Metric alerts allow users to be notified based on metric behavior. Common use cases are average CPU or memory utilization above a value within a time period, business yield that is lower on average, or a response time 90th percentile that gets too low. Metric alerts can be defined using Logs2Metrics metric fields or metrics that are imported from Prometheus.
In order to create a ‘metric alert’ start a new alert and choose the ‘Metric alert’ type.
Choose a field to alert on by clicking on the ‘Alert if’ field in the ‘Conditions’ section. This will open a dropdown list including all Logs2Metrics and Prometheus indices metric fields . The section headers are ‘PROMETHEUS METRIC FIELDS’ and ‘LOGS2METRICS METRIC FIELDS’).
If the list is empty or has only one of these two sections (Prometheus and Logs2Metrics) it means that you don’t have an integration with Prometheus or a Logs2Metrics definition in the account.
You can define a query. This query uses the same syntax as the log screen queries and is querying the index defined by the chosen metric field. If it is a Logs2Metrics field the queried index is the one ending with ‘log_metrics*’. If it is a Prometheus field, the queried index is the one that ends with new_metrics*.
The following example will filter out all the Logs2Metrics index documents with aggregated ‘Average-number-of-requests.avg’ with value under 200, and will not take them into account when calculating the trigger for the alert.
The Arithmetic section defines the type of alert metric calculation to be applied.
The following values complete the trigger definition. For example the following selection
Alert if Average-number-of-requests minimum’ is more than 200 for over 80% of the metric sample points in the last 10 minutes.
‘Replace missing values with 0’ option will replace missing sample points with the value 0.
The following selection helps prevent false positives:
The ‘Group by’ option is common to different Coralogix alert. If a field is selected (examples are geography, username, host etc.) The alert condition will be applied per unique value of the selected field instead of globally. The alert notification will list all values that the condition was fulfilled for. Remember that the ‘Group by’ field is taken from the applicable index. It will be either Prometheus or Logs2Metrics labels.
Notification content is a list of fields from the applicable documents in the applicable index.
You can go to the “Insights” tab and find information about different alerts triggering events. For a metric alerts you will see a graph describing the event. Clicking on ‘View Related Logs’ will take you to the log screen. The log screen will include logs if they have ‘high’ TCO designation. Medium and Prometheus logs will not be shown.
Snooze alerts was made for those cases where the alert was triggered and handled and there’s no need for further notifications while you are focused in resolving the issue
Snooze or disable snooze
Snoozed alert tooltip: