Coralogix logsΒΆ
By enabling this toolset, HolmesGPT will fetch node and pods logs from Coralogix.
You should enable this toolset to replace the default kubernetes/logs toolset if all your kubernetes/pod logs are consolidated inside Coralogix. It will make it easier for HolmesGPT to fetch incident logs, including the ability to precisely consult past logs.
HolmesGPT provides several out-of-the-box alternatives for log access. You can select from these options:
kubernetes/logs: Access logs with
kubectl logs
commands. This is the default toolset.coralogix/logs: Access logs through Coralogix.
grafana/loki: Access Loki logs by proxying through a Grafana instance.
PrerequisitesΒΆ
A Coralogix API key which is assigned the
DataQuerying
permission presetA Coralogix domain. For example
eu2.coralogix.com
Your team's name or hostname. For example
your-company-name
You can deduct the domain
and team_hostname
configuration fields by looking at the URL you use to access the Coralogix UI.
For example if you access coralogix at https://my-team.app.eu2.coralogix.com/`
then the team_hostname
is my-team``and the coralogix ``domain
is eu2.coralogix.com
.
ConfigurationΒΆ
holmes:
toolsets:
coralogix/logs:
enabled: true
config:
api_key: <your coralogix API key>
domain: eu2.coralogix.com # Your Coralogix domain
team_hostname: my-team # Your team's hostname in coralogix, without the domain part
kubernetes/logs:
enabled: false # Disable HolmesGPT's default logging mechanism
Update your Helm values (generated_values.yaml) with the above configuration and run a Helm upgrade:
helm upgrade robusta robusta/robusta --values=generated_values.yaml --set clusterName=<YOUR_CLUSTER_NAME>
Add the following to ~/.holmes/config.yaml, creating the file if it doesn't exist:
toolsets:
coralogix/logs:
enabled: true
config:
api_key: <your coralogix API key>
domain: eu2.coralogix.com # Your Coralogix domain
team_hostname: my-team # Your team's hostname in coralogix
kubernetes/logs:
enabled: false # Disable HolmesGPT's default logging mechanism
Advanced ConfigurationΒΆ
Frequent logs and archive
By default, holmes fetched the logs from the Frequent search tier and only fetch logs from the Archive tier if the frequent search returned no result.
This behaviour can be customised using the logs_retrieval_methodology
configuration field:
toolsets:
coralogix/logs:
enabled: true
config:
# Possible values are:
# - FREQUENT_SEARCH_ONLY
# - ARCHIVE_ONLY
# - ARCHIVE_FALLBACK <- default value
# - FREQUENT_SEARCH_FALLBACK
# - BOTH_FREQUENT_SEARCH_AND_ARCHIVE
logs_retrieval_methodology: ARCHIVE_FALLBACK # default value
...
Here is a description of each possible log retrieval methodology:
FREQUENT_SEARCH_ONLY Always fetch logs using a frequent search.
ARCHIVE_ONLY Always fetch logs using the archive.
ARCHIVE_FALLBACK Use a frequent search first. If there are no results, fallback to searching archived logs. This is the default behaviour.
FREQUENT_SEARCH_FALLBACK Search logs in the archive first. If there are no results, fallback to searching the frequent logs.
BOTH_FREQUENT_SEARCH_AND_ARCHIVE Always use both the frequent search and the archive to fetch logs. The result contains merged data which is deduplicated and sorted by timestamp.
Search labels
You can tweak the labels used by the toolset to identify kubernetes resources. This is optional and only needed if your
logs settings for pod
, namespace
, application
and subsystem
differ from the defaults in the example below.
toolsets:
coralogix/logs:
enabled: true
config:
labels: # OPTIONAL: tweak the filters used by HolmesGPT if your coralogix configuration is non standard
namespace: "kubernetes.namespace_name"
pod: "kubernetes.pod_name"
application: "coralogix.metadata.applicationName"
subsystem: "coralogix.metadata.subsystemName"
...
You can verify what labels to use by attempting to run a query in the coralogix ui:

Disabling the default toolset
If Coralogix is your primary datasource for logs, it is advised to disable the default HolmesGPT logging
tool by disabling the kubernetes/logs
toolset. Without this. HolmesGPT may still use kubectl to
fetch logs instead of Coralogix.
holmes:
toolsets:
kubernetes/logs:
enabled: false
CapabilitiesΒΆ
The table below describes the specific capabilities provided by this toolset. HolmesGPT can decide to invoke any of these capabilities when answering questions or investigating issues.
Tool Name |
Description |
---|---|
fetch_coralogix_logs_for_resource |
Retrieve logs using coralogix |