Coralogix logsΒΆ

By enabling this toolset, HolmesGPT will fetch node and pods logs from Coralogix.

You should enable this toolset to replace the default kubernetes/logs toolset if all your kubernetes/pod logs are consolidated inside Coralogix. It will make it easier for HolmesGPT to fetch incident logs, including the ability to precisely consult past logs.

HolmesGPT provides several out-of-the-box alternatives for log access. You can select from these options:

  • kubernetes/logs: Access logs with kubectl logs commands. This is the default toolset.

  • coralogix/logs: Access logs through Coralogix.

  • grafana/loki: Access Loki logs by proxying through a Grafana instance.

PrerequisitesΒΆ

  1. A Coralogix API key which is assigned the DataQuerying permission preset

  2. A Coralogix domain. For example eu2.coralogix.com

  3. Your team's name or hostname. For example your-company-name

You can deduct the domain and team_hostname configuration fields by looking at the URL you use to access the Coralogix UI.

For example if you access coralogix at https://my-team.app.eu2.coralogix.com/` then the team_hostname is my-team``and the coralogix ``domain is eu2.coralogix.com.

ConfigurationΒΆ

holmes:
  toolsets:
    coralogix/logs:
      enabled: true
      config:
        api_key: <your coralogix API key>
        domain: eu2.coralogix.com # Your Coralogix domain
        team_hostname: my-team # Your team's hostname in coralogix, without the domain part
        labels:
          pod: "kubernetes.pod_name"
          namespace: "kubernetes.namespace_name"
          app: "kubernetes.labels.app"

    kubernetes/logs:
      enabled: false # Disable HolmesGPT's default logging mechanism

Update your Helm values (generated_values.yaml) with the above configuration and run a Helm upgrade:

helm upgrade robusta robusta/robusta --values=generated_values.yaml --set clusterName=<YOUR_CLUSTER_NAME>

Add the following to ~/.holmes/config.yaml, creating the file if it doesn't exist:

toolsets:
  coralogix/logs:
    enabled: true
    config:
      api_key: <your coralogix API key>
      domain: eu2.coralogix.com # Your Coralogix domain
      team_hostname: my-team # Your team's hostname in coralogix
      labels:
        pod: "kubernetes.pod_name"
        namespace: "kubernetes.namespace_name"
        app: "kubernetes.labels.app"

  kubernetes/logs:
    enabled: false # Disable HolmesGPT's default logging mechanism

Search labels

You can tweak the labels used by the toolset to identify kubernetes resources. This is only needed if your logs settings for pod, namespace, and app differ from the defaults in the example above.

You can verify what labels to use by attempting to run a query in the coralogix ui:

Disabling the default toolset

If Coralogix is your primary datasource for logs, it is advised to disable the default HolmesGPT logging tool by disabling the kubernetes/logs toolset. Without this. HolmesGPT may still use kubectl to fetch logs instead of Coralogix.

holmes:
    toolsets:
        kubernetes/logs:
            enabled: false

CapabilitiesΒΆ

The table below describes the specific capabilities provided by this toolset. HolmesGPT can decide to invoke any of these capabilities when answering questions or investigating issues.

Tool Name

Description

coralogix_fetch_logs

Retrieve logs from Coralogix