Alerts
Manage the full lifecycle of Coralogix Alerts directly from your AI agent. The MCP server provides a unified tool to create, retrieve, update, and delete alerts—and generate infrastructure-as-code definitions from any alert configuration.
Go from a natural-language prompt to a deployed alert or an IaC module in a single conversation.
Tool
All alert operations are handled by a single unified tool: manage_alerts.
| Action | Description |
|---|---|
create | Create a new alert. The agent always asks you to specify a priority (P1–P5) before creating. |
get | Retrieve a specific alert by ID. |
list | List alerts with an optional case-insensitive name filter. |
update | Update an existing alert. The agent retrieves the current configuration first, then applies your changes. |
delete | Delete an alert by ID. If you only have the alert name, use list first to find the ID. |
generate_openapi | Generate the OpenAPI JSON payload for use with the Coralogix REST API. |
generate_kubernetes | Generate a Kubernetes Operator YAML manifest for the Coralogix Operator. |
generate_terraform | Generate Terraform HCL for the Coralogix Terraform Provider. |
IaC generation actions work with both existing and newly described alerts. To export an existing alert, retrieve it first with get or list, then pass it to the generation action. You can also describe an alert from scratch and generate IaC without creating it in Coralogix.
Supported alert types
The tool supports all 12 Coralogix alert types:
| Alert type | Key |
|---|---|
| Logs Threshold | logsThreshold |
| Logs Anomaly | logsAnomaly |
| Logs Immediate | logsImmediate |
| Logs New Value | logsNewValue |
| Logs Ratio Threshold | logsRatioThreshold |
| Logs Time-Relative Threshold | logsTimeRelativeThreshold |
| Logs Unique Count | logsUniqueCount |
| Metric Threshold | metricThreshold |
| Metric Anomaly | metricAnomaly |
| Tracing Immediate | tracingImmediate |
| Tracing Threshold | tracingThreshold |
| SLO Threshold | sloThreshold |
Example prompts
Create an alert
Create a P2 logs threshold alert that fires when the error count
in the payment-service exceeds 100 in a 5-minute window.
List and filter alerts
Update an alert
The agent retrieves the alert first, then applies your changes.
Delete an alert
Generate Terraform for a new alert
Generate Terraform HCL for a P2 logs threshold alert that fires when
error count exceeds 100 in 5 minutes for the payment-service.
Generate Terraform from an existing alert
The agent retrieves the alert, then renders the Terraform resource definition.
Generate Kubernetes YAML from an existing alert
Create and export in one conversation
Create a P3 logs threshold alert that fires when login failures exceed 50 in
10 minutes, then generate the Terraform HCL and Kubernetes YAML for it.
Bulk export
Important behaviors
- Priority is always user-specified. The agent prompts you for a priority level (P1–P5) before creating an alert. It does not assign a default.
- Update requires retrieval first. To update an alert, the agent retrieves the current configuration using
getorlist, then applies your changes. - IaC generation requires the full alert definition. For existing alerts, the agent retrieves the alert first. For new alerts, describe the configuration and the agent generates IaC without creating the alert in Coralogix.
- Full type coverage. Every alert type available in the Coralogix platform has a dedicated schema, giving you the same granularity as the UI.
Next steps
Manage log transformation during ingestion with Parsing Rules.