Coralogix’s ‘Time Relative’ alert is triggered when the ratio reaches a set threshold compared to the past time frame.
In many use cases, this alert enables you to detect a possible abnormal behavior within your system, automatically. A few examples of how to utilize ratio alerts:
Alert will be triggered when there is more errors than yesterday. Now comparing error rates between days can be done automatically.
Alert will be triggered when there is more delays in page load time than last hour. Many web applications have page load time fields and now it is possible to be automatically informed about issues with page loading.
Alert will be triggered when there is more NX domain name responses than last week.
Alert will be triggered when there is more than 3x admin logins than yesterday.
The ‘Time Relative’ alert can do the comparison of suspected behaviors for you. It allows you to focus only on dangerous issues.
Alert will be triggered when there is less purchased than same day last week
Alert will be triggered when there is less new user signups than last month
The ‘Time Relative’ alert can notify about trends changes earlier. No need to monitor it every day.
How to create ‘Time Relative’ alert?
1. Go to the Alerts tab, open a new alert, and name it. Then, select the ‘Time Relative’ alert type.
2. Enter a query that will identify the subsets of logs that will be tracked.
3. Set up the conditions. The condition supports either ‘more’ or ‘less’ than, for the ratio chosen in the Query now to the same query but from the time defined after compared to.
The ratio is Q1 (is the current status)/Q2 (is the history). For example:
The query returns for the last hour 180 error logs. The same query but in the different timeframe (e.g Previous hour) returns 60 error logs. It means the ratio is 3. If the ratio is More than 1 then the alert will be triggered as the threshold was reached.
Choose the timeframe and the time to compare to:
- Previous hour – compare the timeframe “now-1hour TO now” to “now-2hour TO now-1hour” (1 hour)
- Same hour yesterday – compare the timeframe “now-1hour TO now” to “now-25hours TO now-24hours” (1 hour)
- Same hour last week – compare the timeframe “now-1hour TO now” to “now-1week and 1 hour TO now-1week” (1 hour)
- Yesterday – compare the timeframe “now-24hours TO now” to “now-48hours TO now-24 hours” (24 hours)
- Same day last week – compare the timeframe “now-24hours TO now” to “now-8days TO now-7days” (24 hours)
- Same day last month – compare the timeframe “now-24hours TO now” to “now-29days TO now-28days” (24 hours)
4. The rest of the alert settings doesn’t change from the standard alert setup.
- Notify Every – with this option now you can control how many notification you get for any configured Alert in minutes, hours or both.
- Recipients – you choose who do you want to be notified, it could be an e-mail address, Slack room or custom webhook or all of them.
- Schedule – it could be always active or limit triggering to certain days and hours.
- Notification Content – you can choose what portion of the log you want to see when notified, ‘Full Log Text’ to be shown with the entire log or ‘Specific JSON Key’ to be shown with a specific key and its value (you can add multiple keys).
5. The final step is to click on the ‘Create alert’ button on the upper-right side of the screen. You’re all set!
Note: The alerts is silenced for the time it is set 1Hour/Day/Week/Month from the time when it was created:
The comparison is performed depends on the condition:
- Previous hour, Same hour yesterday, Same hour last week – every 5 minutes
- Yesterday, Same day last week, Same day last month (28 days ago) – every 10 minutes
Once triggered, the alert will display the count of logs for the current timeframe, for the compared to timeframe and the quotient of both.
Enjoy and take advantage of this new capability.
Like always if you have any questions or suggestions, please contact us in the in-app chat or send us an email at email@example.com.