generate_log_parsing_rule
Create log parsing rules from queries or sample logs to extract structured data from New Relic log messages for monitoring and analysis.
Instructions
Generate a log parsing rule from either a query or provided samples.
Args:
log_query: Optional NRQL WHERE clause to fetch logs (e.g., "service = 'api'")
log_samples: Optional list of log message samples
time_range: Time range for log query (default: "1 hour ago")
field_hints: Optional hints for field types (e.g., {"user_id": "UUID"})
account_id: Optional account ID (uses default if not provided)
Returns:
Generated GROK pattern, NRQL pattern, and analysisInput Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| log_query | No | ||
| log_samples | No | ||
| time_range | No | 1 hour ago | |
| field_hints | No | ||
| account_id | No |
Output Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |
Implementation Reference
- newrelic_mcp/server.py:762-797 (handler)MCP tool handler and registration for 'generate_log_parsing_rule'. Validates inputs, checks client, calls core helper in log_parsing.py, and formats JSON response.
@mcp.tool() async def generate_log_parsing_rule( log_query: Optional[str] = None, log_samples: Optional[List[str]] = None, time_range: str = "1 hour ago", field_hints: Optional[Dict[str, str]] = None, account_id: Optional[str] = None, ) -> str: """ Generate a log parsing rule from either a query or provided samples. Args: log_query: Optional NRQL WHERE clause to fetch logs (e.g., "service = 'api'") log_samples: Optional list of log message samples time_range: Time range for log query (default: "1 hour ago") field_hints: Optional hints for field types (e.g., {"user_id": "UUID"}) account_id: Optional account ID (uses default if not provided) Returns: Generated GROK pattern, NRQL pattern, and analysis """ if not client: return json.dumps({"error": "New Relic client not initialized"}) acct_id = account_id or client.account_id if not acct_id: return json.dumps({"error": "Account ID required but not provided"}) try: result = await log_parsing.generate_parsing_rule_from_logs( client, acct_id, log_query, log_samples, time_range, field_hints ) return json.dumps(result, indent=2) except Exception as e: return json.dumps({"error": str(e)}, indent=2) - newrelic_mcp/log_parsing.py:583-652 (helper)Core implementation of log parsing rule generation. Fetches logs via NRQL if needed, analyzes samples, generates GROK/NRQL patterns using GrokPatternGenerator class or single-log function.
async def generate_parsing_rule_from_logs( client, account_id: str, log_query: Optional[str] = None, log_samples: Optional[List[str]] = None, time_range: str = "1 hour ago", field_hints: Optional[Dict[str, str]] = None, ) -> Dict[str, Any]: """ Generate a log parsing rule from either a query or provided samples Args: client: New Relic client account_id: Account ID log_query: Optional NRQL query to fetch logs log_samples: Optional list of log message samples time_range: Time range for log query (default: "1 hour ago") field_hints: Optional hints for field types Returns: Dict containing the generated GROK pattern, NRQL pattern, and analysis """ samples = log_samples or [] # If no samples provided, fetch from New Relic if not samples and log_query: query = f""" SELECT message FROM Log WHERE {log_query} SINCE {time_range} LIMIT 10 """ result = await client.query_nrql(account_id, query) if result and "results" in result: samples = [ r.get("message", "") for r in result["results"] if r.get("message") ] if not samples: raise ValueError("No log samples available to generate pattern") # Use improved pattern generation for single samples if len(samples) == 1: grok_pattern, nrql_pattern = generate_grok_pattern_for_log(samples[0]) # Create a simple analysis for single sample analysis = {"patterns_found": [], "samples_analyzed": 1} suggested_desc = "Auto-generated parsing rule for single log sample" else: generator = GrokPatternGenerator() analysis = generator.analyze_log_samples(samples) grok_pattern, nrql_pattern = generator.generate_grok_pattern( samples, field_hints ) suggested_desc = ( f"Auto-generated parsing rule for {analysis['patterns_found']}" if analysis["patterns_found"] else "Auto-generated parsing rule" ) return { "grok_pattern": grok_pattern, "nrql_pattern": f"SELECT * FROM Log WHERE message LIKE '{nrql_pattern}'", "analysis": analysis, "samples_used": len(samples), "suggested_description": suggested_desc, }