Skip to main content

Incidents service overview

Handle all operations related to incident management within Coralogix. Identify, manage, and resolve incidents efficiently through automated workflows and team collaboration. Find out more about incident management in our documentation.

Authentication and permissions

To use the Incidents service API you need to create a personal or team API key. It’s recommended to use permission presets, as they are automatically updated with all relevant permissions. Alternatively, you can manually add the following individual permissions.
PresetsPermissionDescription
Incidentsincidents:acknowledgeAccess to incidents operations
incidents:assignAccess to incidents operations
incidents:closeAccess to incidents operations
incidents:readGrants access to read incidents

Common error response codes

Status CodeDescription
400 Bad RequestResponse code 400
401 UnauthorizedResponse code 401
500 Internal Server ErrorResponse code 500

Protocol documentation

ListIncidents

ListIncidentsRequest

FieldTypeLabelDescription
filterIncidentQueryFilterFilter for listing incidents.
paginationPaginationRequestPagination details.
order_bysOrderByrepeatedOrdering options for listing incidents.

ListIncidentsResponse

FieldTypeLabelDescription
incidentsIncidentrepeatedList of incidents.
paginationPaginationResponsePagination details.

ListIncidentAggregations

ListIncidentAggregationsRequest

FieldTypeLabelDescription
filterIncidentQueryFilterFilter for aggregations.
group_bysGroupByrepeatedGrouping options for aggregations.
paginationPaginationRequestPagination details.

ListIncidentAggregationsResponse

FieldTypeLabelDescription
incident_aggsIncidentAggregationrepeatedAggregated incident data.
paginationPaginationResponsePagination details.

GetIncident

GetIncidentRequest

FieldTypeLabelDescription
idgoogle.protobuf.StringValueID of the incident to retrieve.

GetIncidentResponse

FieldTypeLabelDescription
incidentIncidentRetrieved incident.

GetIncidentEvents

GetIncidentEventsRequest

FieldTypeLabelDescription
incident_idgoogle.protobuf.StringValueID of the incident to get events for.

GetIncidentEventsResponse

FieldTypeLabelDescription
incident_eventsIncidentEventrepeatedEvents associated with the incident.

BatchGetIncident

BatchGetIncidentRequest

FieldTypeLabelDescription
idsgoogle.protobuf.StringValuerepeatedIDs of incidents to be retrieved in batch.

BatchGetIncidentResponse

FieldTypeLabelDescription
incidentsBatchGetIncidentResponse.IncidentsEntryrepeatedRetrieved incidents in batch.
not_found_idsgoogle.protobuf.StringValuerepeatedIDs of incidents not found.

BatchGetIncidentResponse.IncidentsEntry

FieldTypeLabelDescription
keystringIncident key.
valueIncidentRetrieved incident.

AssignIncidents

AssignIncidentsRequest

FieldTypeLabelDescription
incident_idsgoogle.protobuf.StringValuerepeatedIDs of incidents to be assigned.
assigned_toUserDetailsDetails of the user to whom incidents are to be assigned.

AssignIncidentsResponse

FieldTypeLabelDescription
incidentsIncidentrepeatedAssigned incidents.

UnassignIncidents

UnassignIncidentsRequest

FieldTypeLabelDescription
incident_idsgoogle.protobuf.StringValuerepeatedIDs of incidents to be unassigned.

UnassignIncidentsResponse

FieldTypeLabelDescription
incidentsIncidentrepeatedUnassigned incidents.

AcknowledgeIncidents

AcknowledgeIncidentsRequest

FieldTypeLabelDescription
incident_idsgoogle.protobuf.StringValuerepeatedIDs of incidents to be acknowledged.

AcknowledgeIncidentsResponse

FieldTypeLabelDescription
incidentsIncidentrepeatedAcknowledged incidents.

CloseIncidents

CloseIncidentsRequest

FieldTypeLabelDescription
incident_idsgoogle.protobuf.StringValuerepeatedIDs of incidents to be closed.

