Request Demo
Tutorials

Tutorials

Dynamic Alerts

The power and value that’s embedded in logs are reflected by the status and behavior of our applications and infrastructure. Many times we would like to be alerted when the application or its components show abnormal behavior. This behavior can be reflected by the application sending some logs at a higher than usual volume.

Figuring out exactly what ‘higher than usual’ means, or in other words, setting the threshold value at which the alert should trigger can be a daunting task. This is especially true regarding highly variable data.

The value of a threshold in certain cases may need to change based on the time of day or day of the week to adjust for “expected” changes. Thresholds may even need to be changed over the course of a longer period of time to accommodate for natural changes to application usage trends.

Coralogix Dynamic Alerts enable you to detect abnormal behavior automatically – without having to set a fixed threshold value. Dynamic Alerts rely on Coralogix ML algorithms to continuously analyze your application’s behavior.

 

Dynamic Alert Examples

Use Case 1: Too Many Unsuccessful Logins

Many times the security team would like to know if there were too many unsuccessful logins in a time period. 

Alert Filter: event.action:”user_login” NOT event.outcome:success

Alert Condition:  ‘more than usual’

Use Case 2: Increase in ELB WAF errors

ELB is an AWS load balancer. This alert identifies if a specific ELB generates 403 errors more than usual. A 403 error results from a request that is blocked by AWS WAF, Web Application Firewall. 

Alert Filter:

elb:”app/my-loadbalancer/50dc6c495c0c9188” AND elb_status_code:”403”

Alert Condition: ‘More than usual’

 

Use Case 3: Long Connection Time

Many times ops would like to be alerted if connection times are unusually long. Here again, the Coralogix ‘more than usual” alert option will be very handy. 

Alert Filter:

connection_time:[2 TO *]

Alert Condition:  ‘more than usual’

It is most likely that you and/or your application monitoring team will find similar use cases beneficial. If you are already a Coralogix customer please start using this capability, if not go to our website and try this for free. If you have any questions please reach out to us at support@coralogix.com.

 

Start solving your production issues faster

Let's talk about how Coralogix can help you

Managed, scaled, and compliant monitoring, built for CI/CD

Get a demo

No credit card required

Get a personalized demo

Jump on a call with one of our experts and get a live personalized demonstration