Coralogix reporter allows you to automate the generation of a periodic report that includes the formatted results of a predefined query. This report can be distributed automatically to a mailing list.
To define and set up a report go to AWS’s Serverless Application Repository and search for ‘Coralogix’. Click on the link to ‘Coralogix-Elasticsearch-Reporter’.
The application requires the following parameters:
- Verified AWS SES email/domain.
- CoralogixRegion – possible values are `Europe` or `India`. Choose Europe if your Coralogix account URL ends with .com` and India if it ends with `.in`
- Enabled – `true` when the report is active and `false` when it is inactive
- PrivateKey – can be found in your Coralogix account under `Settings` -> `Account` -> `API Access` -> `Elasticsearch API key`
- Query – Elasticsearch query
- Recipient – a list of comma-separated e-mails
- RequestTimeout – the Elasticsearch query timeout
- Schedule – CloudWatch rules schedule expression
- Subject – report email subject line
- Template – JMESPath expression to structure the Elasticsearch response
Don’t change the memory size and function timeout parameters. You can adjust the query timeout based on your needs.
Report example:
Queries the account every day at 08:00 to find mapping exceptions:
Elasticsearch query:
{"size":0,"query":{"bool":{"filter":[{"query_string":{"query":"_exists_:coralogix.failed_reason"}},{"range":{"coralogix.timestamp":{"gte":"now-24h","lt":"now"}}}]}},"aggs":{"exceptions":{"terms":{"field":"coralogix.failed_reason","size":20}}}}
Schedule:
cron(0 0 */8 ? * *)
Template:
aggregations.exceptions.buckets[*].{"Exception":key,"Count":doc_count}