Alerts API v3
Use our Alerts API v3 to define, query, and manage Coralogix Alerts. View this tutorial for v1/v2.
Overview
This tutorial outlines Coralogix's v3 Alerts gRPC API. It is designed to be simpler and more user-friendly. Using protobuf, it supports clients with autocomplete features, such as Postman's gRPC.
Authentication
Authenticate requests
To authenticate requests, create a customized Team API key with the Alerts role preset assigned to it. Alternatively, selectively add any of the following permissions to your key:
| Method | Permission |
|---|---|
| ListAlertDefs | alerts:ReadConfig OR logs.alerts:ReadConfig OR metrics.alerts:ReadConfig OR spans.alerts:ReadConfig |
| GetAlertDef | alerts:ReadConfig OR logs.alerts:ReadConfig OR metrics.alerts:ReadConfig OR spans.alerts:ReadConfig |
| CreateAlertDef | alerts:UpdateConfig OR logs.alerts:UpdateConfig OR metrics.alerts:UpdateConfig OR spans.alerts:UpdateConfig |
| ReplaceAlertDef | alerts:UpdateConfig OR logs.alerts:UpdateConfig OR metrics.alerts:UpdateConfig OR spans.alerts:UpdateConfig |
| DeleteAlertDef | alerts:UpdateConfig OR logs.alerts:UpdateConfig OR metrics.alerts:UpdateConfig OR spans.alerts:UpdateConfig |
| SetActive | alerts:UpdateConfig OR logs.alerts:UpdateConfig OR metrics.alerts:UpdateConfig OR spans.alerts:UpdateConfig |
Find out more about customized API keys here.
Example
Use your customized API key in the Authorization request header to successfully connect.
Then, use one of our designated Management endpoints to structure your header.
Select the endpoint associated with your Coralogix domain.
For the AlertDefs Service API, the service name is AlertDefsService.
The complete request header should look like this:
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/
API functions
Find details on API functions here.
Sample requests
The following section presents an array of sample requests.
Create a Standard Alert with immediate notifications
Create a Standard Alert with the “notify immediately” condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": {
"value": "logs-immediate"
},
"description": {
"value": "Example of logs-immediate alert"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_IMMEDIATE_OR_UNSPECIFIED",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"use_as_notification_settings": {
"value": true
},
"minutes": {
"value": 10
}
},
"notification_group": {
"group_by_fields": [],
"simple": {
"integrations": [{
"recipients": {"emails": [{"value": "[email protected]"}]}
}]
}
},
"logs_immediate": {
"logs_filter": {
"simple_filter": {
"label_filters": {
"application_name": [
{
"operation": "LOG_FILTER_OPERATION_TYPE_ENDS_WITH",
"value": {
"value": "endsWithThis"
}
}
],
"severities": [
"LOG_SEVERITY_ERROR",
"LOG_SEVERITY_CRITICAL"
]
},
"lucene_query": {
"value": "QueryThisLog"
}
}
}
}
}
}
EOF
Response
{
"alert_def": {
"alert_def_properties": {
"group_by": [],
"labels": {},
"name": {
"value": "logs-immediate"
},
"description": {
"value": "Example of logs-immediate alert"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_IMMEDIATE_OR_UNSPECIFIED",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"notification_group": {
"group_by_fields": [],
"simple": {
"integrations": [
{
"recipients": {
"emails": [
{
"value": "[email protected]"
}
]
}
}
]
}
},
"phantom_mode": {
"value": false
},
"deleted": {
"value": false
},
"logs_immediate": {
"notification_payload_filter": [],
"logs_filter": {
"simple_filter": {
"lucene_query": {
"value": "QueryThisLog"
},
"label_filters": {
"application_name": [
{
"value": {
"value": "endsWithThis"
},
"operation": "LOG_FILTER_OPERATION_TYPE_ENDS_WITH"
}
],
"subsystem_name": [],
"severities": [
"LOG_SEVERITY_ERROR",
"LOG_SEVERITY_CRITICAL"
]
}
}
}
}
},
"id": {
"value": "0b4149bf-5f75-4c71-9815-ecda1c2a48f0"
},
"created_time": {
"seconds": "1725264877",
"nanos": 0
},
