Coralogix
Coralogix is a modern observability platform that combines logs, metrics, traces, and security monitoring into a unified solution. It features an index-free architecture with in-stream analysis and alerting capabilities, enabling infinite data retention without storage bloat. Coralogix offers powerful query capabilities through DataPrime and Lucene, real-time log templating using machine learning, and comprehensive monitoring across your entire technology stack.
Authentication Types
Coralogix supports API Key authentication:
- API Key - Bearer token authentication
- Pros: Simple to set up, secure, supports all API operations, role-based permissions
- Cons: Keys must be rotated manually for security best practices
- Best for: All use cases
General Settings
Before using the connector, you need to configure:
- Region - Your Coralogix data center region
US1- United States East (Ohio) -api.coralogix.usUS2- United States West (Oregon) -api.cx498.coralogix.comEU1- European Union (Ireland) -api.coralogix.comEU2- European Union (Stockholm) -api.eu2.coralogix.comAP1- Asia Pacific (Mumbai) -api.coralogix.inAP2- Asia Pacific (Singapore) -api.coralogixsg.comAP3- Asia Pacific (Jakarta) -api.ap3.coralogix.com
Your region is determined by your Coralogix login URL (e.g., team.app.coralogix.us for US1).
Setting up API Key
Follow these steps to create an API Key for Coralogix:
-
Log in to your Coralogix account at your regional URL
-
Click on Settings in the left sidebar
-
Navigate to Account → API Keys
-
Click Create API Key button
-
Configure the API key:
- Key Name: Enter a descriptive name (e.g., "MCP Connector")
- Permissions: Select appropriate permission presets based on your needs:
- DataQuerying - For running queries on logs and metrics
- Alerts - For viewing and managing alert definitions
- SLO-MGMT - For managing Service Level Objectives
- Dashboard - For accessing dashboards
- Incidents - For viewing incident data
- Or select specific permissions if you need fine-grained control
-
Click Create to generate the API key
-
Copy the key immediately - it will only be shown once
-
Save the key securely - you'll need it to configure the connector
API Keys in Coralogix use role-based access control (RBAC). Permission presets are automatically updated with relevant permissions for your use case, making them the recommended choice over manual permission selection.
Key Capabilities
Alert Management
- List and search alert definitions with advanced filtering
- Get detailed alert configurations and thresholds
- Retrieve alert events and triggering history
- Analyze alert event statistics and patterns
- Export alert definitions for backup or migration
Dashboard Visualization
- Discover and list all dashboards with folder organization
- Retrieve complete dashboard configurations and widgets
- Access dashboards by ID or URL slug
- Navigate dashboard folder hierarchies
- Extract queries and visualizations for analysis
Incident Management
- Search incidents with filters by status, severity, and assignee
- Get detailed incident information with timeline
- Track incident events and response activities
- Aggregate incident statistics and trends
- Link incidents to triggering alert events
SLO Tracking
- List all Service Level Objectives across services
- Get SLO configuration and targets
- Monitor SLO compliance status in real-time
- Track error budgets and burn rates
- Batch retrieve multiple SLOs efficiently
Data Querying
- Execute DataPrime queries for advanced analytics
- Run Lucene queries for familiar log searching
- Submit background queries for heavy workloads
- Retrieve results from asynchronous queries
- Query across logs, metrics, and traces
Enrichment & Parsing
- List custom enrichment rules and data sources
- Inspect enrichment configurations and mappings
- Search enrichment data for validation
- View parsing rule groups and transformations
Actions & Integrations
- List all configured actions and webhooks
- Get action details and trigger conditions
- View deployed integrations and data sources
Data Usage Monitoring
- Track data consumption and storage usage
- Monitor log volume by application and severity
- Analyze trace span counts by service
- Identify high-volume data sources
Regional Endpoints
Coralogix operates in seven data center regions. Make sure to select the correct region based on where your account is hosted:
| Region | Code | API Base URL | Team Hostname Pattern |
|---|---|---|---|
| US East (Ohio) | US1 | https://api.coralogix.us | team.app.coralogix.us |
| US West (Oregon) | US2 | https://api.cx498.coralogix.com | team.app.cx498.coralogix.com |
| EU (Ireland) | EU1 | https://api.coralogix.com | team.coralogix.com |
| EU (Stockholm) | EU2 | https://api.eu2.coralogix.com | team.app.eu2.coralogix.com |
| AP (Mumbai) | AP1 | https://api.coralogix.in | team.app.coralogix.in |
| AP (Singapore) | AP2 | https://api.coralogixsg.com | team.app.coralogixsg.com |
| AP (Jakarta) | AP3 | https://api.ap3.coralogix.com | team.app.ap3.coralogix.com |
You can verify your region by checking your Coralogix login URL or team hostname.
