generate_log_parsing_rule
Create log parsing rules from queries or sample logs to extract structured data from New Relic log messages, generating GROK patterns and NRQL patterns for analysis.
Instructions
Generate a log parsing rule from either a query or provided samples.
Args:
log_query: Optional NRQL WHERE clause to fetch logs (e.g., "service = 'api'")
log_samples: Optional list of log message samples
time_range: Time range for log query (default: "1 hour ago")
field_hints: Optional hints for field types (e.g., {"user_id": "UUID"})
account_id: Optional account ID (uses default if not provided)
Returns:
Generated GROK pattern, NRQL pattern, and analysis
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| log_query | No | ||
| log_samples | No | ||
| time_range | No | 1 hour ago | |
| field_hints | No | ||
| account_id | No |
Input Schema (JSON Schema)
{
"properties": {
"account_id": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null,
"title": "Account Id"
},
"field_hints": {
"anyOf": [
{
"additionalProperties": {
"type": "string"
},
"type": "object"
},
{
"type": "null"
}
],
"default": null,
"title": "Field Hints"
},
"log_query": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null,
"title": "Log Query"
},
"log_samples": {
"anyOf": [
{
"items": {
"type": "string"
},
"type": "array"
},
{
"type": "null"
}
],
"default": null,
"title": "Log Samples"
},
"time_range": {
"default": "1 hour ago",
"title": "Time Range",
"type": "string"
}
},
"type": "object"
}