"updated_time": {
"seconds": "1725264877",
"nanos": 0
},
"alert_version_id": {
"value": "0b4149bf-5f75-4c71-9815-ecda1c2a48f0"
}
}
}
Create a Standard Alert with a threshold
Create a Standard Alert with the “more than” or “less than” condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": {
"value": "logs threshold"
},
"description": {
"value": "example of logs threshold"
},
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": {
"value": true
},
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"type": "ALERT_DEF_TYPE_LOGS_THRESHOLD",
"logs_threshold": {
"logs_filter": {
"simple_filter": {
"lucene_query": {
"value": "_exists_:field"
},
"label_filters": {
"application_name": [],
"severities": [],
"subsystem_name": []
}
}
},
"notification_payload_filter": [],
"rules": [
{
"condition": {
"condition_type": "LOGS_THRESHOLD_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"threshold": {
"value": 1000
},
"time_window": {
"logs_time_window_specific_value": "LOGS_TIME_WINDOW_VALUE_HOURS_2"
}
}
}
]
}
}
}
EOF
Response
{
"alert_def": {
"alert_def_properties": {
"group_by": [],
"labels": {},
"name": {
"value": "logs threshold"
},
"description": {
"value": "example of logs threshold"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_LOGS_THRESHOLD",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"notification_group": {
"group_by_fields": [],
"simple": {
"integrations": []
}
},
"phantom_mode": {
"value": false
},
"deleted": {
"value": false
},
"logs_threshold": {
"rules": [
{
"condition": {
"threshold": {
"value": 1000
},
"time_window": {
"logs_time_window_specific_value": "LOGS_TIME_WINDOW_VALUE_HOURS_2"
},
"condition_type": "LOGS_THRESHOLD_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED"
}
}
],
"notification_payload_filter": [],
"logs_filter": {
"simple_filter": {
"lucene_query": {
"value": "_exists_:field"
},
"label_filters": {
"application_name": [],
"subsystem_name": [],
"severities": []
}
}
},
"undetected_values_management": {
"trigger_undetected_values": {
"value": false
},
"auto_retire_timeframe": "AUTO_RETIRE_TIMEFRAME_NEVER_OR_UNSPECIFIED"
}
}
},
"id": {
"value": "90618130-7db9-4ec5-9178-e63be64c4dc5"
},
"created_time": {
"seconds": "1725265215",
"nanos": 0
},
"updated_time": {
"seconds": "1725265215",
"nanos": 0
},
"alert_version_id": {
"value": "90618130-7db9-4ec5-9178-e63be64c4dc5"
}
}
}
Create a Ratio Alert
Create a Ratio Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": {
"value": "logs ratio threshold"
},
"description": {
"value": "example of logs ratio threshold"
},
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": {
"value": true
},
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"type": "ALERT_DEF_TYPE_LOGS_RATIO_THRESHOLD",
"logs_ratio_threshold": {
"logs_filter": {
"simple_filter": {
"label_filters": {"application_name": [],"severities": [],"subsystem_name": []},
"lucene_query": {
"value": "_exists_:field"
}
}
},
"notification_payload_filter": [],
"rules": [
{
"condition": {
"condition_type": "LOGS_RATIO_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"threshold": {
"value": 1000
},
"ignore_infinity": {"value": false},
"time_window": {
"logs_ratio_time_window_specific_value": "LOGS_RATIO_TIME_WINDOW_VALUE_HOURS_2"
}
}
}
]
}
}
}
EOF
Response
{
"alert_def": {
"alert_def_properties": {
"group_by": [],
"labels": {},
"name": {
"value": "logs ratio threshold"
},
"description": {
"value": "example of logs ratio threshold"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_LOGS_RATIO_THRESHOLD",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"notification_group": {
"group_by_fields": [],
"simple": {
"integrations": []
}
},
"phantom_mode": {
"value": false
},
"deleted": {
"value": false
},
"logs_ratio_threshold": {
"rules": [
{
"condition": {
"threshold": {
"value": 1000
},
"time_window": {
"logs_ratio_time_window_specific_value": "LOGS_RATIO_TIME_WINDOW_VALUE_HOURS_2"
