Parsing Rules
Manage Coralogix Parsing Rules directly from your AI agent. The MCP server provides a unified tool to create, retrieve, update, and delete parsing rules—and generate infrastructure-as-code definitions from any rule configuration.
Manage log parsing in the same workflow where you analyze logs—no context switching between your AI agent and the Coralogix UI.
Tool
All parsing rule operations are handled by a single unified tool: manage_parsing_rules.
| Action | Description |
|---|---|
create | Create a parsing rule for log transformation during ingestion. |
get | Retrieve a specific parsing rule by ID. |
list | List parsing rules with an optional name filter. |
update | Update an existing parsing rule. The agent retrieves the current configuration first, then applies your changes. |
delete | Delete a parsing rule by ID. |
generate_openapi | Generate the OpenAPI JSON payload for use with the Coralogix REST API. |
generate_kubernetes | Generate a Kubernetes Operator YAML manifest for the Coralogix Operator. |
generate_terraform | Generate Terraform HCL for the Coralogix Terraform Provider. |
IaC generation actions work with both existing and newly described rules. To export an existing rule, retrieve it first with get or list, then pass it to the generation action. You can also describe a rule from scratch and generate IaC without creating it in Coralogix.
Supported rule types
The tool supports all 10 Coralogix parsing rule types:
| Rule type | Key | Description |
|---|---|---|
| Parse | parse | Extract fields from log text using a regex and convert matches to JSON |
| Block | block | Drop logs matching a regex pattern |
| Allow | allow | Keep only logs matching a regex pattern (inverse of Block) |
| JSON Extract | jsonExtract | Extract values from JSON-structured logs |
| Replace | replace | Replace text matching a regex pattern |
| Extract Timestamp | extractTimestamp | Parse a custom timestamp from log text |
| Remove Fields | removeFields | Remove specified fields from log entries |
| JSON Stringify | jsonStringify | Convert a JSON object to a string representation |
| Extract | extract | Extract values using regex capture groups |
| Parse JSON Field | parseJsonField | Parse a string field containing JSON into structured data |
Example prompts
Create a parsing rule
Create a parsing rule that extracts the request_id, method, and path
from my nginx access logs using regex capture groups.
List rules by name
Update a rule
The agent retrieves the rule first, then applies your changes.
Generate Terraform for a new rule
Generate Terraform from an existing rule
The agent retrieves the rule, then renders the Terraform resource definition.
Generate Kubernetes YAML from an existing rule
Create a rule and export
Create a block rule that drops health-check logs from the load balancer,
then generate the Kubernetes Operator YAML for it.
Bulk export
Important behaviors
- Update requires retrieval first. To update a parsing rule, the agent retrieves the current configuration using
getorlist, then applies your changes. - IaC generation requires the full rule definition. For existing rules, the agent retrieves the rule first. For new rules, describe the configuration and the agent generates IaC without creating the rule in Coralogix.
- Rules apply at ingestion. Parsing rules transform logs as they enter Coralogix. Changes take effect on newly ingested data.
- Full type coverage. Every parsing rule type available in the Coralogix platform has a dedicated schema, covering the complete range of log transformation operations.
Next steps
Review the Permissions required to use MCP server tools.