Correlate
APM / infra / business metrics that move together with a log pattern, or log patterns that move together with a customer metric. Either direction. Filters out false hits where two metrics share a daily cycle but no actual relationship by checking for shared labels (service, pod, namespace, tenant).
Example
"what moves with
Payment_Gateway_Timeout?"Strongest matches:
db.replica.cpu(r=0.94),apm.payments.latency(r=0.91),kafka.consumer.lag(r=0.87). 3 lower-confidence hits filtered out as coincidental — they had no overlapping labels with the pattern.
More to ask
- "co-movers for
apm_request_duration_p99{service="payments-svc"}" - "what's correlated with
Retry_Backoff_Exhausted?" - "deep correlate, full environment, last 6h"
Prerequisites
LOG10X_CUSTOMER_METRICS_URLconfigured (grafana_cloud, amp, datadog_prom, or generic_prom).- The Reporter deployed with
k8s_pod/k8s_container/k8s_namespace/tenx_user_serviceenrichments — on by default for any fluent-k8s or filebeat-k8s install.
Tool schema (advanced)
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
anchor_type |
string | yes | — | log10x_pattern (start from a pattern, find metrics) or customer_metric (start from a metric, find patterns). |
anchor |
string | yes | — | What to correlate against. For log10x_pattern: pattern name. For customer_metric: PromQL expression. |
window |
string | no | 1h |
Time window. Accepts 15m, 1h, 6h, 24h. Alias: timeRange. |
timeRange |
string | no | — | Alias for window for consistency with the other tools. If both are set, window wins. |
depth |
string | no | normal |
shallow = same service only. normal = service + neighbors. deep = full environment (scans 1000+ metrics, slower). |
step |
string | no | 60s |
Bucket size for comparing the two series. Smaller = more precise timing but more queries. |
minimum_confidence |
number | no | 0.3 |
Drop candidates below this combined confidence. 0–1. |
minimum_join_jaccard |
number | no | 0.7 |
How closely the label values must overlap to count as "same entity". Lower to 0.3–0.5 when values are stale. |
environment |
string | no | — | Environment nickname. |
Result tiers in the response:
| Tier | Meaning |
|---|---|
joined |
Shared labels line up on both sides — same service and same pod. Highest confidence. |
structurally_validated |
Shared label on service only, not on lower-level dimensions. Usually a service-wide issue, not one pod. |
validation_unavailable |
Times match, but one side is missing the labels needed to verify. Treat as unconfirmed. |
temporal_coincidence |
Times match, but the labels explicitly don't overlap. Coincidence, not cause. |