Skip to content

Coralogix Reporter

Coralogix reporter allows you to automate the generation of a periodic report that includes the formatted results of a predefined OpenSearch Query. This report can be distributed automatically to a mailing list.

To define and set up a report go to AWS's Serverless Application Repository and search for "Coralogix". Click on the link to Coralogix-Reporter.

The application requires the following parameters:

  • Verified AWS SES email/domain.

  • CoralogixRegion. Region associated with your Coralogix domain

  • You need to create a personal or team API key. It's recommended to use permission presets, as they are automatically updated with all relevant permissions. Alternatively, you can manually add individual permissions.

PresetActionDescription
DataQueryingLEGACY-ARCHIVE-QUERIES:EXECUTE
LOGS.DATA-API#HIGH:READDATA
LOGS.DATA-API#LOW:READDATA
METRICS.DATA-API#HIGH:READDATA
SPANS.DATA-API#HIGH:READDATA
SPANS.DATA-API#LOW:READDATA		Query Data from the Archive
Query Frequent Search Logs
Query Monitoring & Compliance Logs
Query Metrics
Query Frequent Search Spans
Query Monitoring & Compliance Spans

  • Query. OpenSearch query

  • Index - the OpenSearch index to query. If you want to query logs, then use *. If you want to query Logs2Metrics, then use *:*_log_metrics*.

  • Sender. a list of comma-separated e-mails

  • Recipient. a list of comma-separated e-mails

  • RequestTimeout. The OpenSearch query timeout

  • Schedule. CloudWatch rules schedule expression

  • ScheduleEnable. true when the schedule is active and false when it is inactive

  • Subject. report email subject line

  • Template. JMESPath expression to structure the OpenSearch response

Note

Do not change the function memory size and function timeout parameters. You can adjust the query request timeout based on your needs.

Report example

Query the account every day at 08:00 to find mapping exceptions:

OpenSearch query:

{"size":0,"query":{"bool":{"filter":[{"query_string":{"query":"_exists_:coralogix.failed_reason"}},{"range":{"coralogix.timestamp":{"gte":"now-24h","lt":"now"}}}]}},"aggs":{"exceptions":{"terms":{"field":"coralogix.failed_reason","size":20}}}}

Schedule:

cron(0 0 */8 ? * *)

Template:

aggregations.exceptions.buckets[*].{"Exception":key,"Count":doc_count}

Support

Reach our customer success team 24/7 via the in-app chat or by email at support@coralogix.com.

Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.
Previous Incidents
Next Cases