Entity types
Notification Center sends notifications based on entity types. An entity type is a Coralogix component that can generate a notification request, such as an alert or a case. Each entity type contains one or more entity subtypes, which define the structure and schema of its notifications.
Notification Center currently supports two entity types: Alerts and Cases.
Work with alert entities
Alert entities generate notifications when alert conditions are met. Each alert subtype defines the schema used to format the notification.
Supported alert subtypes
| Source | Type | Condition | Status | Description |
|---|---|---|---|---|
| Logs | LOGS_IMMEDIATE | — | Triggered / Resolved | Alert immediately when a log of interest is detected. Docs |
| Logs | LOGS_THRESHOLD | More than / Less than | Triggered / Resolved | Alert when the sum of logs crosses a predefined threshold. Docs |
| Logs | LOGS_RATIO_THRESHOLD | More than / Less than | Triggered / Resolved | Alert when the ratio between two log queries reaches a set threshold. Docs |
| Logs | LOGS_TIME_RELATIVE_THRESHOLD | More than / Less than | Triggered / Resolved | Alerts when a fixed ratio reaches a set threshold compared to a past time frame. Docs |
| Logs | LOGS_ANOMALY | More than usual | Triggered / Resolved | Alert when a log crosses an AI-generated baseline. Docs |
| Logs | LOGS_NEW_VALUE | — | Triggered | Alert on a newly detected value in a time series. Docs |
| Logs | LOGS_UNIQUE_COUNT | More than | Triggered | Alert based on a unique value count per key. Docs |
| Metrics | METRIC_THRESHOLD | More than / Less than / More than or equals / Less than or equals | Triggered / Resolved | Alert when a metric crosses a predefined threshold. Docs |
| Metrics | METRIC_ANOMALY | More than usual / Less than usual/ | Triggered /Resolved | Alert when a metric crosses an AI-generated baseline. Docs |
| Tracing | TRACING_IMMEDIATE | — | Triggered | Alert immediately when span duration exceeds a set latency. Docs |
| Tracing | TRACING_THRESHOLD | More than | Triggered | Alert when trace latency crosses a predefined threshold. Docs |
| Flow | FLOW | — | Triggered / Resolved | Alert when any combination of alerts occur in a specific sequence within a defined timeframe. Docs |
All supported alert subtypes, including EntityType and EntitySubType, are listed in the Alerts API
Access alert schema references
- General reference
- Context reference: Describes the
_contextvariable for metadata such as trigger details.
See Dynamic templating
Work with Case entities
Case entities track and manage correlated events in Coralogix. When Case lifecycle events occur, Notification Center generates notification requests that can be routed to external destinations.
Supported Case subtypes
| Entity | Subtype | Status | Description |
|---|---|---|---|
| Cases | CREATED | OPEN | A Case has been created and is open. |
| Cases | ACTIVE | OPEN | The Case is active and remains open. |
| Cases | ACTIVE | ACKNOWLEDGED | The Case has been acknowledged. |
| Cases | RESOLVED | CLOSED | The Case is resolved and closed, with optional resolution metadata. |
All supported Case subtypes are listed in the Cases API.
Notification triggers
Case routing rules support specific lifecycle triggers that control when notifications are sent:
| Trigger | When it fires |
|---|---|
| Activated | Impact is confirmed and the Case becomes active |
| Acknowledged | Someone takes ownership of the Case |
| Resolved | Underlying indicators are healthy and the Case is resolved |
| Closed | Follow-ups are complete and the Case is fully finished |
| Priority changed | The Case priority level is updated |
| Assignee changed | The Case is assigned or reassigned |
Alert routing rules support two triggers: Triggered (when the alert condition is detected) and Resolved (when the condition returns to normal).
Routing and Ownership Tags
Cases use Ownership Tags — environment, service, and team — for routing. These are the same attributes used in Infra Explorer Ownership Tags, so labels already defined on your infrastructure carry through to notification routing.
Unlike alerts, which use explicit routing.<key>: <value> labels, Cases inherit their routing labels from the Ownership Tags assigned to the underlying infrastructure.
Access Case schema references
- General reference: Alert Schema
- Context reference: Describes the
_contextvariable for Case notifications. See Dynamic templating