},
"ignore_infinity": {
"value": false
},
"condition_type": "LOGS_RATIO_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED"
}
}
],
"notification_payload_filter": [],
"numerator": {
"simple_filter": {
"lucene_query": null,
"label_filters": {
"application_name": [],
"subsystem_name": [],
"severities": []
}
}
},
"numerator_alias": {
"value": "Query 1"
},
"denominator": {
"simple_filter": {
"lucene_query": null,
"label_filters": {
"application_name": [],
"subsystem_name": [],
"severities": []
}
}
},
"denominator_alias": {
"value": "Query 2"
},
"group_by_for": "LOGS_RATIO_GROUP_BY_FOR_BOTH_OR_UNSPECIFIED",
"undetected_values_management": {
"trigger_undetected_values": {
"value": false
},
"auto_retire_timeframe": "AUTO_RETIRE_TIMEFRAME_NEVER_OR_UNSPECIFIED"
}
}
},
"id": {
"value": "85a2292d-152b-4e4e-89af-6e401224d542"
},
"created_time": {
"seconds": "1725263514",
"nanos": 0
},
"updated_time": {
"seconds": "1725263514",
"nanos": 0
},
"alert_version_id": {
"value": "85a2292d-152b-4e4e-89af-6e401224d542"
}
}
}
Create a Time Relative Alert
Create a Time Relative Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": {
"value": "logs time relative threshold"
},
"description": {
"value": "example of logs time relative threshold"
},
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": {
"value": true
},
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"type": "ALERT_DEF_TYPE_LOGS_TIME_RELATIVE_THRESHOLD",
"logs_time_relative_threshold": {
"logs_filter": {
"simple_filter": {
"label_filters": {"application_name": [],"severities": [],"subsystem_name": []},
"lucene_query": {
"value": "_exists_:field"
}
}
},
"notification_payload_filter": [],
"rules": [
{
"condition": {
"condition_type": "LOGS_TIME_RELATIVE_CONDITION_TYPE_LESS_THAN",
"compared_to": "LOGS_TIME_RELATIVE_COMPARED_TO_SAME_DAY_LAST_WEEK",
"ignore_infinity": {"value": true},
"threshold": {"value": 5}
}
}
]
}
}
}
EOF
Response
{
"alert_def": {
"alert_def_properties": {
"group_by": [],
"labels": {},
"name": {
"value": "logs time relative threshold"
},
"description": {
"value": "example of logs time relative threshold"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_LOGS_TIME_RELATIVE_THRESHOLD",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"notification_group": {
"group_by_fields": [],
"simple": {
"integrations": []
}
},
"phantom_mode": {
"value": false
},
"deleted": {
"value": false
},
"logs_time_relative_threshold": {
"rules": [
{
"condition": {
"threshold": {
"value": 5
},
"compared_to": "LOGS_TIME_RELATIVE_COMPARED_TO_SAME_DAY_LAST_WEEK",
"ignore_infinity": {
"value": true
},
"condition_type": "LOGS_TIME_RELATIVE_CONDITION_TYPE_LESS_THAN"
}
}
],
"notification_payload_filter": [],
"logs_filter": {
"simple_filter": {
"lucene_query": {
"value": "_exists_:field"
},
"label_filters": {
"application_name": [],
"subsystem_name": [],
"severities": []
}
}
},
"undetected_values_management": {
"trigger_undetected_values": {
"value": false
},
"auto_retire_timeframe": "AUTO_RETIRE_TIMEFRAME_NEVER_OR_UNSPECIFIED"
}
}
},
"id": {
"value": "03b00703-736b-4af6-aaed-55f1944c2767"
},
"created_time": {
"seconds": "1725263879",
"nanos": 0
},
"updated_time": {
"seconds": "1725263879",
"nanos": 0
},
"alert_version_id": {
"value": "03b00703-736b-4af6-aaed-55f1944c2767"
}
}
}
Create a log-based Dynamic Alert
Create a log-based Dynamic Alert to measure more-than-usual anomalies.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": {
"value": "logs-unusual-alert-more-than"
},
"description": {
"value": "Example of logs-unusual-more-than alert"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_UNUSUAL",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"use_as_notification_settings": {
"value": true
},
"minutes": {
"value": 1
}
},
"notification_group": {
"group_by_fields": [],
"notifications": [
{
