Whether you are just starting your observability journey or already are an expert, our courses will help advance your knowledge and practical skills.
Expert insight, best practices and information on everything related to Observability issues, trends and solutions.
Explore our guides on a broad range of observability related topics.
The New Value alert is triggered by the first occurrence of a new value within a time interval. All values are tested against a list that is being dynamically created while the alert is active. The alert is set by a specific query to identify a subset of logs (if needed), and is defined with a key of choice to track for new values within the desired interval.
In many use cases, this alert enables you to automatically detect a possible abnormal behavior within your system.
A few use cases examples for this alert type include:
STEP 1. Create an Alert.
There are 2 ways to creating an alert:
1- Through the explore screen.
The advantage of creating an alert through the explore screen is that you can create your query, adjust the filters you want to alert on (application/subsystem, severity, fields..). Once you hit create Alert all the filters and query will be added automatically.
2- Alert Menu > Alert Management tab.
With the Alert Management Tab you are creating the alert from scratch.
STEP 2. Define alert details: Name, Description, Priority (P1, highest to P5, lowest), Labels (A new label or an existing one. Nest a label using key:value
.).
You can also select the Set as Security Alert checkbox to add the alert_type:security
label. This will help Security customers filter for this alert type in the Incidents screen.
STEP 3. Select New Value Alert Type.
Step 4. [Optional] Choose to add a query, and adjust the application, subsystem, and severity of the logs you want to be considered for by the alert to trigger.
Step 5. Define Conditions.
Key to track: this is a key from your logs that you want to track for new values(country, city name).
Notify on new value in the last: The duration you want keep tracking this key. You can track a key up to 3 months for new values.
Notify Every: This is used to tune the alert if the alert is noisy and triggers more often.
STEP 6. Define Notification Groups.
Step 7. Set Schedule.
The schedule is a good option if you have 2 Teams in 2 different Time zones handling or collaborating on the same tasks. You can chose the days when Team “A” should be alerted and the same thing for Team “B”.
Step 8. Define Notification Content.
By default the alert content will contain the whole log with all fields. With the notification content, you can specify the fields you want to receive and focus on.
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at support@coralogix.com.