CloseIncidentsResponse

FieldTypeLabelDescription
incidentsIncidentrepeatedClosed incidents.

DeleteIncidents

DeleteIncidentRequest

FieldTypeLabelDescription
idgoogle.protobuf.StringValueID of the incident to be deleted.

ResolveIncidents

ResolveIncidentsRequest

FieldTypeLabelDescription
incident_idsgoogle.protobuf.StringValuerepeatedIDs of incidents to be resolved.

ResolveIncidentsResponse

FieldTypeLabelDescription
incidentsIncidentrepeatedResolved incidents.

PaginationRequest

PaginationRequest

FieldTypeLabelDescription
page_sizegoogle.protobuf.UInt32ValueNumber of items per page.
page_tokengoogle.protobuf.StringValueToken for the next page.

PaginationResponse

FieldTypeLabelDescription
total_sizegoogle.protobuf.UInt32ValueTotal number of items.
next_page_tokengoogle.protobuf.StringValueToken for the next page.

AuditLogDescription

FieldTypeLabelDescription
descriptionstringoptionalDescription for audit logging.

ContextualLabels

FieldTypeLabelDescription
field_namegoogle.protobuf.StringValueName of the contextual label field.
field_valuegoogle.protobuf.StringValueValue of the contextual label.

GroupByValues

FieldTypeLabelDescription
incident_fieldIncidentFieldOneOfField to group incidents by.
contextual_labelsContextualLabelsContextual labels for grouping incidents.

Incident

The incident represents an unexpected or disruptive event within your system. The definition below outlines the essential attributes associated with managing and documenting such incidents in Coralogix. Here’s a detailed description of the key components:
FieldTypeLabelDescription
idgoogle.protobuf.StringValueUnique identifier for the incident.
namegoogle.protobuf.StringValueName of the incident.
stateIncidentStateCurrent state of the incident.
statusIncidentStatusCurrent status of the incident.
assignmentsAssignmentrepeatedList of assignments for the incident.
descriptiongoogle.protobuf.StringValueDescription of the incident.
severityIncidentSeveritySeverity level of the incident.
contextual_labelsIncident.ContextualLabelsEntryrepeatedContextual labels associated with the incident.
display_labelsIncident.DisplayLabelsEntryrepeatedDisplay labels associated with the incident.
eventsIncidentEventrepeatedList of events related to the incident.
created_atgoogle.protobuf.TimestampTimestamp when the incident was created.
closed_atgoogle.protobuf.TimestampTimestamp when the incident was closed.
last_state_update_timegoogle.protobuf.TimestampTimestamp of the last state update for the incident.
last_state_update_keygoogle.protobuf.StringValueKey associated with the last event that caused a state change in the incident.
is_mutedgoogle.protobuf.BoolValueIndicates whether the incident is muted or suppressed.

Incident.ContextualLabelsEntry

FieldTypeLabelDescription
keystringKey of the contextual label.
valuestringValue of the contextual label.

Incident.DisplayLabelsEntry

FieldTypeLabelDescription
keystringKey of the display label.
valuestringValue of the display label.

IncidentAggregation

Incident Aggregation is specifically used for grouping and summarizing incidents based on certain criteria. This aggregation seems to provide a consolidated view of multiple incidents, offering insights into various aspects of their states, statuses, severities, assignments, and other relevant details.
FieldTypeLabelDescription
group_bys_valueGroupByValuesrepeatedGroup by fields and values for the aggregation.
agg_state_countIncidentStateCountrepeatedCount of incidents for each state in the aggregation.
agg_status_countIncidentStatusCountrepeatedCount of incidents for each status in the aggregation.
agg_severity_countIncidentSeverityCountrepeatedCount of incidents for each severity in the aggregation.
agg_assignments_countIncidentAssignmentCountrepeatedCount of incidents for each assignment in the aggregation.
first_created_atgoogle.protobuf.TimestampTimestamp of the first incident created in the aggregation.
last_closed_atgoogle.protobuf.TimestampTimestamp of the last incident closed in the aggregation.
all_values_countgoogle.protobuf.UInt32ValueTotal count of incidents in the aggregation.
list_incidents_idgoogle.protobuf.StringValuerepeatedList of incident IDs in the aggregation.
last_state_update_timegoogle.protobuf.TimestampTimestamp of the last state update in the aggregation.