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"recipients": {
"emails": [
{
"value": "[email protected]"
}
]
},
"minutes": {
"value": 1
}
}
]
},
"logs_unusual": {
"rules": [
{
"condition": {
"minimum_threshold": {"value": 1000},
"time_window": {
"logs_time_window_specific_value": "LOGS_TIME_WINDOW_VALUE_HOURS_24"
},
"condition_type": "LOGS_UNUSUAL_CONDITION_TYPE_MORE_THAN_USUAL_OR_UNSPECIFIED"
}
}
],
"logs_filter": {
"simple_filter": {
"label_filters": {
"subsystem_name": [
{
"operation": "LOG_FILTER_OPERATION_TYPE_INCLUDES",
"value": {
"value": "includes"
}
}
]
},
"lucene_query": {
"value": "QueryThisLog && This Log"
}
}
}
}
}
}
EOF
Response
{
"alert_def": {
"alert_def_properties": {
"group_by": [],
"labels": {},
"name": {
"value": "logs-unusual-alert-more-than"
},
"description": {
"value": "Example of logs-unusual-more-than alert"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_UNUSUAL",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 1
}
},
"notification_group": {
"group_by_fields": [],
"simple": {
"integrations": []
}
},
"phantom_mode": {
"value": false
},
"deleted": {
"value": false
},
"logs_unusual": {
"rules": [
{
"condition": {
"minimum_threshold": {
"value": 1000
},
"time_window": {
"logs_time_window_specific_value": "LOGS_TIME_WINDOW_VALUE_HOURS_24"
},
"condition_type": "LOGS_UNUSUAL_CONDITION_TYPE_MORE_THAN_USUAL_OR_UNSPECIFIED"
}
}
],
"notification_payload_filter": [],
"logs_filter": {
"simple_filter": {
"lucene_query": {
"value": "QueryThisLog && This Log"
},
"label_filters": {
"application_name": [],
"subsystem_name": [
{
"value": {
"value": "includes"
},
"operation": "LOG_FILTER_OPERATION_TYPE_INCLUDES"
}
],
"severities": []
}
}
}
}
},
"id": {
"value": "5f82c199-4ef4-4330-9bfd-46d3f7ffbc1b"
},
"created_time": {
"seconds": "1725267238",
"nanos": 0
},
"updated_time": {
"seconds": "1725267238",
"nanos": 0
},
"alert_version_id": {
"value": "5f82c199-4ef4-4330-9bfd-46d3f7ffbc1b"
}
}
}
Create a New Value Alert
Create a New Value Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": {
"value": "logs new value"
},
"description": {
"value": "example of logs new value"
},
"priority": "ALERT_DEF_PRIORITY_P3",
"enabled": {
"value": true
},
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"type": "ALERT_DEF_TYPE_LOGS_NEW_VALUE",
"logs_new_value": {
"logs_filter": {
"simple_filter": {
"label_filters": {
"application_name": [],
"severities": [],
"subsystem_name": []
},
"lucene_query": {
"value": "_exists_:field"
}
}
},
"notification_payload_filter": [],
"rules": [
{
"condition": {
"keypath_to_track": {
"value": "keypath"
},
"time_window": {
"logs_new_value_time_window_specific_value": "LOGS_NEW_VALUE_TIME_WINDOW_VALUE_HOURS_24"
}
}
}
]
}
}
}
EOF
Response
{
"alert_def": {
"alert_def_properties": {
"group_by": [],
"labels": {},
"name": {
"value": "logs new value"
},
"description": {
"value": "example of logs new value"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_LOGS_NEW_VALUE",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"notification_group": {
"group_by_fields": [],
"simple": {
"integrations": []
}
},
"phantom_mode": {
"value": false
},
"deleted": {
"value": false
},
"logs_new_value": {
"rules": [
{
"condition": {
"keypath_to_track": {
"value": "keypath"
},
"time_window": {
"logs_new_value_time_window_specific_value": "LOGS_NEW_VALUE_TIME_WINDOW_VALUE_HOURS_24"
}
}
}
],
"notification_payload_filter": [],
"logs_filter": {
"simple_filter": {
"lucene_query": {
"value": "_exists_:field"
},
"label_filters": {
"application_name": [],
"subsystem_name": [],
"severities": []
}
}
}
}
},
"id": {
"value": "02315554-3168-4852-b440-b4a5114e5ff2"
},
"created_time": {
"seconds": "1725264457",
"nanos": 0
},
"updated_time": {
"seconds": "1725264457",
"nanos": 0
},
"alert_version_id": {
"value": "02315554-3168-4852-b440-b4a5114e5ff2"
}
}
}
Create a Unique Count Alert
Create a Unique Count Alert.
