Overview
Coralogix is a full-stack observability platform. IncidentFox integrates with Coralogix to:- Search logs across applications and subsystems
- Query metrics for anomaly detection
- Access alert history and context
- Integrate with Olly (Coralogix’s AI SRE agent)
Prerequisites
- Coralogix account with API access
- API key with read permissions
- Knowledge of your Coralogix domain
Configuration
Step 1: Create a Coralogix API Key
- Log in to your Coralogix dashboard
- Navigate to Settings (left navbar) > API Keys
- Click + Team Key (bottom right)
- Configure the key:
- Key name:
IncidentFox(or any descriptive name) - Role Presets: Select
DataQuerying
- Key name:
- Click Create
- Copy the API key
Step 2: Identify Your Domain
Your Coralogix domain is shown in your browser URL when logged in (e.g.,app.eu2.coralogix.com).
Coralogix regional domains:
| Region | Team Login URL |
|---|---|
| EU1 (Ireland) | coralogix.com |
| EU2 (Stockholm) | app.eu2.coralogix.com |
| US1 (Ohio) | app.coralogix.us |
| US2 (Oregon) | app.cx498.coralogix.com |
| AP1 (India) | app.coralogix.in |
| AP2 (Singapore) | app.coralogixsg.com |
| AP3 (Jakarta) | app.ap3.coralogix.com |
Step 3: Connect to IncidentFox
- Open the IncidentFox app in Slack (click the bot’s avatar → Open App)
- Under Available Integrations, find Coralogix and click Connect (or Edit if already configured)
- In the modal:
- Watch the video walkthrough for step-by-step guidance
- Paste your API Key
- Select your Domain from the dropdown (based on your Coralogix URL)
- Optionally, add Custom Context to help the AI understand your Coralogix setup (e.g., application names, team conventions, important subsystems)
- Click Save
Custom Context for AI (Optional)
The Context for AI field lets you provide additional information that helps IncidentFox investigate more effectively. Examples:- “Our main applications are
payments-apiandcheckout-service” - “Production logs use subsystem
prod-backend, staging usesstaging-backend” - “Critical alerts come from the
sre-alertsapplication”
Available Tools
Once configured, these tools become available:search_coralogix_logs
Search logs with Lucene query syntax.
query- Lucene query stringapplication- Application filter (optional)subsystem- Subsystem filter (optional)time_range- Time range (default: 1 hour)
get_coralogix_metrics
Query metrics data.
metric_name- Name of the metricfilters- Label filtersaggregation- Sum, avg, max, min, etc.time_range- Time range for query
get_coralogix_alerts
Retrieve recent alerts.
severity- Filter by severity (optional)status- Active, resolved, alltime_range- Time range
get_coralogix_traces
Get distributed traces for a service.
service- Service nameoperation- Operation/endpoint (optional)min_duration- Minimum trace durationtime_range- Time range
Olly Integration
Coralogix’s AI SRE agent, Olly, can work alongside IncidentFox for enhanced investigations.How It Works
IncidentFox can:- Query Coralogix data directly
- Request Olly’s analysis of specific issues
- Combine Olly’s insights with data from other sources
Example: Combined Investigation
- Query Coralogix logs for errors
- Ask Olly to analyze the error patterns
- Correlate with metrics from other sources
- Provide combined findings
Use Cases
Log Search During Incidents
- Query recent logs matching the criteria
- Identify error patterns
- Correlate with recent deployments
Metrics Correlation
Alert Investigation
Troubleshooting
Connection Failed
Symptom: “Unable to connect to Coralogix API” Solutions:- Verify API key is valid and not expired
- Check domain is correct for your region
- Ensure network allows outbound HTTPS to Coralogix
Empty Results
Symptom: Queries return no data Solutions:- Verify application/subsystem names are correct
- Check time range - data may be outside the range
- Verify the query syntax (Lucene format)
Rate Limiting
Symptom: “Rate limit exceeded” errors Solutions:- Reduce query frequency
- Use more specific queries
- Contact Coralogix to increase limits
Best Practices
- Set default filters in configuration to reduce noise
- Use specific time ranges - don’t query more data than needed
- Leverage Olly for pattern recognition in large log volumes
- Combine with other sources - Coralogix for logs, Grafana for metrics
Security Considerations
What IncidentFox Can Access
TheDataQuerying preset grants these read-only capabilities:
| Permission | Purpose |
|---|---|
| Query Data from the Archive | Search historical data |
| Query Frequent Search Logs | Search and analyze log data |
| Query Monitoring & Compliance Logs | Query compliance-tier logs |
| Query Metrics | Correlate metrics with incidents |
| Query Frequent Search Spans | Trace requests across services |
| Query Monitoring & Compliance Spans | Query compliance-tier traces |
| View CPU profiling data | View profiling information |
What IncidentFox Cannot Do
- Create, modify, or delete alerts
- Change any Coralogix configurations
- Access team admin settings
- Manage API keys or users
- Send or ingest data
Best Practices
- All permissions are read-only - no write or management access
- You control the key - revoke anytime from your Coralogix dashboard
- No data storage - IncidentFox queries on-demand; logs stay in Coralogix
- Store keys in your secrets manager
- Rotate keys periodically
- Monitor API usage for anomalies
Revoking Access
To revoke IncidentFox’s access at any time:- Go to Settings > API Keys in your Coralogix dashboard
- Find the
IncidentFoxkey - Click Delete
Next Steps
Snowflake
Enrich with historical data
AWS
Connect AWS CloudWatch