On this page

• Start Free Trial
• Management screen
• Investigations modal
• Select an event to create an investigation

Create an Investigation

You can create an investigation in the following ways:

• From the Investigations Management screen

• From the Investigations popup modal

• By selecting an event to create an investigation

Management screen

To start a new investigation, click the detective hat icon in the top-right corner of your Coralogix toolbar and select Manage investigations. This redirects you to the Investigations Management screen, where you can click + Create investigation to begin.

Enter the details in the Investigations Overview, choose the exposure mode (private/public), invite participants in the Participants tab, and click Create. Your new investigation will then appear in the investigation management screen.

Investigations modal

To access all investigations you have created or been invited to, click the detective hat icon in the upper-right corner of the Coralogix toolbar and select View investigations. This opens a popup modal displaying details of the most recent investigation you accessed, without navigating away from your current platform location.

Create a new investigation directly from this modal by clicking the + icon.

Select an event to create an investigation

Suspicious activity requiring investigation may arise from various events, such as an unusual log activity, an alert indicating an abnormal metric, or a dashboard widget showing an unexpected spike. These events can take multiple formats and originate from within or outside the Coralogix platform.

To create an investigation, select one or more event objects within Coralogix, such as:

• A log in Explore

• An incident in the Incidents screen

• A widget in Custom Dashboards

• An alert in Alert Explorer

Then, click Add to investigation > New investigation.

In the popup modal that appears, fill in the Investigations Overview details and click Create. You can optionally add an explanation for the selected object(s) and send it. Each object will be added individually to the investigation timeline based on its timestamp.

You can also create an investigation from the Real User Monitoring (RUM) Error Tracking screen by selecting one or more error templates.

Alternatively, select a single error template and click the Comments button. Adding the first comment will automatically create an investigation. Learn more about RUM comments.

Previous Required Permissions

Next Conduct an Investigation