Coralogix

Overview

Coralogix is an observability and security platform. Integrate Cortex with Coralogix to drive insights into alerts.

After setting up the integration, relevant alerts from Coralogix will appear in your entity pages. While viewing an entity, click Integrations > Coralogix in its sidebar to view the list of alerts.

How to configure Coralogix with Cortex

Prerequisites

Before getting started, generate a Coralogix API key.

Step 1: Configure the integration in Cortex

In Cortex, navigate to the Coralogix settings page:
1. In Cortex, click your avatar in the lower left corner, then click Settings.
2. Under "Integrations", click Coralogix.
Click Add configuration.
Configure the Coralogix integration form:
- Account alias: Enter your account alias.
- API key: Enter your Coralogix API key.
- Region: Select your region.
Click Save.

How to connect Cortex entities to Coralogix

Discovery

By default, Cortex will use the entity name or entity tag (e.g. my-service) as the "best guess" for the Coralogix alert application name. For example, if your entity name is "My Service" and your entity tag is “my-service”, then the corresponding application name in Coralogix should be “My Service” or "my-service".

If your Coralogix application names don’t cleanly match the Cortex entity identifier, you can override this in the Cortex entity descriptor.

Editing the entity descriptor

Coralogix alerts can be listed in the Catalog under the Coralogix section. We support application names in the YAML for pulling Coralogix alerts.

info:
  x-cortex-coralogix:
    applications:
    - applicationName: my-app # application name tied to alert
      alias: my-alias # alias is optional and only relevant if you have opted into multi account support

Scorecards and CQL

With the Coralogix integration, you can create Scorecard rules and write CQL queries based on Coralogix alerts.

See more examples in the CQL Explorer in Cortex.

Check if Coralogix application is set

Check if entity has a registered Coralogix application in its entity descriptor. If no registration exists, we'll try to automatically detect which corresponding Coralogix application is associated with the entity.

Definition: coralogix (==/!=) null: Boolean

Example

You could write a rule that checks whether an entity has a Coralogix application set:

coralogix != null

Alerts

List of alerts, filterable on status

Definition: coralogix.alerts(): List

Example

You could write a rule that checks whether an entity has at least 3 alerts:

ccoralogix.alerts().length >= 3

You could write a rule that checks whether an entity has no alerts and status triggered:

coralogix.alerts(statuses = ["triggered"]).length -= 0

Last updated 29 days ago