Parsing rules

Manage Coralogix Parsing Rules directly from your AI agent. The MCP server provides tools to create, retrieve, update, and delete parsing rules that transform logs during ingestion—and generate infrastructure-as-code definitions from any rule configuration.

Manage log parsing through your AI agent to iterate on ingestion logic in the same workflow where you analyze logs—no context switching between your AI agent and the Coralogix UI.

Tools

Tool	Description
`create_parsing_rule`	Create a parsing rule for log transformation during ingestion.
`get_parsing_rule`	Retrieve a specific parsing rule by ID.
`list_parsing_rules`	List parsing rules with an optional name filter.
`update_parsing_rule`	Update an existing parsing rule.
`delete_parsing_rule`	Delete a parsing rule by ID.

Supported rule types

The tools support all 10 Coralogix parsing rule types:
Rule type Key Description
Parse parse Extract fields from log text using a regex and convert matches to JSON
Block block Drop logs matching a regex pattern
Allow allow Keep only logs matching a regex pattern (inverse of Block)
JSON Extract jsonExtract Extract values from JSON-structured logs
Replace replace Replace text matching a regex pattern
Extract Timestamp extractTimestamp Parse a custom timestamp from log text
Remove Fields removeFields Remove specified fields from log entries
JSON Stringify jsonStringify Convert a JSON object to a string representation
Extract extract Extract values using regex capture groups
Parse JSON Field parseJsonField Parse a string field containing JSON into structured data

Example prompts

Create a parsing rule

Create a parsing rule that extracts the request_id, method, and path
from my nginx access logs using regex capture groups.

List rules by name

List all parsing rules with "production" in the name.

Update a rule

Update my "Extract Request ID" rule to also capture the response time.

The agent retrieves the rule first, then applies your changes.

Create a rule and generate Kubernetes YAML

Create a block rule that drops health-check logs from the load balancer,
then generate the Kubernetes Operator YAML for it.

Important behaviors

Update requires retrieval first. To update a parsing rule, the agent retrieves the current configuration using get_parsing_rule or list_parsing_rules, then applies your changes.
Full type coverage. Every parsing rule type available in the Coralogix platform has a dedicated schema, covering the complete range of log transformation operations.
Rules apply at ingestion. Parsing rules transform logs as they enter Coralogix. Changes take effect on newly ingested data.

Need help? Contact Support.

What's new? Find out here.

LLM? Read llms.txt.

Previous Alerts

Next IaC generation

Rule type	Key	Description
Parse	`parse`	Extract fields from log text using a regex and convert matches to JSON
Block	`block`	Drop logs matching a regex pattern
Allow	`allow`	Keep only logs matching a regex pattern (inverse of Block)
JSON Extract	`jsonExtract`	Extract values from JSON-structured logs
Replace	`replace`	Replace text matching a regex pattern
Extract Timestamp	`extractTimestamp`	Parse a custom timestamp from log text
Remove Fields	`removeFields`	Remove specified fields from log entries
JSON Stringify	`jsonStringify`	Convert a JSON object to a string representation
Extract	`extract`	Extract values using regex capture groups
Parse JSON Field	`parseJsonField`	Parse a string field containing JSON into structured data