IncidentAssignmentCount

FieldTypeLabelDescription
assigned_toUserDetailsDetails of the user to whom incidents are assigned.
countgoogle.protobuf.UInt32ValueCount of incidents assigned to the user.

IncidentFieldOneOf

FieldTypeLabelDescription
idgoogle.protobuf.StringValueUnique identifier for the incident field.
severityIncidentSeveritySeverity level of the incident field.
namegoogle.protobuf.StringValueName of the incident field.
created_atgoogle.protobuf.TimestampTimestamp when the incident field was created.
closed_atgoogle.protobuf.TimestampTimestamp when the incident field was closed.
stateIncidentStateState of the incident field.
statusIncidentStatusStatus of the incident field.
last_state_update_timegoogle.protobuf.TimestampTimestamp of the last state update for the incident field.
application_namegoogle.protobuf.StringValueApplication name associated with the incident field.
subsystem_namegoogle.protobuf.StringValueSubsystem name associated with the incident field.

IncidentSeverityCount

FieldTypeLabelDescription
severityIncidentSeveritySeverity level.
countgoogle.protobuf.UInt32ValueCount of incidents for the severity level.

IncidentStateCount

FieldTypeLabelDescription
stateIncidentStateState of the incident.
countgoogle.protobuf.UInt32ValueCount of incidents for the state.

IncidentStatusCount

FieldTypeLabelDescription
statusIncidentStatusStatus of the incident.
countgoogle.protobuf.UInt32ValueCount of incidents for the status.

IncidentFields

NameNumberDescription
INCIDENTS_FIELDS_UNSPECIFIED0Unspecified incident field.
INCIDENTS_FIELDS_ID1Incident ID.
INCIDENTS_FIELDS_SEVERITY2Incident severity.
INCIDENTS_FIELDS_NAME3Incident name.
INCIDENTS_FIELDS_CREATED_TIME4Timestamp when the incident was created.
INCIDENTS_FIELDS_CLOSED_TIME5Timestamp when the incident was closed.
INCIDENTS_FIELDS_STATE6Current state of the incident.
INCIDENTS_FIELDS_STATUS7Current status of the incident.
INCIDENTS_FIELDS_LAST_STATE_UPDATE_TIME8Timestamp of the last state update for the incident.
INCIDENTS_FIELDS_APPLICATION_NAME9Application name associated with the incident.
INCIDENTS_FIELDS_SUBSYSTEM_NAME10Subsystem name associated with the incident.
incident_severity.proto

IncidentSeverity

NameNumberDescription
INCIDENT_SEVERITY_UNSPECIFIED0Unspecified incident severity.
INCIDENT_SEVERITY_INFO1Informational incident severity.
INCIDENT_SEVERITY_WARNING2Warning incident severity.
INCIDENT_SEVERITY_ERROR3Error incident severity.
INCIDENT_SEVERITY_CRITICAL4Critical incident severity.
incident_status.proto

IncidentStatus

NameNumberDescription
INCIDENT_STATUS_UNSPECIFIED0Unspecified incident status.
INCIDENT_STATUS_TRIGGERED1Incident is triggered.
INCIDENT_STATUS_ACKNOWLEDGED2Incident is acknowledged.
INCIDENT_STATUS_RESOLVED3Incident is resolved.
assignee.proto

Assignment

FieldTypeLabelDescription
assigned_toUserDetailsDetails of the user to whom the incident is assigned.
assigned_byUserDetailsDetails of the user who assigned the incident.

