":{"subsystemName":"payments-api"}}}}]`	List of alert groups associated with the alert (including priority and key-values).
`alert.groups.keyValues`	Object	`{"resource":{"attributes":{"Team":"SRE"}},"coralogix":{"metadata":{"subsystemName":"payments-api"}}}`	Key-value pairs associated with the alert group.
`alert.groups.keyValues.resource`	Object	`{"attributes":{"Team":"SRE"}}`	Resource section of the group key-values.
`alert.groups.keyValues.resource.attributes`	Object	`{"Team":"SRE"}`	Resource attributes map.
`alert.groups.keyValues.resource.attributes.Team`	String	`"SRE"`	Team name extracted from resource attributes.
`alert.groups.keyValues.coralogix`	Object	`{"metadata":{"subsystemName":"payments-api"}}`	Coralogix-specific metadata container.
`alert.groups.keyValues.coralogix.metadata`	Object	`{"subsystemName":"payments-api"}`	Additional metadata for the alert group.
`alert.groups.keyValues.coralogix.metadata.subsystemName`	String	`"payments-api"`	Subsystem/service name tied to the alert.
`alert.id`	String	`"a1b2c3d4e5"`	Unique identifier of the alert (use to construct alert URLs).
`alert.priority`	String	`"P1"`	Priority level of the alert group.
`alert.status`	String	`"Triggered"`	Current status of the alert (e.g., `Triggered`).
`alert.timestamp`	Number (ns since epoch)	`1753910400000000000`	Timestamp indicating when the alert was triggered.
`alertDef.alertVersionId`	String	`"v-2025-08-01-3"`	Version ID associated with the alert definition.
`alertDef.createdTime`	Number (ns since epoch)	`1753305600000000000`	Timestamp when the alert definition was created.
`alertDef.description`	String	`"CPU usage exceeds 85% for 5 minutes"`	Textual description of the alert definition.
`alertDef.entityLabels`	Array\	`["host","region"]`	Labels associated with the alert definition.
`alertDef.groupByKeys`	Array\	`["host","region"]`	Keys by which the alert is grouped.
`alertDef.id`	String	`"alertdef-123"`	Unique identifier of the alert definition.
`alertDef.incidentSettings`	Object	`{"notifyOn":"Triggered"}`	Configuration related to incident settings.
`alertDef.incidentSettings.notifyOn`	String	`"Triggered"`	Notification setting for the alert definition.
`alertDef.name`	String	`"CPU Usage Alert"`	Name of the alert definition.
`alertDef.priority`	String	`"P1"`	Priority level of the alert definition.
`alertDef.retriggeringPeriod`	Number (minutes)	`5`	Time after which the alert can be retriggered.
`alertDef.status`	String	`"Active"`	Current status of the alert definition.
`alertDef.type`	String	`"metricThreshold"`	Type of the alert definition.
`alertDef.updatedTime`	Number (ns since epoch)	`1753910400000000000`	Timestamp when the alert definition was last updated.

`alerts.history` schema

{ alert

Represents the alert details, including timestamp, ID, status, and group information.

alertDataUrl

Link to the incident page (e.g., https://coralogix.com/#/insights?id=76c411be-gg4d-4fb1-a987-5fce042deaaf).

groupingKey

Used as the deduplication key.

{ groups

List of alert groups associated with the alert (including priority and key-values).

[ groups[n]

keyValues

Key-value pairs associated with the alert group; e.g., "team": "{{alert.groups[0].keyValues.resource.attributes.Team}}" or "service":"{{alert.groups[0].keyValues.coralogix.metadata.subsystemName}}"

{ resource

{ attributes

Team

}

{ coralogix

{ metadata

subsystemName

}

]

}

id

Unique identifier of the alert. Use it to create an alert URL in your notification; e.g., "alert_url": "https://teamname-prod.app.eu2.coralogix.com/#/alerts/{{alert.id}}"

priority

Priority level of the alert group (e.g., "P1").

status

Current status of the alert (e.g., "Triggered").

timestamp

The timestamp indicating when the alert was triggered.

}

{ alertDef

Defines the alert configuration, including name, description, groupings, incident settings, and priority.

alertVersionId

The version ID associated with the alert definition.

createdTime

The timestamp when the alert definition was created.

description

A textual description of the alert definition.

entityLabels

Labels associated with the alert definition (e.g., host, region).

groupByKeys

List of keys by which the alert is grouped (e.g., host, region).

id

The unique identifier of the alert definition.

{ incidentSettings

Configuration related to incident settings (e.g., retriggering period).

notifyOn

Notification setting for the alert definition (e.g., "Triggered").

}

name

Name of the alert definition (e.g., "CPU Usage Alert").

priority

Priority level of the alert definition (e.g., P1).

retriggeringPeriod

Time in minutes after which the alert can be retriggered.

status

Current status of the alert definition.

type

Type of the alert (e.g., "metricThreshold").

updatedTime

The timestamp when the alert definition was last updated.

}

Previous aaa.audit_events

Next cases

alerts.history

Purpose

Schema description

alerts.history schema

`alerts.history`

`alerts.history` schema