Common Use Cases
Investigating Performance Issues
1. Use "Execute DataPrime Query" to analyze error logs and metrics
2. Use "List Alerts" to check if any alerts have fired
3. Use "Get Alert Events" to see alert triggering history
4. Use "Get Incident" to view related incidents if any exist
Monitoring SLO Health
1. Use "List SLOs" to discover all service objectives
2. Use "Get SLO Status" to check current compliance
3. Use "Execute DataPrime Query" to analyze underlying metrics
4. Use "Get Alert Events" to see SLO violation history
Analyzing Incident Trends
1. Use "List Incidents" to get recent incidents
2. Use "Get Incident Aggregations" for statistical analysis
3. Use "Get Incident Events" to understand incident timelines
4. Use "List Alerts" to review alerting configuration
Dashboard Analysis
1. Use "List Dashboards" to discover available dashboards
2. Use "Get Dashboard" to retrieve dashboard configuration
3. Extract queries from dashboard widgets
4. Use "Execute DataPrime Query" to run modified queries
Data Usage Optimization
1. Use "Get Data Usage" to track overall consumption
2. Use "Get Logs Count" to identify high-volume sources
3. Use "Get Spans Count" to monitor trace data volume
4. Analyze results to optimize data ingestion
Query Languages
Coralogix supports two powerful query languages:
DataPrime
DataPrime is Coralogix's native query language optimized for observability data. It provides:
- Advanced aggregations and transformations
- Efficient processing of large datasets
- Rich set of functions for log analysis
- Intuitive syntax for filtering and grouping
Example DataPrime query:
source logs
| filter $d.severity == "error"
| aggregate count() by $d.application
| sort count desc
Lucene
Traditional Lucene query syntax for familiar log searching:
- Wildcard and boolean operators
- Field-specific queries
- Full-text search capabilities
- Compatible with existing Lucene queries
Example Lucene query:
severity:error AND application:"my-app" AND message:*exception*
Rate Limits
Coralogix APIs have the following considerations:
-
Query Limits:
- Standard queries: Optimized for sub-second responses
- Background queries: For large datasets or long time ranges
- Automatic timeout protection with background query fallback
-
API Request Limits:
- Reasonable rate limiting applied to prevent abuse
- Implement retry logic with exponential backoff for production use
If you encounter rate limiting, consider:
- Using background queries for heavy analytics
- Batching multiple requests when possible
- Spreading requests over time
Troubleshooting
Authentication Errors
Error: 401 Unauthorized or Invalid API Key
Cause: The API key is incorrect, expired, or lacks necessary permissions
Solution:
- Verify the API key is correct and hasn't been deleted
- Check that the key has appropriate permission presets
- Ensure you're using a Bearer token in the Authorization header
- Create a new API key if needed from Settings → API Keys
Region Misconfiguration
Error: Connection timeout or Unable to reach API
Cause: The region setting doesn't match your account's actual region
Solution:
- Verify your Coralogix region by checking your login URL
- Match the connector region setting to your account:
team.app.coralogix.us→ US1team.coralogix.com→ EU1team.app.eu2.coralogix.com→ EU2
- Update the region setting and reconnect
Query Syntax Errors
Error: Query parsing failed or Invalid query syntax
Cause: Query syntax is invalid for the selected query language
Solution:
- Verify you're using the correct syntax for your query language
- For DataPrime: Check the DataPrime documentation
- For Lucene: Use proper Lucene query syntax
- Test queries in the Coralogix UI before running via API
- Ensure field names are correctly referenced ($d.fieldname in DataPrime)
Permission Errors
Error: 403 Forbidden or Insufficient permissions
Cause: The API key lacks the required permissions for the operation
Solution:
- Review the required permissions for the operation
- Update the API key with necessary permission presets:
- Add DataQuerying for query operations
- Add Alerts for alert management
- Add SLO-MGMT for SLO operations
- Add Dashboard for dashboard access
- Create a new API key with broader permissions if needed
Query Timeout
Error: Query timeout exceeded
Cause: Query is too complex or processing too much data
Solution:
- Reduce the time range in your query
- Add more specific filters to reduce data volume
- Use "Execute Background Query" for long-running queries
- Consider breaking complex queries into smaller parts
No Data Returned
Error: Empty results or No data found
Cause: Query filters are too restrictive or time range has no data
Solution:
- Verify the time range includes periods with data
- Check that field names and values are correct
- Broaden filters to confirm data exists
- Use "Get Logs Count" to verify data volume in time range
- Ensure proper timezone handling in timestamps
Best Practices
Query Optimization
- Always specify time ranges to limit data scanning
- Use specific filters early in DataPrime queries
- Leverage indexes by filtering on standard fields (severity, application)
- Use background queries for large time ranges or complex aggregations
- Test queries in UI before automating via API
API Key Security
- Create separate API keys for different applications or teams
- Use permission presets to grant least-privilege access
- Rotate API keys periodically (recommended: every 90 days)
- Never commit API keys to version control
- Store keys securely in environment variables or secret managers
Alert Management
- Regularly review alert configurations to reduce noise
- Use alert aggregations to identify patterns
- Export alert definitions for backup and version control
- Document alert response procedures linked to alerts
Dashboard Usage
- Organize dashboards using folders for better discovery
- Use dashboard variables for flexible queries
- Export dashboard configurations for migration or backup
- Extract and modify widget queries for custom analysis
Monitoring Data Usage
- Regularly check data consumption to manage costs
- Identify and optimize high-volume log sources
- Use TCO policies to balance retention and cost
- Monitor spans count to understand trace overhead
SLO Tracking
- Set realistic SLO targets based on historical data
- Monitor error budget consumption regularly
- Use SLO alerts to catch issues before SLO breach
- Review and adjust SLOs as service evolves