Skip to main content

Coralogix

CatalogDiscoveryScorecards

Overview

Coralogix is an observability and security platform. Integrate Cortex with Coralogix to drive insights into alerts.

After setting up the integration, relevant alerts from Coralogix will appear in your entity pages. While viewing an entity, click Integrations > Coralogix in its sidebar to view the list of alerts.

How to configure Coralogix with Cortex

Prerequisites

Before getting started, generate a Coralogix API key.

Step 1: Configure the integration in Cortex

  1. In Cortex, navigate to the Coralogix settings page:
    1. In Cortex, click your avatar in the lower left corner, then click Settings.
    2. Under "Integrations", click Coralogix.
  2. Click Add Coralogix configuration.
  3. Configure the Coralogix integration form:
    • Account alias: Enter your account alias.
    • API key: Enter your Coralogix API key.
    • Region: Select your region.
  4. Click Save.

Configure the integration for multiple Coralogix accounts

The Coralogix integration has multi-account support. You can add a configuration for each additional by repeating the process above.

Each configuration requires an alias, which Cortex uses to correlate the designated with registrations for various entities. Registrations can also use a default configuration without a listed alias. You can edit aliases and default configurations from the Coralogix page in your Cortex settings. Select the edit icon next to a given configuration and toggle Set as default on. If you only have one configuration, it will automatically be set as the default.

caution

If you do not see the settings page you're looking for, you may not have permission to access that page. Please contact your admin for assistance.

How to connect Cortex entities to Coralogix

Discovery

By default, Cortex will use the entity name or entity tag (e.g. my-service) as the "best guess" for the Coralogix alert application name. For example, if your entity name is "My Service" and your entity tag is “my-service”, then the corresponding application name in Coralogix should be “My Service” or "my-service".

If your Coralogix application names don’t cleanly match the Cortex entity identifier, you can override this in the Cortex entity descriptor.

Editing the entity descriptor

If you need to override automatic discovery, you can define the following block in your Cortex entity descriptor.

Coralogix alerts can be listed in the Catalog under the Coralogix section. We support application names in the YAML for pulling Coralogix alerts.

info:
  x-cortex-coralogix:
    applications:
    - applicationName: my-app # application name tied to alert
      alias: my-alias # alias is optional and only relevant if you have opted into multi account support

Scorecards and CQL

With the Coralogix integration, you can create Scorecard rules and write CQL queries based on Coralogix alerts.

See more examples in the CQL Explorer in Cortex.

Check if Coralogix application is set

Check if entity has a registered Coralogix application in its entity descriptor. If no registration exists, we'll try to automatically detect which corresponding Coralogix application is associated with the entity.

Definition: coralogix (==/!=) null: Boolean

Example

You could write a rule that checks whether an entity has a Coralogix application set:

coralogix != null
Alerts

List of alerts, filterable on status

Definition: coralogix.alerts(): List<CoralogixIssue>

Example

You could write a rule that checks whether an entity has at least 3 alerts:

ccoralogix.alerts().length >= 3

You could write a rule that checks whether an entity has no alerts and status triggered:

coralogix.alerts(statuses = ["triggered"]).length -= 0

Still need help?

The following are all the ways to get assistance from our customer engineering team. Please use the option that is best for your users:

  • Email: help@cortex.io, or open a support ticket in the in app Resource Center
  • Chat: Available in the Resource Center
  • Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a :ticket: reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your customer success manager.