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": {
"value": "logs unique count"
},
"description": {
"value": "example of logs unique count"
},
"priority": "ALERT_DEF_PRIORITY_P4",
"enabled": {
"value": true
},
"group_by": [{"value": "logobj.path"}],
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"type": "ALERT_DEF_TYPE_LOGS_UNIQUE_COUNT",
"logs_unique_count": {
"logs_filter": {
"simple_filter": {
"label_filters": {
"application_name": [],
"severities": [],
"subsystem_name": []
},
"lucene_query": {
"value": "_exists_:field"
}
}
},
"notification_payload_filter": [],
"rules": [
{
"condition": {
"max_unique_count": {"value": "100"},
"unique_count_keypath": {"value": "keypath"},
"max_unique_count_per_group_by_key": {"value": "100"},
"time_window": {
"logs_unique_value_time_window_specific_value": "LOGS_UNIQUE_VALUE_TIME_WINDOW_VALUE_HOURS_12"
}
}
}
]
}
}
}
EOF
Response
{
"alert_def": {
"alert_def_properties": {
"group_by": [
{
"value": "logobj.path"
}
],
"labels": {},
"name": {
"value": "logs unique count"
},
"description": {
"value": "example of logs unique count"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_LOGS_UNIQUE_COUNT",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"notification_group": {
"group_by_fields": [],
"simple": {
"integrations": []
}
},
"phantom_mode": {
"value": false
},
"deleted": {
"value": false
},
"logs_unique_count": {
"rules": [
{
"condition": {
"unique_count_keypath": {
"value": "keypath"
},
"max_unique_count": {
"value": "100"
},
"time_window": {
"logs_unique_value_time_window_specific_value": "LOGS_UNIQUE_VALUE_TIME_WINDOW_VALUE_HOURS_12"
},
"max_unique_count_per_group_by_key": {
"value": "100"
}
}
}
],
"notification_payload_filter": [],
"logs_filter": {
"simple_filter": {
"lucene_query": {
"value": "_exists_:field"
},
"label_filters": {
"application_name": [],
"subsystem_name": [],
"severities": []
}
}
}
}
},
"id": {
"value": "2620d1bd-1974-41d2-9145-e24824eb2868"
},
"created_time": {
"seconds": "1725264753",
"nanos": 0
},
"updated_time": {
"seconds": "1725264753",
"nanos": 0
},
"alert_version_id": {
"value": "2620d1bd-1974-41d2-9145-e24824eb2868"
}
}
}
Create a Metric Alert with a threshold
Create a Metric Alert with a “less than or equals” condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF{
"alert_def_properties": {
"name": {
"value": "metrics threshold"
},
"description": {
"value": "example of metrics threshold"
},
"priority": "ALERT_DEF_PRIORITY_P2",
"enabled": {
"value": true
},
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"type": "ALERT_DEF_TYPE_METRIC_THRESHOLD",
"metric_threshold": {
"metric_filter": {
"promql": {"value": "sum(http_requests_total{job=\\"api-server\\"}) by (job)"}
},
"rules": [{
"condition": {
"condition_type": "METRIC_THRESHOLD_CONDITION_TYPE_LESS_THAN_OR_EQUALS",
"for_over_pct": {"value": 80},
"of_the_last": {"metric_time_window_specific_value": "METRIC_TIME_WINDOW_VALUE_HOUR_1"},
"threshold": {"value": 5000},
"missing_values": {"replace_with_zero": {"value": true}}
}
}],
"undetected_values_management": {
"trigger_undetected_values": {"value": true},
"auto_retire_timeframe": "AUTO_RETIRE_TIMEFRAME_HOURS_24"
}
}
}
}
EOF
Response
{
"alert_def": {
"alert_def_properties": {
"group_by": [],
"labels": {},
"name": {
"value": "metrics threshold"
},
"description": {
"value": "example of metrics threshold"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_METRIC_THRESHOLD",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"notification_group": {
"group_by_fields": [],
"simple": {
"integrations": []
}
},
"phantom_mode": {
"value": false
},
"deleted": {
"value": false
},
"metric_threshold": {
"rules": [
{
"condition": {
"threshold": {
"value": 5000
},
"for_over_pct": {
"value": 80
},
"of_the_last": {
