Whether you are just starting your observability journey or already are an expert, our courses will help advance your knowledge and practical skills.
Expert insight, best practices and information on everything related to Observability issues, trends and solutions.
Explore our guides on a broad range of observability related topics.
Automatically detect abnormal behavior in your system using the Time Relative Alert. Such alerts are triggered when a fixed ratio reaches a set threshold compared to a past time frame.
Use this feature to:
Security. Receive automatic alerts comparing suspicious behavior. Compare, for instance, the amount of NX domain name responses or admin logins across days or weeks.
Operations. Receive automatic alerts regarding error rates and page loading times in your applications. Compare, for instance, errors rates and page loading times in the past day or hour.
Business. Receive automatic alerts when there is a shift in sales or user signups. Compare, for instance, the amount of purchases on the same day last week or the user signups over the last month.
STEP 1. Create a new alert.
STEP 2. Define alert details: Name, Description, Priority (P1, highest to P5, lowest), Labels (A new label or an existing one. Nest a label using key:value
.).
You can also select the Set as Security Alert checkbox to add the alert_type:security
label. This will help Security customers filter for this alert type in the Incidents screen.fine.
STEP 3. Select TIME RELATIVE Alert Type.
STEP 4. Define a Query.
STEP 5. Set the Conditions for triggering an alert.
The Alert will trigger when the query matching the alert definition will be more than/less than a number of occurrences when compared to the query results of a particular time window.
For example, a query returns for the last hour 180 error logs. The same query but in a different timeframe (e.g. previous hour) returns 60 error logs. It means the ratio is 3. If the ratio is more than 1, then the alert will be triggered when the threshold is reached.
Choose a particular timeframe for comparison.
Options include:
Group your alerts using one or more aggregated values into a histogram.
STEP 6. Define Notification settings.
In the notification settings, you have different options, depending on whether or not you are using the Group By condition.
When using Group By conditions, you will see the following options:
When not using the Group By condition, a single alert will be triggered and sent to your Incidents Screen when the query meets the condition.
You can define additional alert recipient(s) and notification channels in both cases by clicking + ADD WEBHOOK. Once you add a webhook, you can choose the parameters of your notification:
Once you add a webhook to the notification group, a toggle appears which enables you to move to Advanced Mode. Advanced mode lets you set the notify every & notify when resolved settings for each webhook individually. Note that the toggle affects all notification groups, and when activate the toggle in one notification group, it will be turned on in all notification groups.
STEP 7. Set a Schedule.
Limit triggering to specific days and times.
STEP 8. Define Notification Content.
STEP 9. Click Create Alert on the upper-right side of the screen.
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Contact us via our in-app chat or by emailing support@coralogix.com.