UserDetails

FieldTypeLabelDescription
user_idgoogle.protobuf.StringValueID of the user.
incident_event/incident_event_unassign.proto

IncidentEventUnassign

This represents an event where an incident is unassigned. incident_event/incident_event_acknowledge.proto

IncidentEventAcknowledge

FieldTypeLabelDescription
acknowledged_byUserDetailsDetails of the user who acknowledged the incident.
incident_event/incident_event_type.proto

IncidentEventType

NameNumberDescription
INCIDENT_EVENT_TYPE_UNSPECIFIED0Unspecified incident event type.
INCIDENT_EVENT_TYPE_UPSERT_STATE2Incident event for upserting state.
INCIDENT_EVENT_TYPE_OPEN4Incident event for opening an incident.
INCIDENT_EVENT_TYPE_CLOSE5Incident event for closing an incident.
INCIDENT_EVENT_TYPE_SNOOZE_INDICATOR6Incident event for snooze indicator.
INCIDENT_EVENT_TYPE_ASSIGN7Incident event for assigning an incident.
INCIDENT_EVENT_TYPE_UNASSIGN9Incident event for unassigning an incident.
INCIDENT_EVENT_TYPE_ACKNOWLEDGE8Incident event for acknowledging an incident.
incident_event/incident_event_assign.proto

IncidentEventAssign

FieldTypeLabelDescription
assignmentAssignmentDetails of the assignment event.
incident_event/incident_event_originator_operational.proto

IncidentEventOriginatorOperational

FieldTypeLabelDescription
system_namegoogle.protobuf.StringValueName of the operational system originating the event.
incident_event/incident_event_originator_administrative.proto

IncidentEventOriginatorAdministrative

FieldTypeLabelDescription
user_idgoogle.protobuf.StringValueID of the administrative user originating the event.
incident_event/incident_event_originator_type.proto

OriginatorType

NameNumberDescription
ORIGINATOR_TYPE_UNSPECIFIED0Unspecified originator type.
ORIGINATOR_TYPE_OPERATIONAL1Operational originator type.
ORIGINATOR_TYPE_ADMINISTRATIVE2Administrative originator type.
incident_event/incident_event_snooze_indicator.proto

IncidentEventSnoozeIndicator

FieldTypeLabelDescription
start_timegoogle.protobuf.TimestampStart time of the snooze period.
duration_minutesgoogle.protobuf.Int32ValueDuration of the snooze period in minutes.
user_idgoogle.protobuf.StringValueID of the user who initiated the snooze.
incident_event/incident_event.proto

IncidentEvent

An incident event typically refers to a specific occurrence or action related to the management and lifecycle of an incident within your system. This structured definition includes various fields to capture details about the event.
FieldTypeLabelDescription
idgoogle.protobuf.StringValueUnique identifier for the incident event.
incident_event_typeIncidentEventTypeType of the incident event.
snooze_indicatorIncidentEventSnoozeIndicatorInformation related to snooze indicator event.
assignmentIncidentEventAssignInformation related to assignment event.
unassignIncidentEventUnassignInformation related to unassignment event.
upsert_stateIncidentEventUpsertStateInformation related to upsert state event.
acknowledgeIncidentEventAcknowledgeInformation related to acknowledgment event.
closeIncidentEventCloseInformation related to closure event.
originator_typeOriginatorTypeType of the originator (administrative or operational) for the incident event.
administrative_eventIncidentEventOriginatorAdministrativeDetails of the administrative user who triggered the event.
operational_eventIncidentEventOriginatorOperationalDetails of the operational system that triggered the event.
incident_event/incident_event_upsert_state.proto

IncidentEventUpsertState

FieldTypeLabelDescription
state_typeUpsertIncidentStateTypeType of upsert state event.
payloadUpsertIncidentStatePayloadPayload associated with the upsert state event.
is_mutedgoogle.protobuf.BoolValueIndicates whether the incident is muted during the upsert state event.

UpsertIncidentStatePayload

FieldTypeLabelDescription
cx_event_keygoogle.protobuf.StringValueCoralogix event key associated with the incident.