"metric_time_window_specific_value": "METRIC_TIME_WINDOW_VALUE_HOUR_1"
},
"missing_values": {
"replace_with_zero": {
"value": true
}
},
"condition_type": "METRIC_THRESHOLD_CONDITION_TYPE_LESS_THAN_OR_EQUALS"
}
}
],
"metric_filter": {
"promql": {
"value": "sum(http_requests_total{job=\\"api-server\\"}) by (job)"
}
},
"undetected_values_management": {
"trigger_undetected_values": {
"value": true
},
"auto_retire_timeframe": "AUTO_RETIRE_TIMEFRAME_HOURS_24"
}
}
},
"id": {
"value": "5f4e4369-1d05-4faa-afd7-2a615e0df0d7"
},
"created_time": {
"seconds": "1725265958",
"nanos": 0
},
"updated_time": {
"seconds": "1725265958",
"nanos": 0
},
"alert_version_id": {
"value": "5f4e4369-1d05-4faa-afd7-2a615e0df0d7"
}
}
}
Create a metric-based Dynamic Alert
Create a metric-based Dynamic Alert to measure more-than-usual anomalies.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": {
"value": "metrics-unusual-more-than-alert"
},
"description": {
"value": "Example of metrics-unusual-more-than alert"
},
"enabled": {
"value": true
},
"alert_def_priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_METRIC_UNUSUAL",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"use_as_notification_settings": {
"value": true
},
"minutes": {
"value": 1
}
},
"notification_group": {
"group_by_fields": [],
"notifications": [
{
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"recipients": {
"emails": [
{
"value": "[email protected]"
}
]
},
"minutes": {
"value": 1
}
}
]
},
"metric_unusual": {
"rules": [
{
"condition": {
"for_over_pct": {
"value": 5
},
"of_the_last": {
"metric_time_window_specific_value": "METRIC_TIME_WINDOW_VALUE_HOURS_24"
},
"threshold": {
"value": 100
},
"min_non_null_values_pct": {"value": 50},
"condition_type": "METRIC_UNUSUAL_CONDITION_TYPE_MORE_THAN_USUAL_OR_UNSPECIFIED"
}
}
],
"metric_filter": {
"promql": {
"value": "sum(cpu) by (pod)"
}
}
}
}
}
EOF
Response
{
"alert_def": {
"alert_def_properties": {
"alert_group_bys": [
{
"value": "pod"
}
],
"labels": [],
"name": {
"value": "metrics-unusual-more-than-alert"
},
"description": {
"value": "Example of metrics-unusual-more-than alert"
},
"enabled": {
"value": true
},
"deleted": {
"value": false
},
"alert_def_priority": "ALERT_DEF_PRIORITY_P3",
"type": "ALERT_DEF_TYPE_METRIC_UNUSUAL",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"use_as_notification_settings": {
"value": true
},
"minutes": {
"value": 1
}
},
"notification_group": {
"group_by_fields": [],
"notifications": [
{
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"recipients": {
"emails": [
{
"value": "[email protected]"
}
]
},
"minutes": {
"value": 1
}
}
]
},
"metric_unusual": {
"rules": [
{
"condition": {
"for_over_pct": {
"value": 5
},
"of_the_last": {
"metric_time_window_specific_value": "METRIC_TIME_WINDOW_VALUE_HOURS_24"
},
"threshold": {
"value": 100
},
"min_non_null_values_pct": {
"value": 50
},
"condition_type": "METRIC_UNUSUAL_CONDITION_TYPE_MORE_THAN_USUAL_OR_UNSPECIFIED"
}
}
],
"metric_filter": {
"promql": {
"value": "sum(cpu) by (pod)"
}
}
}
},
"id": {
"value": "b8897379-cd65-4033-9318-dc47563faef7"
},
"created_time": {
"seconds": "1719250165",
"nanos": 0
},
"updated_time": {
"seconds": "1719250165",
"nanos": 0
},
"alert_version_id": {
"value": "b8897379-cd65-4033-9318-dc47563faef7"
}
}
}
Create a Tracing Alert with immediate notifications
Create a Tracing Alert with the “notify immediately” condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": {
"value": "tracing immediate alert"
},
"description": {
"value": "Example of tracing immediate alert"
},
"enabled": {
"value": true
},
"alert_def_priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_TRACING_IMMEDIATE",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"use_as_notification_settings": {
"value": true
},
"minutes": {
"value": 10
}
},
"tracing_immediate": {
