Coralogix Terraform Provider

The Coralogix Terraform Provider is used to interact with Coralogix resources using terraform. The definitions of those resources can be managed by source code management tools, which means that the process for modifying Coralogix rules and alerts can be the standard code review process applied to application changes. This is a massive win on all fronts: better auditing, better change management, easier rollbacks, and more.

The Coralogix provider supports and allows you to manage two types of resources, your Coralogix rules and alerts.

Requirements

Terraform installed.

Installation

Terraform 0.13 and later:

terraform {
  required_providers {
    coralogix = {
      source  = "coralogix/coralogix"
      version = "1.0.2"
    }
  }
}

# Configure the Coralogix Provider
provider "coralogix" {
    api_key = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

Terraform 0.12 and earlier:

# Configure the Coralogix Provider
provider "coralogix" {
    api_key = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

Argument Reference

The following arguments are supported within the provider block:

  • url – (Optional) This is the Coralogix API URL. It is optional, but it can be sourced from the CORALOGIX_URL environment variable (Default: https://api.coralogix.com/api/v1).
  • api_key – (Required) This is the Coralogix API key. It must be provided, but it can also be sourced from the CORALOGIX_API_KEY environment variable.
  • timeout – (Optional) This is the Coralogix API timeout. It is optional, but it can be sourced from the CORALOGIX_API_TIMEOUT environment variable (Default: 30).

To allow interaction with Coralogix API you need to configure Coralogix provider with an API key. To generate your API key goto Settings –> Account –> “API Access” and generate a new Alerts & Rules API key.

** Note that only admin users have access to the API, So the option above will be visible only to admin users.

Log parsing rules

Log parsing rules can be defined using Coralogix rules and rules group resources via Terraform. Please read the log parsing rules tutorial for more information about Coralogix parsing rules.

Coralogix rules group

Use this data source to retrieve information about a Coralogix Rules Group.

Example Usage

data "coralogix_rules_group" "rules_group" {
    rules_group_id = "e10ef9d1-36ab-11e8-af8f-02420a00070c"
}

Argument Reference

Attribute Reference

  • name – Rules Group name.
  • order – Rules Group order number.
  • enabled – Rules Group state.
  • rules – Rules Group rules list.

Use the Coralogix Rules Group resource to create, update, and delete Rules Groups.

Example Usage

# Create "My Group" Rules Group
resource "coralogix_rules_group" "rules_group" {
    name    = "My Group"
    enabled = true
}

Argument Reference

  • name – (Required) Rules Group name.
  • enabled – (Optional) Rules Group state.

Attribute Reference

  • order – Rules Group order number.

Import

Rules Groups can be imported using their ID.

$ terraform import coralogix_rules_group.rules_group <rules_group_id>

Coralogix rules

Use this data source to retrieve information about a Coralogix Rule.

Example Usage

data "coralogix_rule" "rule" {
    rule_id        = "e1a31d75-36ab-11e8-af8f-02420a00070c"
    rules_group_id = "e10ef9d1-36ab-11e8-af8f-02420a00070c"
}

Argument Reference

Attribute Reference

Each rule_matcher block exports the following:

Use the Coralogix Rule resource to create, update, and delete Rules.

Example Usage

# Create "My Rule" Rule
resource "coralogix_rule" "example" {
    rules_group_id = "e10ef9d1-36ab-11e8-af8f-02420a00070c"
    name           = "My Rule"
    type           = "extract"
    description    = "My Rule created with Terraform"
    expression     = "(?:^|[\\s\"'.:\\-\\[\\]\\(\\)\\{\\}])(?P<severity>DEBUG|TRACE|INFO|WARN|WARNING|ERROR|FATAL|EXCEPTION|[I|i]nfo|[W|w]arn|[E|e]rror|[E|e]xception)(?:$|[\\s\"'.:\\-\\[\\]\\(\\)\\{\\}])"

    rule_matcher {
        field      = "text"
        constraint = "(?:^|[\\s\"'.:\\-\\[\\]\\(\\)\\{\\}])(?P<severity>DEBUG|TRACE|INFO|WARN|WARNING|ERROR|FATAL|EXCEPTION|[I|i]nfo|[W|w]arn|[E|e]rror|[E|e]xception)(?:$|[\\s\"'.:\\-\\[\\]\\(\\)\\{\\}])"
    }
}

Argument Reference

  • rules_group_id – (Required) Rules Group ID.
  • name – (Required) Rule name.
  • type – (Required) Rule type, one of the following: extractjsonextractparsereplaceallowblock.
  • description – (Optional) Rule description.
  • enabled – (Optional) Rule state.
  • rule_matcher – (Optional) A rule_matcher block as documented below.
  • expression – (Required) Rule expression. Should be valid regular expression.
  • source_field – (Optional) Rule source field.
  • destination_field – (Optional) Rule destination field.
  • replace_value – (Optional) Rule replace value.

Each rule_matcher block should contain the following:

  • field – (Required) Rule Matcher field.
  • constraint – (Required) Rule Matcher constraint.

Attribute Reference

  • order – Rule order number.

Import

Rules can be imported using their ID.

$ terraform import coralogix_rule.rule <rules_group_id>/<rule_id>

Alerts

Coralogix alerts can be defined using Coralogix alert resource via Terraform. To learn more about the different alert types, read the following tutorials:

Coralogix alert

Use this data source to retrieve information about a Coralogix Alert.

Example Usage

data "coralogix_alert" "alert" {
    alert_id        = "3dd35de0-0e10-11eb-9d0f-a1073519a608"
}

Argument Reference

Attribute Reference

Provides the Coralogix Alert resource. This allows Alert to be created, updated, and deleted.

Example Usage

# Create "My Alert" Alert
resource "coralogix_alert" "example" {
    name     = "My Alert"
    severity = "info"
    enabled  = true
    type     = "text"
    filter {
        text         = ""
        applications = []
        subsystems   = []
        severities   = []
    }
    condition {
        condition_type = "more_than"
        threshold      = 100
        timeframe      = "30MIN"
    }
    notifications {
        emails = [
            "user@example.com"
        ]
    }
}

Argument Reference

  • name – (Required) Alert name.
  • type – (Required) Alert type, one of the following: textratio.
  • severity – (Required) Alert severity, one of the following: infowarningcritical.
  • enabled – (Required) Alert state.
  • filter – (Required) A filter block as documented below.
  • condition – (Optional) A condition block as documented below.
  • notifications – (Optional) A notifications block as documented below.

Each filter block should contain the following:

  • text – (Optional) String query to be alerted on.
  • applications – (Optional) List of application names to be alerted on.
  • subsystems – (Optional) List of subsystem names to be alerted on.
  • severities – (Optional) List of log severities to be alerted on, one of the following: debugverboseinfowarningerrorcritical.

Each condition block should contain the following:

  • condition_type – (Required) Alert condition type, one of the following: less_thanmore_thanmore_than_usualnew_value.
  • threshold – (Required) Number of log occurrences that are needed to trigger the alert.
  • timeframe – (Required) The bounded time frame for the threshold to be occurred within, to trigger the alert.
  • group_by – (Optional) The field to group by on.

Each notifications block should contain the following:

  • emails – (Optional) List of email addresses to notify.
  • integrations – (Optional) List of integration channels to notify.

Import

Alerts can be imported using their ID.

$ terraform import coralogix_alert.alert <alert_id>