UpsertIncidentStateType

NameNumberDescription
UPSERT_INCIDENT_STATE_TYPE_UNSPECIFIED0Unspecified upsert incident state type.
UPSERT_INCIDENT_STATE_TYPE_TRIGGERED1Upsert state for triggered incidents.
UPSERT_INCIDENT_STATE_TYPE_RESOLVED2Upsert state for resolved incidents.
incident_event/incident_event_close.proto

IncidentEventClose

FieldTypeLabelDescription
closed_byUserDetailsDetails of the user who closed the incident.
incident_query_filter.proto

ContextualLabelValues

FieldTypeLabelDescription
contextual_label_valuesgoogle.protobuf.StringValuerepeatedList of contextual label values.

IncidentQueryFilter

Incident Query Filter is used for specifying criteria when querying or filtering incidents within a your system. This definition includes various fields that can be used to filter incidents based on different attributes.
FieldTypeLabelDescription
assigneegoogle.protobuf.StringValuerepeatedList of assignee user IDs.
statusIncidentStatusrepeatedList of incident statuses.
stateIncidentStaterepeatedList of incident states.
severityIncidentSeverityrepeatedList of incident severities.
contextual_labelsIncidentQueryFilter.ContextualLabelsEntryrepeatedList of contextual labels and their values.
search_queryIncidentSearchQuerySearch query for incidents.
application_namegoogle.protobuf.StringValuerepeatedList of application names.
subsystem_namegoogle.protobuf.StringValuerepeatedList of subsystem names.
is_mutedgoogle.protobuf.BoolValueIndicates whether incidents are muted.
created_at_rangeTimeRangeFilters all incidents created at the given time range
incident_duration_rangeTimeRangeFilters all incidents open (alive) at the given time range

IncidentQueryFilter.TimeRange

FieldTypeLabelDescription
start_timegoogle.protobuf.TimestampStart time for filtering incidents.
end_timegoogle.protobuf.TimestampEnd time for filtering incidents.

IncidentQueryFilter.ContextualLabelsEntry

FieldTypeLabelDescription
keystringKey of the contextual label.
valueContextualLabelValuesList of values for the contextual label.
incident_state.proto

IncidentState

NameNumberDescription
INCIDENT_STATE_UNSPECIFIED0Unspecified incident state.
INCIDENT_STATE_TRIGGERED1Incident is triggered.
INCIDENT_STATE_RESOLVED2Incident is resolved.
incident_query.proto

GroupBy

FieldTypeLabelDescription
incident_fieldIncidentFieldsField to group incidents by.
contextual_labelgoogle.protobuf.StringValueContextual label to group incidents by.
order_by_directionOrderByDirectionDirection for ordering the grouped incidents.

IncidentSearchQuery

FieldTypeLabelDescription
querygoogle.protobuf.StringValueSearch query string.
incident_fieldIncidentFieldsField to search incidents by.
contextual_labelgoogle.protobuf.StringValueContextual label to search incidents by.

OrderBy

FieldTypeLabelDescription
incident_fieldIncidentFieldsField for ordering incidents.
contextual_labelgoogle.protobuf.StringValueContextual label for ordering incidents.
directionOrderByDirectionDirection for ordering incidents.

OrderByDirection

NameNumberDescription
ORDER_BY_DIRECTION_UNSPECIFIED0Unspecified order direction.
ORDER_BY_DIRECTION_ASC1Ascending order.
ORDER_BY_DIRECTION_DESC2Descending order.

OrderByFields

NameNumberDescription
ORDER_BY_FIELDS_UNSPECIFIED0Unspecified order field.
ORDER_BY_FIELDS_ID1Order by incident ID.
ORDER_BY_FIELDS_SEVERITY2Order by incident severity.
ORDER_BY_FIELDS_NAME3Order by incident name.
ORDER_BY_FIELDS_CREATED_TIME4Order by incident creation time.
ORDER_BY_FIELDS_CLOSED_TIME5Order by incident closure time.

ScopeDetails

FieldTypeLabelDescription
subsystem_namegoogle.protobuf.StringValueName of the subsystem.
application_namegoogle.protobuf.StringValueName of the application.
I