"tracing_filter": {
"simple_filter": {
"latency_threshold_ms": {"value": 3000},
"tracing_label_filters": {
"application_name": [{
"operation": "TRACING_FILTER_OPERATION_TYPE_INCLUDES",
"values": [{"value": "test"}]
}]
}
}
}
}
}
}
EOF
Response
{
"alert_def": {
"alert_def_properties": {
"group_by": [],
"labels": {},
"name": {
"value": "tracing immediate alert"
},
"description": {
"value": "Example of tracing immediate alert"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P5_OR_UNSPECIFIED",
"type": "ALERT_DEF_TYPE_TRACING_IMMEDIATE",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"notification_group": {
"group_by_fields": [],
"simple": {
"integrations": []
}
},
"phantom_mode": {
"value": false
},
"deleted": {
"value": false
},
"tracing_immediate": {
"notification_payload_filter": [],
"tracing_filter": {
"simple_filter": {
"tracing_label_filters": {
"application_name": [
{
"values": [
{
"value": "test"
}
],
"operation": "TRACING_FILTER_OPERATION_TYPE_INCLUDES"
}
],
"subsystem_name": [],
"service_name": [],
"operation_name": [],
"span_fields": []
},
"latency_threshold_ms": {
"value": 3000
}
}
}
}
},
"id": {
"value": "3b8b7741-4518-4282-9bb9-9db5e0995cd9"
},
"created_time": {
"seconds": "1725266812",
"nanos": 0
},
"updated_time": {
"seconds": "1725266812",
"nanos": 0
},
"alert_version_id": {
"value": "3b8b7741-4518-4282-9bb9-9db5e0995cd9"
}
}
}
Create a Tracing Alert with a threshold
Create a Tracing Alert with a “more than” condition.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": {
"value": "tracing threshold alert"
},
"description": {
"value": "Example of tracing threshold alert"
},
"enabled": {
"value": true
},
"alert_def_priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_TRACING_THRESHOLD",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"use_as_notification_settings": {
"value": true
},
"minutes": {
"value": 10
}
},
"tracing_threshold": {
"rules": [{
"condition": {
"condition_type": "TRACING_THRESHOLD_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"span_amount": {"value": 20},
"time_window": {"tracing_time_window_value": "TRACING_TIME_WINDOW_VALUE_HOUR_1"}
}
}],
"tracing_filter": {
"simple_filter": {
"latency_threshold_ms": {"value": 3000},
"tracing_label_filters": {
"application_name": [{
"operation": "TRACING_FILTER_OPERATION_TYPE_INCLUDES",
"values": [{"value": "test"}]
}]
}
}
}
}
}
}
EOF
Response
{
"alert_def": {
"alert_def_properties": {
"group_by": [],
"labels": {},
"name": {
"value": "tracing threshold alert"
},
"description": {
"value": "Example of tracing threshold alert"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P5_OR_UNSPECIFIED",
"type": "ALERT_DEF_TYPE_TRACING_THRESHOLD",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"notification_group": {
"group_by_fields": [],
"simple": {
"integrations": []
}
},
"phantom_mode": {
"value": false
},
"deleted": {
"value": false
},
"tracing_threshold": {
"rules": [
{
"condition": {
"span_amount": {
"value": 20
},
"time_window": {
"tracing_time_window_value": "TRACING_TIME_WINDOW_VALUE_HOUR_1"
},
"condition_type": "TRACING_THRESHOLD_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED"
}
}
],
"notification_payload_filter": [],
"tracing_filter": {
"simple_filter": {
"tracing_label_filters": {
"application_name": [
{
"values": [
{
"value": "test"
}
],
"operation": "TRACING_FILTER_OPERATION_TYPE_INCLUDES"
}
],
"subsystem_name": [],
"service_name": [],
"operation_name": [],
"span_fields": []
},
"latency_threshold_ms": {
"value": 3000
}
}
}
}
},
"id": {
"value": "80ef9b33-05f2-4f90-a215-31e8c7283af7"
},
"created_time": {
"seconds": "1725266925",
"nanos": 0
},
"updated_time": {
"seconds": "1725266925",
"nanos": 0
},
"alert_version_id": {
"value": "80ef9b33-05f2-4f90-a215-31e8c7283af7"
}
}
}
Create a Flow Alert
Create a Flow Alert.
