Alerts

Manage the full lifecycle of Coralogix alerts directly from your AI agent. The MCP server provides tools to create, retrieve, update, and delete alerts—and generate infrastructure-as-code definitions from any alert configuration.

Unlike read-only approaches, these tools give you complete control over alert configurations from your AI agent. Combined with IaC generation, go from a natural-language prompt to a Terraform module or Kubernetes manifest in a single conversation.

Tools

Tool	Description
`create_alert`	Create a new alert. The agent always asks you to specify a priority (P1–P5) before creating.
`get_alert`	Retrieve a specific alert by ID.
`list_alerts`	List alerts with an optional case-insensitive name filter.
`update_alert`	Update an existing alert.
`delete_alert`	Delete an alert by ID.

Supported alert types

The tools support all 12 Coralogix alert types:
Alert type Key
Logs Threshold logsThreshold
Logs Anomaly logsAnomaly
Logs Immediate logsImmediate
Logs New Value logsNewValue
Logs Ratio Threshold logsRatioThreshold
Logs Time-Relative Threshold logsTimeRelativeThreshold
Logs Unique Count logsUniqueCount
Metric Threshold metricThreshold
Metric Anomaly metricAnomaly
Tracing Immediate tracingImmediate
Tracing Threshold tracingThreshold
SLO Threshold sloThreshold

Example prompts

Create an alert

Create a P2 logs threshold alert that fires when the error count
in the payment-service exceeds 100 in a 5-minute window.

List and filter alerts

List all alerts with "latency" in the name.

Update an alert

Change the threshold on my "API Error Rate" alert from 100 to 50.

The agent retrieves the alert first, then applies your changes.

Delete an alert

Delete the alert named "Legacy - Disk Usage".

Create an alert and generate Terraform

Create a metric anomaly alert for CPU usage on the checkout service,
then generate the Terraform HCL so I can add it to my IaC repo.

Important behaviors

Priority is always user-specified. The agent prompts you for a priority level (P1–P5) before creating an alert. It does not assign a default.
Update requires retrieval first. To update an alert, the agent retrieves the current configuration using get_alert or list_alerts, then applies your changes.
Full type coverage. Every alert type available in the Coralogix platform has a dedicated schema, giving you the same granularity as the UI.

Need help? Contact Support.

What's new? Find out here.

LLM? Read llms.txt.

Previous Reference

Next Parsing rules

Alert type	Key
Logs Threshold	`logsThreshold`
Logs Anomaly	`logsAnomaly`
Logs Immediate	`logsImmediate`
Logs New Value	`logsNewValue`
Logs Ratio Threshold	`logsRatioThreshold`
Logs Time-Relative Threshold	`logsTimeRelativeThreshold`
Logs Unique Count	`logsUniqueCount`
Metric Threshold	`metricThreshold`
Metric Anomaly	`metricAnomaly`
Tracing Immediate	`tracingImmediate`
Tracing Threshold	`tracingThreshold`
SLO Threshold	`sloThreshold`