Skip to content

Incidents

Our Incidents screen displays all of your triggered alert events within the Coralogix platform. View all currently triggered alerts or display only the ones that were triggered within a specific timeframe. With easy-to-use functionalities and the ability to drill-down into events of interest, the feature ensures top-notch monitoring and analysis.

Overview

The Coralogix Incidents screen simplifies your alert response journey from start to finish. Perfect for DevOps teams and SREs looking to eliminate context switching, users can easily identify triggered alerts of interest and drill-down into the underlying logs, metrics, and traces all from within the Coralogix platform. Coralogix uniquely enables users to analyze any relevant archived data alongside events that triggered the current alert. This unified approach brings alerts and observability together for faster triage, analysis and remediation.

Benefits

Use the Incidents screen to:

  • View all those alerts which are currently triggered or those triggered within a specific time frame.

  • Organize incidents by alert definition.

  • Search alerts by name.

  • Filter alerts by type, severity, or other chosen parameters.

  • Select and modify incident status.

  • Instantly drill-down into any triggered event to view its contextual information and underlying data.

  • View alerts in chronological order.

How it works

Triggered alerts, bundled as incidents, are presented in your Incidents screen according to the Group By tags and Notifications set in your alert definition.

Group by tags

The Incidents screen presents all of the individual permutations for all key-value tags that are selected in the Group By conditions defined in your alert.

The Group By feature allows you to group alerts by one or more key-value tags that are aggregated into a histogram. An alert is triggered whenever the condition threshold is met for a specific aggregated key within a specified timeframe.

If using 2 tags for Group By, matching logs, metrics or traces will first be aggregated by the parent tag (ie. applicationName), then by the child tag (ie. subsystemName). An alert will fire when the threshold meets the unique combination of both parent and child. Only data that includes the selected Group By tags will be included in the count.

For every alert that is triggered, one or more events form an incident. If the user has defined them in his / her alert setup, specific events within an incident are organized by key-value Group By tags.

Notifications

Incident events are organized by the Notifications defined in your alert.

  • If you choose to trigger a separate alert for each key-value combination that meets your Group By conditions, you will see separate incidents for each key-value tag combination.

  • If you choose to trigger a single alert when at least one key-value tag combination meets your Group By conditions, all events for that alert will be consolidated within one incident in your Incidents screen.

Prerequisites

Incidents screen

To view all of your triggered alerts, navigate to Alerts > Incidents in your Coralogix toolbar.

Incidents tab

The Incidents tab presents all alerts triggered within a selected timeframe, regardless of their current status and duration. Events are sorted by ‘Last Updated’ timestamp.

Beyond our default time frame selection (QUICK), you have the option of querying incidents for a timeframe relative to the present time (RELATIVE) or within a custom timeframe (CUSTOM). In addition, our Version Benchmarks feature allows you to use tags to compare between timelines (TAG).

Group by alert definition

For the Incidents, you may group incidents by alert definition in the upper right-hand corner of your screen. Doing so will aggregate all alert permutations, consolidating individual incidents under one alert name.

Expand an alert definition group to view the individual group-by tags that triggered the alert, with additional information about each permutation. This includes alert status, alert type, permutation details, etc. An alert group can contain up to 1,000 permutations.

Expand an alert group to view the individual permutations that triggered the alert, with additional information about each permutation. This includes alert status, alert type, permutation details, etc. An alert group can contain up to 1,000 permutations.

Filter incidents

Filter incidents using the filters in the left-hand sidebar.

Filter incidents by status, type, priority, labels (you can use OR/AND operators to refine filtering) or assignment.

Incident status

Incidents may have one of three statuses: TRIGGERED, ACKNOWLEDGED, or RESOLVED. Statuses change on an automatic or manual basis.

Automatic change to status

Once a triggered alert is resolved, the status of the original incident automatically changes to RESOLVED. If you have activated the Notify When Resolved settings in your alert, a new resolve event is sent.

Once resolved, an incident is closed. If the alert is then triggered, a new incident appears.

Manual change to status

Clicking on a TRIGGERED status will present a drop-down menu in which you can choose to ACKNOWLEDGE or RESOLVE an incident. Doing so automatically defines you as the assignee. You may unassign yourself or replace the assignee.

Modify incident status from your Incidents Screen or Incident Details Screen.

Incidents Triggered Alert Events Coralogix

Incident details screen

Clicking on left-hand ellipses (…) of any incident permutation opens the Incident Details Screen, which presents the details of the incident from start to finish:

  • Alert name and status (triggered, acknowledged or resolved)

  • Event history and timestamp

  • Severity, time window, application and subsystem

  • Alert query

  • Assignee

Open an alert definition and edit by clicking on the pen icon.

Group by state

For single alerts when at least one key-value tag pair combination meets your Group By Conditions, the Group By State grid displays all of the permutations for the key-value tags established.

Watch data

Click WATCH DATA for any event to see its triggered logs, metrics or traces.

  • Clicking WATCH DATA in the upper-right screen will present you with the raw data for the last event in the incident.

  • Clicking WATCH DATA next to a specific event will present you with the raw data for that event.

Alert Explorer

Alert Explorer displays all triggered alerts without grouping them into incidents. This view allows for the examination of alerts presented in chronological order. You can filter the alerts using the same methods as on the Incidents screen, except for the Assigned filter, which is irrelevant for alerts.

Additional resources

DocumentationConnect S3 Archive
Get Started with Coralogix Alerts

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

Previous Previous Coralogix Reporter
Next AWS EventBridge Outbound Webhook Next
Home
User Guides User Guides
Integrations Integrations
OpenTelemetry OpenTelemetry
Developer Portal Developer Portal