Request
grpcurl -H "Authorization: Bearer API_KEY_HERE" -d @ https://ng-api-grpc.<span class="domain-value"></span>:443/ com.coralogixapis.alerts.v3.AlertDefsService/CreateAlertDef <<EOF
{
"alert_def_properties": {
"name": {
"value": "flow alert"
},
"description": {
"value": "Example of flow alert"
},
"enabled": {
"value": true
},
"alert_def_priority": "ALERT_DEF_PRIORITY_P4",
"type": "ALERT_DEF_TYPE_FLOW",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"use_as_notification_settings": {
"value": true
},
"minutes": {
"value": 10
}
},
"flow": {
"stages": [
{
"timeframe_ms": {"value": "3000"},
"timeframe_type": "TIMEFRAME_TYPE_UP_TO",
"flow_stages_groups": {
"groups": [
{
"alert_defs": [
{
"id": {
"value": "id_of_alert"
}
}
],
"alerts_op": "ALERTS_OP_OR",
"next_op": "NEXT_OP_AND_OR_UNSPECIFIED"
}
]
}
}
]
}
}
}
EOF
Response
{
"alert_def": {
"alert_def_properties": {
"group_by": [],
"labels": {},
"name": {
"value": "flow alert"
},
"description": {
"value": "Example of flow alert"
},
"enabled": {
"value": true
},
"priority": "ALERT_DEF_PRIORITY_P5_OR_UNSPECIFIED",
"type": "ALERT_DEF_TYPE_FLOW",
"incidents_settings": {
"notify_on": "NOTIFY_ON_TRIGGERED_AND_RESOLVED",
"minutes": {
"value": 10
}
},
"notification_group": {
"group_by_fields": [],
"simple": {
"integrations": []
}
},
"phantom_mode": {
"value": false
},
"deleted": {
"value": false
},
"flow": {
"stages": [
{
"timeframe_ms": {
"value": "3000"
},
"timeframe_type": "TIMEFRAME_TYPE_UP_TO",
"flow_stages_groups": {
"groups": [
{
"alert_defs": [
{
"id": {
"value": "id_of_alert"
},
"not": {
"value": false
}
}
],
"next_op": "NEXT_OP_AND_OR_UNSPECIFIED",
"alerts_op": "ALERTS_OP_OR"
}
]
}
}
],
"enforce_suppression": {
"value": false
}
}
},
"id": {
"value": "3c93c5f1-9349-4754-9037-084aa38f514c"
},
"created_time": {
"seconds": "1725363256",
"nanos": 0
},
"updated_time": {
"seconds": "1725363256",
"nanos": 0
},
"alert_version_id": {
"value": "3c93c5f1-9349-4754-9037-084aa38f514c"
}
}
}
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Contact us via our in-app chat or by emailing [email protected].
Previous 
Parsing Rules API
Parsing Rules API Theme 
Light
light
dark
Light light dark
User Guides
Integrations
OpenTelemetry
Developer Portal